The day Fox's account got hacked -- and how you can learn from his mistakes
Ladies and gentlemen, hello. My name is Fox Van Allen. I've been playing World of Warcraft for nearly four years. And despite all I know and all my warnings I've given you, the reader, it still happened. Last week, I, Fox Van Allen, had my account hacked.
The first question I'm inevitably asked is, "You? What excuse do you have to not have an authenticator?" Well, truth is, I do have an authenticator. I use my iPhone. But one day a few weeks ago, that ever-changing number display just somehow fell out of sync with what WoW was expecting me to enter. Trying to re-sync did nothing. To get back into my account, I had to have the folks at Blizzard take my authenticator off the account.
And that's how it happened. I foolishly forgot to reattach it right away -- I really haven't played a heck of a lot of World of Warcraft on account of my move to Los Angeles. It just wasn't on my mental list of things to do. And wouldn't you know it, barely a week after I had my authenticator disconnected from my account, I started getting emails from Blizzard. Not the usual spam, but legit receipts. Receipts for $105 worth of server transfers and faction changes that I didn't authorize.
That's when the pit of my stomach gave way. I knew immediately the emails were legit. And if the emails were legit, then I had to have been hacked. It's one of the worst feelings in the world.
Those first few moments ...
When it happens -- when you realize that your account is hacked -- I think the first and natural reaction is anger. In my case, the anger was directly squarely at myself. I felt like that kid from every after-school special who didn't use a condom that one time. All the anti-virus software on my computer didn't matter. I never clicked on a single phishing email. I did everything right, except for having the authenticator on at all times. And I paid the price.
Thankfully, whoever it was that took control of my account was not smart enough -- or didn't otherwise have the resources -- to put their own authenticator on it. Accordingly, that was the first thing I did: reattach my authenticator to lock the bad guys out. I changed the password on my Battle.net account, too.
The character transfers never happened, possibly because I shut the hacker out in time or possibly -- heck, likely -- because they used a stolen credit card (read: not mine) to pay for them. I should be so fortunate that only my virtual fortune was put at jeopardy and not my actual real-life bank accounts.
Surveying the damage
Once my account was resecured, the next thing I did was log into my account to see the kind of damage done. And like a low-laying area in the path of a hurricane, the damage was complete and total. Each and every character I owned was naked. Each and every bank tab was empty. Characters that had once had bankrolls in the hundreds of thousands of gold now sat at a few paltry silver each. Every single copper I had worked to earn over the past four years had been mailed off to anonymous gold buyers.
There was really only one thing I could do at this point: submit a GM ticket using the Battle.net website. I was totally up front and honest:
Dearest random GM,
It appears that, sadly, my account was hacked earlier today. All my possessions have been sold off/disenchanted, and my once grand bank account has been reduced to next-to-nothing.
Best I can tell, the following characters were affected:
ALL OF THEM. :||
I feel super dumb and stupid over the whole thing. I usually have an authenticator attached, but I had to remove it a few weeks ago when the game would no longer let me log in. I forgot to reattach it, and ... well ...
On June 5, I sent off my message. It wouldn't be until June 8 that I got a reply.
Over? Not quite.
Blizzard has seen a lot of cases like mine over the years -- probably too many. The GMs know the signs of a clear-cut hack when they see it. All my lost gold was restored, alongside all my lost items. For each and every character. Items taken from my guilds' banks were also returned. I was thrilled.
For those not familiar with the process, you're essentially sent in-game mail with all your items attached. It's not a perfect process. Random gear, such as equipment won from the Throne of the Four Winds, is re-randomized. Enchantments are lost. Even though you get everything back, it's still a long, arduous, gold-heavy process to get your life back exactly to where it was.
But once your items are all restored and in your hands, there's one more indignity just about every poor hacked fool must endure -- that of the permanent ban.
And the wait continues ...
When your account is compromised, the bad guys wind up setting off a whole lot of red flags over at Blizzard HQ. The sheer amount of gold my account was trafficking made it quite clear that something questionable was going on. And because the computer's left hand was unaware of what the computer's right hand was doing, my account wound up getting "permanently disabled."
I didn't learn my account was disabled until I was ready to sign on for my Wednesday raid this week. Frustrating? You bet. But again, I have no one to be mad at here but myself. Blizzard is doing its job, and had my account not been recovered, I'd have wanted them to have done exactly what they did: Stop the bad guys' ability to use my account for the purposes of evil.
So, on June 13, I sent off another message to the GMs. Again, I had to use Battle.net -- the Blizzard phone lines were not able to take my call, and the email address given by the error message at login is no longer manned.
Two days later, I continue to wait. I'm rather calm about the whole situation -- I've seen enough unfortunate situations such as mine such that I know how they resolve. My account will eventually be unbanned once a human looks at all the evidence. I just need patience.
Lessons learned
Having your account hacked is very similar to what happens if you're a victim of a real-life identity theft. You're not ultimately held responsible for the actions of the bad guys. You don't have to pay those credit card bills strangers ran up in your name, and your in-game items do get restored.
That said, though, nothing is ever the same. You retain this feeling that you've been violated -- that none of your online interactions are safe and secure. You have to put in an extraordinary amount of time and effort into undoing the damage done, sending emails to the right people, and trying to re-secure accounts. Huge amounts of time and money are lost, all because of one little avoidable mistake.
What's the key takeaway here, boys and girls? Use an authenticator. Period. Your account isn't safe without one, even for a few moments. Because as my story shows, a few moments is really all it takes to lose everything.
