wow-hacking
Latest
The day Fox's account got hacked -- and how you can learn from his mistakes
Ladies and gentlemen, hello. My name is Fox Van Allen. I've been playing World of Warcraft for nearly four years. And despite all I know and all my warnings I've given you, the reader, it still happened. Last week, I, Fox Van Allen, had my account hacked. The first question I'm inevitably asked is, "You? What excuse do you have to not have an authenticator?" Well, truth is, I do have an authenticator. I use my iPhone. But one day a few weeks ago, that ever-changing number display just somehow fell out of sync with what WoW was expecting me to enter. Trying to re-sync did nothing. To get back into my account, I had to have the folks at Blizzard take my authenticator off the account. And that's how it happened. I foolishly forgot to reattach it right away -- I really haven't played a heck of a lot of World of Warcraft on account of my move to Los Angeles. It just wasn't on my mental list of things to do. And wouldn't you know it, barely a week after I had my authenticator disconnected from my account, I started getting emails from Blizzard. Not the usual spam, but legit receipts. Receipts for $105 worth of server transfers and faction changes that I didn't authorize. That's when the pit of my stomach gave way. I knew immediately the emails were legit. And if the emails were legit, then I had to have been hacked. It's one of the worst feelings in the world.
Email confirmation added to authenticator setup to foil hackers
For a while now, account thieves have been putting authenticators on their stolen accounts to buy more time for their scumbaggery. Blizzard has recently made that more difficult by requiring email confirmation when an authenticator is added to a Battle.net account. Rather than just logging in and putting in the appropriate information, you now have to follow the steps in a confirmation email sent to the address registered in your Battle.net account. Note: Changing the email address on the account requires not only your password (which the account thieves already have at this point) but also the answer to your security question. So make sure the answer to your security question is not guessable or obtainable by any phishing information. As I have suggested before, if you use a password for your security answer rather than an actual answer, you are adding a very thick level of security. Make it a separate password you use just for security questions, like p45sw0rd (don't use that one). We don't know how long ago Blizzard added email confirmation The email confirmation has been active since July 27 and we believe it will reduce the workload of Blizzard's customer service. More importantly, this will make getting your account back less painful. Of course, the best way to prevent someone from stealing your account and then adding an authenticator to it is to put an authenticator on it yourself. There are keyfob and mobile versions available. [Thanks for the tip, Joel!]
New scam tries to give you a free Celestial Steed
One of the sadder parts of this job is reporting on the numerous scams that sweep across the World of Warcraft landscape. It's no secret that your WoW account is valuable to thieves -- the entire gold-selling industry is built on a foundation of hacked accounts and stolen items. Their latest scam vehicle? Our inherent desire for sparkle ponies. Let's get two things straight off the bat: You did not just win a free Celestial Steed mount. That in-game tell is an attempt to steal your account. No one just bought you a Celestial Steed mount. That email you got is an attempt to steal your account If it sneaks by your spam filter, the latest scam email can be quite convincing. The message, which appears to be from sales@mail.blizzard.com, masquerades as a receipt for the purchase of the $25 Celestial Steed mount. Of course, the email is not actually from Blizzard (the "from" email is spoofed), and the links to Battle.net and Worldofwarcraft.com inside send you to a phishing website designed to steal your password or infect your computer with a keylogger. Attempt to collect your sparkle pony, and within a few short hours, your entire account will be under someone else's control. If you haven't put an authenticator on your account, the scammers will do it for you, locking you out of your own account and severely hampering your ability to get it back. More information on the latest scam, what you can do to protect yourself and what to do if you're a victim, all after the break.
Breakfast Topic: Are private servers really that bad?
Blizzard has a very clear line on private servers: they are against the rules. If you have one or play on one you're going to get in trouble. Your account will get shut down and you'll likely face some legal issues if you don't capitulate to their demands.However is their stance right? Are private servers really that big of a deal?There are two ways that I look at the issue. One way is to view the issue through the lens of morality and legalese. In this respect Blizzard is on solid ground. They own Warcraft and all the associated games, and they own the servers we play on. When we buy the game we're not buying the property. We're buying the right to use the property as long as we keep paying a monthly fee, and as long as we operate within their guidelines (the terms of service).Some might contend that there is an innate right to privacy in the fact that after we've purchased the game (and its associated data), Blizzard has no right to tell us what to do with it or to find out how we're using it. I'm not a lawyer, but some are, and there's an interesting debate to be had here.
