account-security
Latest
WildStar offering a free mount to players with 2-step verification
Do you have 2-step verification on your WildStar account already? The team at Carbine Studios really wants you to, since the added layer of security helps ensure that no one steals your stuff. So you're getting a little added incentive starting on July 10th -- a free bike! The Retroblade mount is free to all accounts with 2-step verification starting tomorrow, while everyone without 2-step verification will simply have to stare at your new ride with envy. Or, you know, get verified. This bonus is in addition to the existing benefits offered by the verification process, which includes a cosmetic headpiece, a title, and a 2% experience boost on all characters. Plus confidence that your account won't get stolen, which is also fun. The announcement has more details about the process if you haven't already gotten in on the verification train; all you'll need is a smartphone and a few moments to log in.
Secure both your WildStar account and cool bonuses with Google Authenticator
WildStar players making plans to jump into this weekend's headstart now have one more thing on their preparation list: to connect their accounts with Google Authenticator. Carbine Studios is offering several goodies for players that make their account extra-secure with Google's two-step authentication. These bonuses include a cybernetic eyepatch, an in-game title, and a 2% bonus to XP, renown, and prestige. You'll need to download the Google Authenticator app and connect it to your NCsoft account to secure these bonuses. WildStar Report has the step-by-step directions for those interested.
Mobile authenticator app update for iOS is coming soon
If you use the mobile authenticator app on your iPhone or other Apple device, an update is going to be rolled out soon. This update will give the app full compatibility with iOS 7 and have an appropriate resolution for the iPhone 5 and 5s. The snag here is that when you update, the app may lose track of the fact that it's your authenticator -- and that can lock you out of Blizzard games. To make sure you don't get locked out, before you upgrade you'll want to write down your restore code: from the app menu, click setup and then continue. You'll have a serial number and a restore code here which you can write down or take a screenshot of for reference. Then, if your new app isn't working, open the menu, click restore, then "I want to perform a restoration," then enter your serial number and restore code. If you haven't already, you can also set up SMS protect, which allows you to remove a broken authenticator -- or broken authenticator app, in this case -- from your account via a text message to your phone, so you can detach the old authenticator and connect a new one. Anyone who has their iPhone set to automatically update apps should be especially wary, as this means your authenticator app will update as soon as the update appears on iTunes. Make sure you're ready for the update so you don't get locked out!
The Heartbleed bug and its effect (or lack thereof) on Battle.net
The Heartbleed bug, as it's been dubbed, is certainly hot news lately, with various sites being impacted and password reset advice abounding. But Blizzard has some good news: Battle.net was unaffected. However, the advice is to change your password if you used the same one elsewhere. This is especially true if you're using the same email and password combination as you use for your Battle.net account on other sites. A big way that players get hacked, especially those without authenticators, is that their guild forums get hacked, or their email gets hacked, or their Facebook. Once those username and password combinations are known, it's possible for hackers to try them in various different places, one of which might be your Battle.net account. So be careful, mix up your passwords, and in light of these recent security issues, consider changing your passwords. It's also a good idea, again as a general rule, to get into the habit of changing your passwords fairly regularly, for everything. So now might be a great time to start, even though Battle.net is unaffected by the recent issues. Hit the break for Blizzard's full post.
The Art of Wushu: Hacking and account security
When people say they get hacked in online games, I always assume it's the user's fault. The one time I was ever hacked, I could trace it directly back to a situation where I knew my username/password was compromised and I used the same set anyway. Ever since then, I've used more secure logins and passwords, and I've never had an issue. Age of Wushu has come under fire recently for a large string of hacks, and I jumped to the same conclusion. These hacks always seem like a big deal to the people who get hacked, and Age of Wushu is the kind of game where people are incentivized to steal other peoples' stuff. It's natural that people would hack forums or other less secure places and use that information to get whatever accounts they could find. But I've started hearing rumors that people are getting hacked in spite of randomized passwords. One player told me of a friend who deliberately posted a valuable commodity in world chat, traded it to an alt, and logged in the original character later to find that the first character had lost all of her money. Is there something going on?
Blizzard update on dangerous Trojan
WoW Insider reported recently on a dangerous Trojan that was, at the time, not removable by any known antivirus program. Vigilance was advised by the Customer Support agents, and logs from anyone who was affected by the Disker trojan were requested. Thanks to the hard work of the Blizzard Support MVPs, a solution has been found. Kaltonis Our pleasure! To summarize for those of you that haven't read the green posts: -The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there. -At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread. -Thanks to Ressie's efforts, most security programs should be able to identify this threat shortly, if not by the time I type this. -If you were compromised, follow the instructions here and we'll do our best to set everything right (as we always do). -For those of you interested in these MitM style attacks, this is the only confirmed case we've seen in several years outside of the "Configuring/HIMYM" trojan in early 2012 that hit a handful of accounts. These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe! source
Blizzard Customer Support warns of dangerous Trojan [Updated]
Blizzard Customer Support Agent Jurannok has taken to the forums to warn players of a dangerous Trojan -- a virus that can enter players' accounts even if they have an authenticator. Update -- A solution has been found. Jurannok Hello, We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them. If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this: Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup source
Resolve to improve your account security in 2014
Blizzard's European Customer Support team has invited players to make a New Year's resolution that we at WoW Insider can definitely support. It's easier than giving up chocolate, and probably more useful than that gym subscription you were planning on getting. Thinking about New Year's resolutions? Improve your account and computer security! http://t.co/8mO7przV68 #SafeGaming - Blizzard CS EU (@BlizzardCSEU_EN) December 28, 2013 Following the link in the tweet above will take you to their page on account security that is just packed with helpful tips to secure your battle.net account, and your computer. Some of the most common causes of account theft relate to lax security on the side of the user, and following these tips can really help you avoid that. There's also legitimate links to all the major sources of free anti-virus software, and the article is packed with other tips to avoid things like phishing sites, spyware, and malicious processes. In the absence of physical items on the battle.net store, there's also advice on retailers that can sell you authenticators.
Heading out of town for the holidays? Don't get locked out of WoW!
Over on /r/wow/, Blizzard CS rep Araxom offers some tips to avoid getting locked out of your WoW account if you're traveling this holiday season. Logging on from a different physical location can trigger some security features on Blizzard's side -- especially for accounts that don't have an authenticator attached. Avoiding holiday account lockouts is pretty simple: Make sure you have an authenticator attached to your account, which makes it less likely your account will get locked for something like this. (And if you use the mobile authenticator app, be sure you have your restore code written down or screenshotted in case you run into issues with your phone.) Enable SMS Protect, which can let you bypass your authenticator using your cell phone if you run into any problems. Both of these are generally good ideas, but during the holidays having the right security setup can mean the difference between relaxing with some WoW and wrestling with resetting your password -- and we're pretty sure you'd all prefer the former. Not sure where to get started with account security? Check out our security guide for a walkthrough.
Age of Wushu promises latency improvements and matrix authenticator
In a new set of questions and answers from the Age of Wushu community, Snail Games promised that North American players experiencing lag will soon see relief. "We are taking serious measures to solve the latency problems after escalation," the devs promised. "Server fixes are already on their way. Players in North America will see considerable improvement starting from this week!" The devs said that a mobile matrix authenticator is coming later this month to provide better account security. "Think of it as a private Bingo card that works as a key to your account," Snail PR explained. A separate mobile authenticator is being worked on for iOS and Android, but no release date has been set. The Q&A article covered other topics such as the cash shop skill, bug fixes, cross-server interactions, and unnecessary chat spam. For those interested in Age of Wushu's upcoming Steam release, the devs said that this is still in the works but currently there is no release date set. In a separate post, the studio announced that the Phantom Twin Dagger skill set will be coming to the game next week. [We erroneously reported the matrix as a mobile authenticator and have corrected the article accordingly.]
CCP adds email verification to EVE Online accounts
Immigrants to EVE Online's New Eden will have an extra layer of security as of today, with CCP rolling out mandatory email verification to all new accounts. Email verification is the first of several upcoming security improvements for EVE, one that brings the 10-year-old game closer in step with more recent releases. The process will be familiar to MMO veterans: When creating an EVE account, all new players must validate the registered email address by following instructions provided in an email from CCP. Existing EVE players have the option of verifying their email addresses as well; a new "Verify Email Address" option has been added to the game's account management page. CCP encourages all users to log into EVE's account management system to ensure their information is correct and to take advantage of the new verification system.
League of Legends compromised; North American accounts and transactions accessed
Riot Games has just issued a letter to League of Legends players revealing that North American account information has been compromised by hackers. According to the message, usernames, email addresses, "salted password hashes," and real names were accessed. Riot insists that password information is unreadable but that players with easy-to-guess passwords might be at risk. Also accessed were hashed and salted credit card numbers from around 120,000 transactions made in 2011. Riot noted that the payment system in question has not been used since July of 2011 and that it is "taking appropriate action to notify and safeguard affected players." If your information was affected, you will receive an email from Riot. All North American players will be required to change their passwords "to stronger ones that are much harder to guess." In the meantime, keep an eye on your accounts for any suspicious activity.
How to secure your World of Warcraft account
Whether you're just getting started or you've maxed out the number of characters on your World of Warcraft account, your account is valuable to hackers. And if they happen to steal your account, it can be a pain -- and a long wait -- to get it back to you. All of this makes securing your World of Warcraft account serious business. But fortunately, it's easy enough to keep your account under (virtual) lock and key by taking some precautions in advance -- and when we say "in advance," we mean these are things you should do right now. We'll walk you through the very basics of keeping your account secure with a good password and an authenticator. Read on for all you need to know about getting started with good security!
Security warning issued by Blizzard, World of Warcraft mobile auctions offline
Blizzard Entertainment has issued a security warning for all World of Warcraft players. According to the warning, the studio has been tracking an uptick in unauthorized logins via both the website and the World of Warcraft mobile armory application, with individual warnings being sent to any players who do not have an authenticator and whose accounts have recently seen unusual activity. Players in this group should check their emails for information about resetting and securing their accounts. Aside from encouraging all players to take extra steps to secure their accounts, Blizzard has temporarily shut down mobile access to the World of Warcraft auction house as an added security measure. Customer service will restore any items or currency lost as a result of this action. There's no information that this represents any kind of mass hacking, but it's probably best to change your password and get an authenticator if you don't already have one.
World of Tanks' account security compromised
If you have a World of Tanks account, you will want to change your password. Developers report that "some personal information may have been compromised due to a security incident." Time to change the locks on your tanks, folks. Thankfully, you gain more than just personal peace of mind by taking the time to change your account security information. Wargaming.net is rewarding each customer with 300 gold when his or her password is successfully updated. Changing your password is simple: Just log into your account management page and fill in the appropriate blanks. Wargaming suggests that your new password consist of capital letters, lowercase letters, and numbers. The devs also say that the longer your password is, the better your protection becomes. This a very important tip considering your Wargaming ID carries across all current and future Wargaming.net games, like the upcoming World of Warplanes.
Just how safe is your online account?
This week is Gamer Safety Week, and we hope you got your Gamer Safety Week shopping done early because the malls are packed! The Merchant Risk Council's (MRC) Gamer Safety Alliance (GSA) wants to help you be the safest online netizen that you can be by raising awareness for this second annual event. After a few bad years of an account hacking epidemic in online games, this year's Gamer Safety Week theme is "account safety and security in the online world." Tips include adding security proofs to your accounts, keeping hardware and software updated, utilizing phishing filters, creating strong passwords, and more. You can read more about keeping your online accounts safe at the MRC's website.
Heroes of Newerth gets hax0red
It's that special time again -- you know the one we're talking about. The time for all of us to think about our behavior and see how we measure up. It's not Santa that's come to town; it's a security breach! Heroes of Newerth's database has been infiltrated, giving someone access to account and login information. According to an announcement on the game's login page, players are "encouraged to change any passwords that were shared with [their] Heroes of Newerth account" and to not change their HoN password at this time. As everybody does at every single security breach, we'd like to reiterate the importance of using strong and unique -- more unique than strong, if you've got to pick between them -- passwords for all of your accounts. Password managers are your friends.
Guild Wars 2 and the war on bots
A big victory has been won in ArenaNet's ongoing war on Guild Wars 2 bots. Big steps have been taken since the game's launch: As of now, only about 20 bots an hour are reported, compared to over 2,000 an hour just a couple of months ago. ArenaNet has been working on automating the process of identifying and terminating bot accounts, as security coordinator Mike Lewis explains in a new blog post. There's now a pretty high likelihood of stepping into Lion's Arch without getting immediately spammed by five gold sellers. Possibly more importantly, ArenaNet has started offering support for folks whose accounts have been compromised. Account restoration recently got added to the Guild Wars 2 support page, which is something that's been much in demand.
Guild Wars 2 sells makeovers, explains authenticator issue
If you haven't been completely satisfied with how you styled your Guild Wars 2 character to look but don't have the heart (or time) to reroll, ArenaNet has a solution... for a price. The studio added two options to the game's cash shop that allow players to fiddle with their characters' visuals. The new items are a self-style hair kit (which costs 250 gems but can be purchased in bulk) and a total makeover kit (this goes for 350 gems and also has a bulk purchase option). While the total makeover will allow for a change in height, hair, skin, and even gender, it does not include a name change. ArenaNet also addressed an authenticator issue that arose when players noticed that the game stopped asking for the code. It turns out that the team switched to an updated version of the system that remembers computer locations verified by email and will not ask for an authenticator code from that place. Security Coordinator Mike Lewis reassured players that their game was still safe: "Please be aware that your accounts are still protected by the mobile authenticator at this time."
Botters, how do they work?
One of the things almost everyone in every corner of our World of Warcraft can agree upon is that we hate botters... with the possible exception of those that bot themselves. Being the inveterate forum watcher that I am, this forum thread caught my attention. Should World of Warcraft have a system built in to randomly confirm that people engaged in excessive gathering or other 'suspicious' activities are in fact not botting? Well, I hope not the one described, a kind of captcha that would pop up a window needed to be typed into with an answer. That would just ruin gameplay for me the first time I had that pop up. Similarly, I have to agree that hiring thousands of staff to simply monitor for bots wouldn't be time or cost effective. We live at a period in the game where the game has automated a great deal of its customer service, after all. What I really found interesting, however, was Takralus' takedown of a very old argument by players about Blizzard's stance on botting.
