Comments on: No end in sight to hacking of 'WoW' accounts

'Tens of thousands' of players' accounts have been compromised with keylogging exploit, security experts say.

[timcoyote]

DM

Sounds like this game needs a higher level Dungeon Master.

[Christopher Hall]

Loser!

Dungeon Masters don't have levels! Hahahaha! *snort*

:P

[NextGen_MMO]

<a href="http://www.blizzards-next-generation-mmo.com/battle-net/account-security/">Securing your Battle.net and World of Warcraft Account
</a>

[kpitts]

Ironic advertisments

The "thriving black market" is evident by the Sponsored Links on this very page:

Sponsored Links
Buy or Sell WOW Accounts
Visit Web Site Buy or Sell Your World of Warcraft Accounts from Any US/Euro Servers
www.gamepal.com
World of Warcraft gold
Visit Web Site Cheap Price & Fast Delivery! 24/7 Live Support, Purchase Now!
www.power4game.com

[ballssalty]

What are you talking about?

There are no sponsored links on this page.

[tvgeek1]

Blizzard and their lies.....

There blizzard does not check the system, it only checks their system folder where WOW is located. Also, useing anti-virius programs and spy alerts do not always catch key logging software. Does blizzard want to stop blameing others or do they want to finally take responsilibity. I had my account banned by them when I didn't even play for a month. I have all the software for security and they clame it was somebody two people logging in from different places. I hadn't used my account at all and when they looked into the matter further there logs didn't even show that anybody logged in for the month. So, blizzard needs to admit the truth that they have a problem keeping peoples accounts closed and out of internet view on the corp. level.

[rockstarstatus]

check your puctuation and your grammar...

if you don't it's like mumbling when you speak. Unintelligible.

[protagonistic]

RE: Blizzard and their lies.....

Talk about blaming others for your problems... I fail to see how
it is Blizzard's fault because people who choose to run Windows
choose not to ensure their system is adequately protected. Are
you seriously suggesting that Blizzard take responsibility for an
insecure OS that they did not have anything to do with creating?

Since these compromises are happening on the users system
and not Blizzards servers it is not Blizzard's fault. If a users
system gets hacked because they failed to properly protect it
then it is their own fault. If you get hacked on your own system
don't come looking for sympathy.

[CommandHerTaco]

Blah blah blah . . .

blah blah blah they clame . . . LMAO

[Nneuromancer]

Yes

They got nothing from me, Blizzard GAVE them a NEW PASSWORD to use to get into my account and now everything is gone. I check my computer for everything, and if for some reason a keyloger did get on, why only 1 acount, why did they have to change the password to get on my account?

Why did Blizzard change it to where passwords are nolonger case senctive? Why don't they send an auto reply email when your account has been updated/changed not only to let you know of the activty, but also to help better track hacks?

[NextGen_MMO]

[url=http://www.blizzards-next-generation-mmo.com/battle-net/account-security/]Securing Your World of Warcraft and Battle.net Account[/url]

[cablemaker]

Only because he was Press

I had the same thing done with my account, and Blizzard refuses to reinstate it. Funny how things get reversed for people in the media.

[JJWhitney]

Keep Trying

2 members of my guild had this happen to them and both of them got their items back. Just keep trying.

[bradyme]

There is look at the bottom

There's not? And who says this isn't illegal. Google ads just popping below this associated article.


* Buy or Sell WOW Accounts
Visit Web Site Buy or Sell Your World of Warcraft Accounts from Any US/Euro Servers
www.////removeditrbecausethatsjunk////.com
* World of Warcraft gold
Visit Web Site Cheap Price & Fast Delivery! 24/7 Live Support, Purchase Now!
www.////removeditrbecausethatsjunk////.com
* Get 1 Million Exp An Hour
Visit Web Site In World of Warcraft! Money Back Guarantee - Only $21.99
www.////removeditrbecausethatsjunk////.com

(About)

so otherwords these websites make money off taking advantage of someone and stealing their account. These are the SAME PEOPLE! Cnet! Loook !! Messed up!

[Lethality]

Use a Mac

Problem solved.

[wolivere]

Makes no difference

A very good friend of mine who is a mac addict lost his wow account. And not from a gold buying site, but from visting a forum that exchanged tactics and information on high level raid dungeons.

[pgp_protector]

riiiggghhh

I'm supposed to replace $2000-3000 in hardware, and then even more thousands in software, and development tools ect.

How about just safe computing ? works great, got a clean system, no keyloggers, viri, trojans, ect.

Keeping a clean system is not that hard.

[Vegaman_Dan]

Mac or PC- wrong. Social engineering- right

This isn't about Mac or PC platform choices. The method in which the user's content was obtained doesn't matter. The fact is that the game producer isn't doing anything to prevent it. Their liability is limited to the real world value of their in game goods and resources which is... well, zero. If they had real world monetary value, then members would be taxed for all items sold/bought and have to report those sales to the IRS. It also means Blizzard (or even Linden Labs with Second Life) would be legally responsible and could be sued for all losses. By declaring that all in game items are virtual and only worth the real world equivalent of virtual items (meaning nothing), then they can avoid that whole nasty legal issue.

[`WarpKat]

Stop Playing So Much!

If players would stop playing for a while and
come out of their dungeons more often than they
do now and gasp for some air, we wouldn't see
un-newsworthy items like this on News.com.

Instead, we'd see things like, "Batboy Seen in
Pennsylvania - Scares Amish Farmers Into
Reality."

[weegg]

No

Dump TV. At least this is interactive and I get to chat with people
all around the world. Beats the heck out of the boob-tube.

[Fogglestein]

Easy Fix

I would expect most of this could easily be fixed by Blizzard offering gold / items for sale in-game, for currency. Some may argue that that approach 'breaks' the reason to quest for these items but lets face it, the stuff can be bought anyway. The only difference is, it's gold pharmers making the $$$. Blizzard could undercut virtually (*snicker*) any profit the pharmers would make and thus make it undesireable.

[Penguinisto]

Easier Fix:

Let the idiots who buy these levels, spells, and/or gold suffer the consequences, and be sure to laugh at them often.

Nobody said that the games industry has any obligation to protect the stupid, the cheat, or the wannabes from their own greed.

/P

[weegg]

Secure Solution (doesnt matter which OS)

Use secure id Blizzard.

For example, even with keystroke capturing software it would do
no good since secure id generates a new number every minute. If
that number is part of your password, it changes every minute and
it doesnt matter if they have a snapshot.

E-Trade does this. So why not Blizzard?

[NextGen_MMO]

Yes, use the Blizzard Authenticator.

More information on how to secure your account:
http://www.blizzards-next-generation-mmo.com/battle-net/account-security/

[buffer_overflow]

Missing the Point

First off... I see the ads that were generated by Google at the bottom of the page at the end of the story.

I disagree that this is not about platform specific, I do agree however that people need to do a better job performing updates on their Wintel PC?s with the latest protection software.

However that is never going to be enough, M$ operating systems are just vulnerable, period, that will never change until M$ does a lot better at programming an OS overall.

Personally I use a PC to play WoW, however as a tech for both PC and Mac I get paid to keep systems up to date, and maintained.

Word of caution; don?t go to the websites that offer to Power level you, or to buy virtual Gold. Sites like these and others offer scams, just clean up and update your system, WinXP SP2 with all the patches.

Or buy or use a Mac, yes? I had mine compromised as well, Blizz took a few days but I got most of my stuff back, now I don?t go to sites about Wow that I don?t know if they are reputable or not. I also went back and did a lookup of the domain and who owned it, it was a company out of the US. Owned by a company out of China.

[Penguinisto]

Point is...

...don't be dumb and willingly run executables on your box, or give away access to your personal info.

The most secure OS on the planet cannot possibly save a user from installing something (or giving away user info).

The best any OS can do to slow down malware is to minimize the damage (OSX and Linux does this quite admirably, and Vista is finally attempting to do it, though results there are as yet unclear).

No OS can stop a user from entering personal info onto a website.

I'm glad I stick w/ the FPS games where the servers are free to pop in and use... seems the pay-for-play games are more trouble than they're worth by now.

/P

[phantomsoul]

Wow...

A whole month to get your account reinstated if you've been hacked? And still get charged for service? I'm not sure I'm any longer interested in paying for the services of a company, such as Blizzard Entertainment, that evidently prioritizes preventing revenue loss higher than having satisfied customers. I wonder how many legitimate license-bearing victims were treated like criminals in trying to get their accounts resolved.

Also, I have several doubts to the effectiveness of "keeping your computer updated" as a be-all-end-all solution. I wonder how many WOW players down have a sufficiently legitimate license from Microsoft (e.g. copied from a friend, etc.) to get adequate updates to keep their computer secure. Additionally, of the people who are legitimate with Microsoft, I wonder how many haven't the slightest clue on how to either tell what the update status of their computer is or even go about updating it. And finally, of the people that don't know, I wonder how many care to even bother finding out.

Quite frankly, if I wasn't a very computer savvy person who just liked playing a game on the computer every now and then, I'd find all the security concerns behind it way too opaque for the common gamer and just want a refund.

Three cheers for lousy customer support. </sarcasm>

[buyerbeware]

My WoW account was recently hacked, I suspect after my computer was infected by a keylogger hidden in a website about the mage class, which I got to by following a link on an official Blizzard forum. I can quote for you directly from the e-mails Blizzard sent me. At 2:40 pm I was sent an e-mail (I didn?t read any of these e-mails until much later that night, when I could not access my WoW account and thought to check) which says, in part, that ?This email is to inform you that you have been suspended from the World of Warcraft forums for a 14 day period for linking to cheats, hacks, Trojan horses, or malicious programs. The account owner is responsible for any activities for which the account is used (my italics)?. Am I to infer that I am responsible for the actions of a criminal who has hacked into my computer, perhaps using the latest, undetectable malware, which I inadvertently downloaded after visiting a site recommended on an official Blizzard site, and which was not some gold farming or power leveling site, but a page of very dry stats on Mage DPS? This e-mail, I was advised, constituted a final warning. At 6:18 pm I received an e-mail which says, in part, that, ?Your password has recently been modified through the Account Management website.? Blizzard does not require e-mail confirmation to change passwords. At 7:40 pm I received another e-mail stating the same thing. Then, at 8:09 pm, I received an e-mail which says, in part, that, ?Access to this account has been temporarily disabled due to inappropriate advertising activity within the World of Warcraft, and we are currently conducting a thorough investigation on this issue?Please be aware that we will be unable to provide any additional information (my italics) regarding this matter until the conclusion of the investigation.? (I note that, as a player, I often dutifully reported inappropriate advertising material.) So, here I am, a victim of cyber-crime, not knowing if my toons have been stripped and deleted, or anything at all really about what has occurred. I don?t know how long the investigation will take, and Blizzard is apparently reluctant to discuss the matter with a paying customer who has done nothing untoward or inappropriate. This in itself makes me feel like I am the criminal.

[MrBumBastik]

I got hacked 0430 on the 7/11/09. after a few emails from blizz (as they cannot be contacted by phone at the weekends), virus scans malware adware and other scans i got all my gold, items and badges etc returned by 2000h on the 8/11/09. i did have to supply photographic proof of my passport that i was the account owner on their online form as i didnt have my original cd key. It was relatively straight forward and stress free. The only thing i havent got back is my honor points which must have been used to buy epic gems by the hackers.
I think that is very very good going considering some people have been waiting weeks to get their items and their accounts returned.
Seems things are actually picking up for the consumer in my humble opinion, or else Blizz are upping the ante against this.

[phantomsoul]

Second Degree Security

Second Degree Security, which requires you to actually physically possess something in addition to a password in order to authenticate, could help out in a high-profile hacking situation like this. Banks have been doing second-degree security for years now -- when you go to an ATM you have to put in your ATM card (something that you have) and enter your PIN number (something that you know). This effectively eliminates "stolen intelligence" as a means of breaking in.

However, it could also prove costly to the company. In order to successfully implement second degree security, you have to actually distribute whatever piece of equipment provides for it (like the secure ID, for example), and also re-distribute it when problems with it occur.

Not sure how costly the broken accounts as a whole are to the company themselves. It could be just as easily resolved with better customer service; I mean at the end of the day, it's just a game and not our life savings, right?

[PzkwVIb]

That is two factor authentication

not "second degree security".

[protagonistic]

RE: Second Degree Security

Your last sentence says it all. Enough said...

[drarkanex]

Choose Life, Not World of Warcraft

I've had 2 Accounts banned by Blizzard. 1 for 3rd party software and the 2nd and last time for account sharing. I'm tired of Blizzard and whatever they stand for. I appreciate they are taking a stand against people that are bypassing the rules but for me to be inadvertantly caught in these rules and given no excuse other than canned messages and no excuses is plain wrong. I will never buy another Blizzard or Vivendi product again. Currently waiting for Age of Conan and Warhammer Online. To the guy saying "Get a Mac", look man, no one wants to write viruses for 2% of the market. No one cares about your Mac. IF you like Mac so much, leave it at that and like it all you want. PC's are superior to Mac, despite what you think otherwise. I look at the numbers and the market, and looking at the Mac numbers, you haven't got a clue what you are talking about.

[drfrost]

You cheated and you're mad?

1) Were you actually using 3rd party software and account sharing? If so, you deserved to be banned. Read the EULA. The two games you're waiting for are going to be the same way. If you cheat, you're going to get banned. If you were the victim of hacking... in that case you're the victim.

2) Since when did market dominance equate to superior quality. If you want to compare Macs and PCs then I suggest you leave market share out of it. Having been in the tech industry for a long time I could cite many cases where inferior technology won for various reasons. Am I saying the Mac is better? No. I try to stay out of religious wars. I'm just saying your argument is faulty.

[real_bgiel]

They got my bank accounts

Cleaned me out, melted down my credit cards. My house is in foreclosure. My wife and kids left me. Got fired from my job.

Thank God they did NOT get my WoW stuff!

[K.P.C.]

That's a . . .

ROFLMAO :D

[eclypce95]

Only Stupid People's Accounts Get Hacked

People getting keyloggers installed on their systems has nothing to do with WoW or anything. They get crap installed on their system because they're idiots. They don't understand how the web works and they just assume everything is safe and install whatever crap they see.

For people that got hacked, I have no sympathy for you! You got hacked because it was your own damn fault! You're probably the same people who's keep those nigerians in business! If you lost your life-savings (real or virtual) because you got hacked, oh well, you would've blown it in other ways eventually -- like buying a house on adjustable rate mortgage, or giving it to that guy that will sell you Cloud (or Volcano) Insurance!!!

[rfielding]

You can get a keylogger by plugging in to network to patch Windows

It takes a few minutes on average for any unpatched system to
get subjected to an unsolicited breakin attempt. I am talking
about things like buffer overflow vulnerabilities in applications
that connect to the network - passwords are irrelevant to these
kinds of attacks. If you buy a new computer, it will by definition
NOT BE PATCHED until you go out and get the latest
patches...which you get...over the network...before you are
actually patched. You will suffer more than one attempt to
break in before you are up to date. Most people are lucky
enough to make it through this first phase, but the attacks keep
coming for the entire time you are plugged into the network.

Of course it's easier to break into the computer of somebody
that doesn't know what they are doing. On the other hand,
there's a reason why plenty of smart people have just given up
on securing a WindowsXP computer and run something else
instead. When everybody runs the exact same OS, just being
unlucky enough to be targeted with a very recent vulnerability is
enough to doom you. (Microsoft's "we are so popular" defense
has some truth to it, but that doesnt change the probability of
getting broken into. This probability is astoundingly high if you
are a WindowsXP user with an always on connection.)

You can suffer a remote code execution from just about any
content that your browser reads, including images and sounds.
You can suffer a remote code execution by merely plugging your
computer into the internet and waiting a few minutes while your
OS patches download.
Running as a user with lower privileges limits the damage; But
WindowsXP makes this inconvenient enough that a lot of people
who have tried to stick to the discipline eventually turn admin
privileges back on so that they can actually use their computer.

A nicely done remote code execution will make itself
undetectable, therefore once you have suffered a single attack
you are completely finished. You HAVE to re-image from a clean
backup, but how do you know that the current messed up config
wasn't made possible by the configuration you backed up?

Smart users minimize their probability of getting broken into
within the limits of what they can control. But dont you think for
a minute that you'd have to be an idiot to get a keylogger on
your system.

"Unintended installs" for Windows is becoming a science.
Unintended installs exploit bugs in application code, so the only
way to make it impossible for "smart users" to be invulnerable is
to run operating systems that only allow for the installation of
"bug free code". Any attempt at enforcing such a standard
would die at the hands of companies gaming the code review
system for competitive advantage, which would drive users off
to a less secure system, which puts us back where we started.

[natejohnstone]

Glad I play on a Mac

:)

[Christopher Hall]

Glad I have common sense

These keyloggers are installed as a direct result of user action. Contrary to popular opinion, nearly all Windows pains and misfortunes are the direct result of user action. Eliminating the root cause of the pains, be it uninstalling your P2P software, eliminating porn/warez/gamez/Kelly Clarkson websites from your viewing rounds, taking up a policy of [b]not[/b] clicking on every single pop-up ad you see, or having a full-frontal lobotomy, is always the preferable mode of problem solving.

I can't (though most likely won't) afford a Mac. In lieu of that, I'm just glad I have the common sense to avoid these things.

[adlyb1]

Glad I Play on a PC...

Actually, on two PCs.

One running Win2K, the other XP. Both up and running and connected to the 'net for years (The Win2K unit just turned 5). Constantly surfing, playing games, using various networking tools. These machines are always on and connected to the 'net, so what's the damage?

Viruses: 0
Spyware: 0
Other Malware: 0

Guess I didn't need a Mac after all.

[realism]

Get City of Heroes

WOW is way overrated. Get City Of Heroes/Villains.

[godam_registration]

Get a Mac... Not

Yes, how about we just all jump ship instead of enjoying a great game. This is so much like all those Mac fanboys that start nagging "Just get a mac" every time some exploit is detected in windows.

[Kurlus]

Spywhere?

I had my account hacked December 2006 between the 25th and the 27th. I had 3 sets of equip, approx 370g and everything stored in my bank taken. I reported this to Blizz the moment I found out, via phone, and was told that customer service could do nothing and to log into the game and submit a ticket.

Three and a half weeks went by until I received an official response to my request for account restoration. In the meantime I submitted posts on the WoW forums asking for an update. Every post was deleted in mere seconds of it's posting.

Finally Blizzard told me that they could not verify my loss and that the new content from the release of The Burning Crusade would provide me with better opportunities to advance my lvl 60 character. They also told me that any further conversation would best be handled online, however the final post I made on the forum was deleted like all the other posts I had made.

Just from my observations from my experience with all this, I've played WoW for over a year. I have never had a problem until after I first logged into the WoW forums. Maybe it's from this unsecured side of the site where your info gets taken. You enter the forums with your account name and password and it's unsecured. All I know is I had no keyloggers on my computer, I had no virus' on my computer, I had no spyware on my computer. I run 3 firewall programs that monitor the programs on my computer and anything trying to access the internet or anything trying to access me. I also run 2 anti-virus/anti-spyware programs all of which are up to date and I still had my account hacked. I have not formatted or restored my computer since I was hacked and amazingly (knock on wood) it hasn't happened again.

People like to agree with Blizz and say that "we" deserved getting hacked. That "we" brought it upon ourselves. All I really want to know is when did "we" buy into all the Blizzard BS? I just hope that those who post replies saying that people deserve getting hacked, get hacked themselves so I can be one of the 1st to laugh at them.

[Nanette159]

Re: Hacking of WOW accounts

To Whom It May Concern:
To the person who said only stupid people get hacked. First of all, that was extremely rude of you to say, and second of all, people are hacked all the time because people do not want to pay their own bills. Here is an example:
A person I know had his computer taken in to the shop to have SP2 put in. His computer was configured so that he didn't have to type in his password, other than when he dialed up. In this instance the person who usually worked on his computer was on vacation, so another person worked on his computer, so when he got it back, he logged on in his usual way. When he went to change his password (I convinced him it was a good idea to change your PC's password about every 63-71 days) he found that the person who worked on his computer had NOT put the password in, and immediately he ran a full scan, particularly his System Volume Information, as that is what dialers usually hit, but he ran the complete scan and found 2 dialers. However luckily he had Grisoft AVG, which gave him the company and numerical number of the person who had dropped the dialers in his computer. He lost a few thousand dll's, exe's, sfx's etc., but he also had the satisfaction that the person who did it is not only going to spend jail time, but is going to have to pay monitarily for dropping those dialers in. People who have a tendency, like yourself, to think others stupid, tend to fall into their own holes, it's basically called foot in mouth disease. I've worked on computers since they first came out in the 70's and mainframes were the size of about 2 warehouses, and if there is a will, there is a way.
It will happen to you at some point. I sure hope not, however as a Veteran, when all the social security numbers were stolen, I was terrified as mine was one of the ones in there. Luckily they got it back, so you see sometimes it doesn't have anything to do with you at all. Someone elses carelessness may cause the problem.
Sincerely,
N. Doree-Sheckler

[cherrycky]

Buy cheap wow gold, world of warcraft gold all servers.

Looking to buy WOW GOLD, Items or Accounts? ... ( wow gold for sale) Land mounts can be purchased by players once they reach level ...http://www.vicsale.com

[cherrycky]

Buy WoW Gold, Sell WoW Gold - World of Warcraft Gold Information - Vicsale

Buy and Sell, World of Warcraft, Everquest, Everquest 2, Eve Online, Dofus, Maple Story, Silk Road ... to Learn how to Buy WoW Gold or Sell WoW Gold ,http://www.vicsale.com