account-security
Latest
The Daily Grind: What would you do if your account were compromised?
There's no denying that MMORPG security issues are on the rise and have been for several years now. As more people flood into the MMO space, script kiddies and social engineers naturally have more targets. Account compromises aren't always the result of end-user ignorance either, as several of us know computer-savvy folks who've logged into their favorite game to find their characters stripped (or haven't been able to log in at all). Some game companies are fighting back, notably Blizzard with its World of Warcraft authenticators and NCsoft with its new Aion PIN system (which basically amounts to a second password). That said, ladies and gents, today's Daily Grind is more concerned with you. Specifically, what would you do (or have you done) if your account were compromised? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
NCsoft answers questions on Aion's new security
Ever been in the middle of a duel with a friend in Aion and watch him (or her) drop offline in the middle of a conversation, then come back online on each alt, strip it down, and sell off everything -- right in front of your eyes? That very scenario has happened to me, and similar situations have happened to others. Even counting RNG rages, nothing really compares to the frustration and heartache of losing all you have worked so hard for in-game, and no one wants to experience this. With this in mind, NCsoft has introduced an extra layer of security -- a new PIN system designed to better safeguard your virtual stash. We were able to speak with Sean Neil, Associate Producer of Aion, and Lance Stites, Executive Vice President of Game Operations and Production at NCsoft West, to bring you the scoop on this new system. Join us past the cut to hear what they had to say.
The Lawbringer: Account security and you
Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play? New players will soon be streaming into World of Warcraft come Cataclysm time, as well as old friends and enemies returning from prolonged sojourns. With these new or old accounts becoming active again, as well as a demand for grey market services increasing with a growing player base, account security is going to be on the tip of everyone's tongue again. For good reason, too. World of Warcraft has had one of the most daunting burdens of any MMO to date in dealing with account security, account hacking and a legal nightmare overseas.
Aion producer letter talks account security, transfers
Aion's been getting a decent amount of press this fall, first for September's Assault on Balaurea expansion and lately due to the uproar surrounding the 2.1 patch. Among other things, 2.1 substantially increased the game's loot drop rates, leading to huzzahs on one side of the aisle and raised eyebrows on the other. Not to be outdone, NCsoft producer Chris Hager recently posted an open letter on the official Aion website, summarizing both the aforementioned changes and hinting at a few things to come for the world of Atreia. Hager gives a heads up regarding the final day for the free character transfers that have been ongoing since the summer. January 5th is last call, so make sure you've got your Elyos or Asmo where you want him. Hager also mentions the fact that NCsoft is taking steps to increase account security, an issue that has plagued Aion since its launch in 2009. "We are stepping up our efforts and introducing a new secondary PIN system to Aion that will provide an additional layer of security to our players. This service will go live on December 1, 2010, and we will post a full FAQ in the coming days explaining exactly how it will work," he writes.
Blizzard introduces Dial-in Authenticator
If you do not have an authenticator or mobile authenticator on your account, Blizzard has just introduced an alternative. The Dial-in Authenticator, now available for those without authenticators, is a new Battle.net feature that will hopefully help those players who don't have some sort of authenticator already on their account. Here's how it works. When you sign up, you'll be asked to make a toll-free call from a specific phone of your choosing to authorize login attempts with the battle.net account. You get to assign the phone number that is used, and if there is something unusual about the login attempt on your account, you'll be asked to call the toll-free number to verify you are you. An example of unusual activity would be playing from a different location than you normally do. In other words, if a keylogger gets hold of your account information and attempts to log in, they'll be prompted to call the number -- and they won't be able to go any further, because they don't have your phone and they don't have your PIN. You will only be asked to call if it's an unusual login -- otherwise, you can continue to log in and play with no worries. The Dial-in Authenticator is currently only open to U.S. residents, and it only covers World of Warcraft accounts -- although Blizzard may update it to cover more countries in the future, as well as StarCraft 2 accounts. In order to sign up for the Dial-in Authenticator, you must log into your account on Battle.net, then go to Security Options and choose to add the Dial-in Authenticator. If you already have an authenticator on your account, you must remove it in order to sign up for the dial-in service; you cannot use more than one security method at a time. For more information on the service, check out the official FAQ on Blizzard's website.
The Lawbringer: Real money transactions and some eBay history
Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play? eBay and massively multiplayer online role playing games have a deep, rich and occasionally sordid past. As social beings, we've been bartering, trading and selling our time and goods for the entirety of human history. The internet just made things even easier. Hell, buying some gold or an item off of eBay isn't the first time you've probably spent money for a work-around in a game. Ever heard of Game Genie? We paid money for that at one point in our lives. This week, The Lawbringer delves into the past, remembering the good ol' days when the internet came in three varieties: 28.8k, 33.6k and 56k v.90. Also, 14.4k, but only losers had such weak baud. Please don't make me go back further in time. You're probably making modem sounds right now, pretending to go ksshhhh ksshhhh bee doo be dooo wha wha wha wha wha wha wha beeboobeeboobeebeeboobeep, so we should probably start this up.
Battle.net authenticators limited to one account
Blizzard is changing up the security on their authenticators a bit. This isn't a major change and shouldn't affect that many people. Starting now, if you happen to have multiple Battle.net accounts (not multiple WoW accounts under one Battle.net account), then each account must have its own authenticator. This means if you have separate Battle.net logins for zergrush@somedomain.com and taurenfever@example.com and you want to use an authenticator, you'll need to buy two. If you've just got taurenfever@example.com and all of your games are under that Battle.net login, then you're perfectly fine. This is not retroactive. If you already have two accounts linked to a single authenticator, everything will still work as it does right now until you unlink that authenticator. The full blue post detailing the changes is behind the cut below.
Blizzard announces automated account recovery form for hacked accounts
World of Warcraft accounts have been under siege for years, with hackers and gold-selling outlets stealing passwords, items and more to fill their coffers, selling that gold to unwitting buyers. Blizzard has fought back incessantly over the years to stem the tide of gold farming and account hacking, and as you can imagine, the scale at which this happens is very tasking on its customer support department. Blizzard has just announced a new, speedier way to get help and answered about your hacked account, stolen items, authenticator issues and more! Now, under the new system, you will not have to email or call Blizzard to get these matters into its queue -- simply use the Account Recovery Form.
Adobe announces new Flash security vulnerability
On Sept. 13, Adobe Systems released a security advisory detailing a vulnerability in its Flash Player 10.1.82.76 for earlier versions of Windows, Mac, Linux and Solaris, and Adobe Flash Player 10.1.92.10 for Android. The vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and Unix and Adobe Acrobat 9.3.4 for earlier versions of Windows and Macintosh. The vulnerability allows remote attackers to cause a denial of service crash and execute a code to take control of your system by delivering this malicious code through a specially crafted PDF or Flash file. For WoW players, this can mean infection by keyloggers that could potentially steal your login information and compromise your account. Adobe Systems is working on a patch to stop this type of attack from being possible and plans to make it available the week of Sept. 27, with plans to update Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4 the week of Oct. 4.
Runes of Magic team implements account security improvements
Account security has been a concern for Runes of Magic players lately, and Frogster has been paying attention. Community Manager Mike "Silberfuchs" Kiefer posted a fairly impressive list of improved security methods on the Runes of Magic forums, detailing some important changes. Players now have different options and methods for changing all usernames and passwords, and there are some new password requirements. Account and IP blocks will come into effect under certain circumstances as well. Gold sellers also took a hit as a part of this new effort. Frogster has managed to obtain "an injunction against a number of goldsellers as well as companies and individuals offering leveling services," and those undesirables are being removed permanently. Check out the forum post for all the details on how this will affect your account.
Blizzard responds to common Real ID concerns
Nethaera (Blizzard community manager) posted answers to some of the common Real ID questions and concerns on the forums today. With the PR disaster that was Blizzard's original Real ID on the forums concept, a follow-up aimed at easing tensions in the community -- even after the retraction -- was to be expected. While Blizzard offered some good news on things people have been requesting, they also dodged other points for the moment in true Blizzard style. Some highlights from the announcement: no current plans for an online handle to be used in game with Real ID instead of your name feature to disable your name's appearance in Friends of Friends list coming around the time of StarCraft II plans for some sort of unique ID on the WoW forums The full announcement is after the break.
SOE issues security alert for EQII and Station accounts
Ho hum, another week, another email phishing scam, not exactly news right? Well, this time around, Sony Online Entertainment thinks it is serious enough to issue a security alert via the official EverQuest II website, warning players to safeguard their login information and ensure that it is only used on the official SOE site. While details on the new scam aren't clear, it's a safe bet that it has to do with exploiting a similar URL, as SOE explicitly states the legitimate login URL (http://auth.station.sony.com) in its press release. With the explosion in online gaming popularity across diverse cross-sections of the general public in recent years, it's no surprise that account hacking is also on the rise, as gamers are no longer the tech-savvy demographic they once were. If you do suspect that your EQII or Station account has been compromised, you can email or chat live with SOE customer support.
A cautionary tale of account security in Club Penguin
Many MMO gamers have children who are eager to jump into the online world but are unaware of the dangers that lurk there. While many kid-friendly MMOs have systems to guard children from unwelcome contact and identity theft, they still require the assistance of parents to teach their kids how to be safe in games. The Ancient Gaming Noob's Wilhelm recently shared a cautionary tale involving his daughter, Club Penguin, and a breach of account security. Even though she was cautioned not to share a list of details with anyone in game, all it took was the offer of a special item to get her to give up her account name and password to a stranger. This resulted in a headache, as the account was banned, and Wilhelm went back and forth with Club Penguin to re-establish his daughter's account and security. In the end, he found that Club Penguin's security was just as questionable as his daughter's judgment, and passed this story along to the rest of us in an effort to guard our own young ones from this unfortunate event. Considering that account security, personal identity and privacy are hot topics these days, we feel that this story is an eye-opener as to how far both game companies and families have to go to protect our loved ones from being exploited. You can read Wilhelm's full account over at The Ancient Gaming Noob.
New scam tries to give you a free Celestial Steed
One of the sadder parts of this job is reporting on the numerous scams that sweep across the World of Warcraft landscape. It's no secret that your WoW account is valuable to thieves -- the entire gold-selling industry is built on a foundation of hacked accounts and stolen items. Their latest scam vehicle? Our inherent desire for sparkle ponies. Let's get two things straight off the bat: You did not just win a free Celestial Steed mount. That in-game tell is an attempt to steal your account. No one just bought you a Celestial Steed mount. That email you got is an attempt to steal your account If it sneaks by your spam filter, the latest scam email can be quite convincing. The message, which appears to be from sales@mail.blizzard.com, masquerades as a receipt for the purchase of the $25 Celestial Steed mount. Of course, the email is not actually from Blizzard (the "from" email is spoofed), and the links to Battle.net and Worldofwarcraft.com inside send you to a phishing website designed to steal your password or infect your computer with a keylogger. Attempt to collect your sparkle pony, and within a few short hours, your entire account will be under someone else's control. If you haven't put an authenticator on your account, the scammers will do it for you, locking you out of your own account and severely hampering your ability to get it back. More information on the latest scam, what you can do to protect yourself and what to do if you're a victim, all after the break.
The Daily Quest: Feeling safe and warm
Here at WoW.com, we're on a Daily Quest (which we try to do every day, honest) to bring you interesting, informative and entertaining WoW-related links from around the blogosphere. Is there a story out there we ought to link or a blog we should be following? Just leave us a comment and you may see it here tomorrow! Take a look at the links below, and be sure to check out our WoW Resources Guide for more WoW-related sites. For many realms, Ruby Sanctum is up and running, and Halion's being smacked around by countless guilds (check out our Halion guide to learn how your guild can smack him around, too). With Ruby Sanctum as the last raid before the release of Cataclysm, players are still looking forward to the Cataclysm beta. With the beta now up and running, players are subject to piles of false email and announcements from people trying to steal valuable account information. With all these scammers trying to worm their way into player's accounts, how about we take a visit to that ever-pertinent blogging topic, account security? Letters from Birdfall has some wise words about security programs and what you can do to avoid the dangers of keylogging. Slice and Dice talks about safeguarding your guild bank. Flame Shock talks about phishing emails, what to look for and how not to write them. Now that we're feeling a little more secure, let's visit Oddcraft and get warm and cozy with a statement from A Basic Campfire.
Drama Mamas: Hacking a friend's account
Drama Mamas Lisa Poisso and Robin Torres are experienced gamers and real-life mamas -- and just as we don't want our precious babies to be the ones kicking and wailing on the floor of checkout lane next to the candy, neither do we want you to become known as That Guy on your server. It was really hard to choose from the many dramalicious emails we got this week. So much drama, so little time. I'm happy we have so many topics to choose from, but sad that so many of you have to go through so many dramafied situations. This one really did stick out as pretty dramarific, however. Dramarily! Drama-lama ding dong! Dramastified. OK, I'm drama-done. Turn the page for all the dramaness.
Reminder: Save your mobile authenticator serial number before you upgrade your iPhone
If you're using a mobile authenticator on any kind of phone or mobile device, it's important to remember that it's fairly easy to ensure that you can use it again quickly after the phone gets any sort of update or patch. All you need to do is write down the serial number of the authenticator application you have on your phone. This way, if you need to deauthorize for any reason (or an update causes any issues) you can do so quickly and easily at battle.net without having to wait for a phone service call or what have you. This is particularly important for those folks getting the latest iPhone OS, iOS 4. If the upgrade goes haywire for any reason, you'll likely lose all your data off the phone; including the authenticator serial number. This means if you're going to upgrade your iPhone, iPod Touch, or iPad to iOS 4, you must write down your authenticator serial number to be safe.
Final Fantasy XI accounts compromised
With the highly anticipated June version update just around the corner, the last thing that Final Fantasy XI players want is something to distract them from the promise of wonderful things in the near future. But it's hard to ignore something as significant as a security breach, and that appears to be what has happened to the game. According to an official statement from Square-Enix, an external attack on their servers resulted in a potential compromise of some of the game's account information, although the statement was quick to point out that no payment information was violated. That alone would be bad, but the actions taken by Square-Enix to inform players have been a bit haphazard, including prolonged outages of the North American customer service department. Many players have had their passwords reset, in some cases resulting in their accounts being outright locked with no way to regain access. Players are encouraged to check their email and ensure that they can still log in to the game as before, and to contact customer service if they're unable to log in to Final Fantasy XI or the PlayOnline service.
New issues with Adobe Flash, Google search links could compromise your account
We have news of two new tricks hackers are currently using to steal WoW accounts. First, from Curse, comes news of a Google sponsored link that claims to lead to the popular addon manager Curse Client, but instead leads to a malware download. To be absolutely safe, you should always only download the client from http://www.curse.com/client. In addition, Blizzard is warning that Adobe Flash version 10.0.45.2 contains a critical vulnerability that could be used to install a keylogger on your computer in order to steal your WoW account info. You can avoid this issue by installing Adobe Flash version 10.1 Release Candidate 7, which does not appear to have the same vulnerabilities.
Real ID security concerns
Ever since the Real ID friend system was announced, players have voiced concerns about hackers and phishers exploiting this system. They're worried that hackers will move through a group of Real ID friends like a wildfire during a drought. While it is always good to have concerns about account security, sometimes paranoia is a bit too much. Yes, you do need your friend's email address to add them as a Real ID friend. However, that is the last time you'll ever see that email address in your game client -- once you hit the "Send Request" button, that's it. There is no way to look up that person's email address from the interface again. The only personal information in the client after that is your friend's name. Just remember that this system is meant for your real-life friends and family and not for some guy who was a good healer in your ICC PUG last week. If you don't know where to go to knock on the person's door if something happens to your account, then don't share your email address.
