Oh Noes!!!1!1!1one: I've been hax0red!

On Saturday night I noticed a guildie acting strangely. He kept switching between characters and wouldn't respond to tells from even his closest friends in the guild. Concerned about him, we gave him a call... on the phone, to see what was up. You guessed it, he was nowhere near his computer at the time. He went to log in and found his password was changed. Unfortunately, he had also forgotten the correct response to his secret question "What is your favorite activity?"

The hacker kept running in and out of the Shadow Labyrinth. I checked the customer service forums and found that this was common behavior among hackers. Either there is an exploit in that instance, or hackers just really enjoy hanging out with Blackheart the Inciter. I'm leaning toward the latter.

I also found that I was not able to seek help in this matter, that a game master would only take action for the owner of the account sending a message from the (compromised) account. I did the only thing I could do: I called the guild master and asked him to kick the hacked player from the guild. (Note to self: calling the GM at 2AM is a bad thing.) Interestingly enough, the only things ninja'ed from the guild bank were of little value like stacks of uncut Golden Draenite and Netherweave Cloth. Two days, and an exhaustive list of humorous yet largely unhelpful, suggestions later, he's got his account back with a nerfed rogue, a naked shaman, and a massive list of blue-quality items on the auction house.

Of course the question arises, how did the hacker get a hold of this guy's account info in the first place. We suspect that since his home computer was indisposed, he was likely keylogged while using a local LAN center to get his WoW fix. Lesson learned and computer fixed. If you do have to play on a foreign computer, you might want to consider copying and pasting your username and password so that there is no chance for this information to be keylogged. Vrakthris posted a guide to what happens in the recovery of a compromised account on the customer service forums.

Eyonix has recently posted a reminder about account security in the official forums. The post indicates that players should always use the Blizzard launcher to start the program and to maintain updated operated systems. Eyonix asks users report suspicious links or programs.

You and I can learn take away two important bits of information from this experience. First, if a guildie begins acting in a suspect manner, especially if it involves S-labs, it's probably best to contact them outside of game as quickly as possible. Also, it's definitely advisable to choose something a little less ambiguous for your secret question than "what is your favorite activity?"


EDIT: Added Blizzard's suggestions for account security.