29/01/2011

Hack happens

I always thought that it wouldn't happen to me, but then I also know that sometimes shit just happens... so I wasn't completely shocked when I tried to log into my WoW account yesterday morning just to be greeted by a message that I'd been banned, with an accompanying e-mail about my account being involved in gold-selling activities in my inbox.

There had actually been warning signs: On Tuesday evening I found that my account had suddenly been locked by Blizzard, supposedly due to "suspicious activity". Since this happened just after I had repeatedly failed to log in successfully due to the login servers being down, I thought that it was a probably just a glitch in the system, went through the automated process of account recovery and was back on my merry way very quickly. There were no signs of anyone else having accessed my account, and Real ID confirmed this by stating that I hadn't been online since I last logged off.

I guess I should have known when my boyfriend noted in confusion that his friends list suddenly showed two different Real ID entries for me late the other night. Oh well, hindsight is always perfect.

So I found my account frozen on Friday morning just before I had to go to work and obviously I wasn't happy. I couldn't shake this vague feeling that someone had violated my private space. On the whole however, I was quite calm, and that was actually a pleasant surprise. I mean, I had found myself wondering recently whether I wasn't playing a bit too much WoW, relying on it too much to keep me entertained - but I think the way this incident hardly fazed me is pretty good proof that it's actually not that bad. There's no better way of putting things into perspective than having to go "well, I've got to go to work now so I'll have to deal with this later".

When I came back home in the evening my boyfriend had already turned on my computer and run a full virus scan, which did indeed turn up a trojan (which was promptly removed of course). I still don't know where I picked it up as I pretty much only ever visit the same couple of websites every day, but my best guess is that I somehow got it via the Curse Client. Now, before anyone jumps on me to defend Curse, I'm not condemning them, after all it's only a guess. But rumours about it being a security risk in some way have been pretty persistent from what I can see, and while it might have been a coincidence that all this happened shortly after I installed it, it also might not. I got rid of it either way.

I then decided to call up Blizzard's German customer service - since I'm bilingual I figured that I had a choice and I was hoping that the German customer service representatives might be slightly less overworked. I got through quite quickly and I timed the call - it took less than five minutes to explain my situation and get my account restored. Kudos to customer service rep Matthias for his swift help.

I immediately changed my password and went to survey the damage. Two of my low-level alts had been deleted and replaced with level one alts for gold-spamming. Kind of funny that, why do they shy away from doing it on existing characters? Trying to make a point that while they may be evil, they are not that evil? All my characters had been robbed blind in terms of money, but otherwise the hacker seemed to have been in quite a hurry, as he didn't touch any of my characters' gear, items or guild banks. I hadn't even completed logging onto all of my alts by the time I started receiving in-game mails from support that were returning the stolen money. The GM didn't bother doing this on all of my characters, so I still ended up a few thousand gold short of what I had before, but I'm not too bothered about that. My two deleted alts were back as well.

What is the lesson here? That nobody is completely safe? I already knew that. That someone hijacking your account feels intrusive? Hardly a surprise. That sometimes Blizzard customer support can actually be really good? Yeah, that one was new to me, but I did think it deserved a mention. I was back to playing on the same day of the incident and didn't lose anything but a little bit of potential play time and a bit of in-game gold.

10 comments:

  1. They restored chars below level 10? Was the missing gold on chars below level 10?

    ReplyDelete
  2. Do you not have an authenticator? Age old question but still....get one. :)

    ReplyDelete
  3. The same thing happened to me recently.

    The problem is, you probably haven't solved the problem. Most WoW accounts are compromised by rootkit keyloggers, and running an antivirus/malware scan from the infected boot partition won't locate them.

    Bottom line: there's a pretty good chance whatever sniffed out your password is still on your computer. With an authenticator your WoW account is mostly secure, but your e-mail, any online banking/shopping/etc, that's all up for grabs.

    I'll give you the advice I got when my account got compromised: you have to reformat and reinstall. As a wise man once said, take off and nuke the site from orbit. It's the only way to be sure.

    ReplyDelete
  4. Sorry to hear you got hacked, Shintar. It's coming up on my one year anniversary of being hacked, and I think I stumbled onto the hacker right in the middle of their operation. (Lucky me that I get up really early to play WoW.)

    I'm just glad that your gear was in pretty good shape, because my toons were wiped clean.

    ReplyDelete
  5. They don't delete high level characters because they can farm stuff and also sell accounts with 85s on it.

    ReplyDelete
  6. @Kring: No to both questions. I actually don't have any characters below level ten at the moment, not counting any long-forgotten alts on servers that I never even play on.

    @Natalie: No, I rather dislike their cost/reward ratio personally, though my boyfriend has brought it up for discussion again now.

    @John: Thanks for the info, I'll consider it.

    @Nish: I wasn't wondering why they didn't delete the high levels, I was wondering why they deleted an alt at all just to make a new one. Why not just log on the existing level 20 mage and do their gold-spammy thing from there?

    ReplyDelete
  7. Ack, sorry to hear this Shintar, but glad it didn't cause you *too* much trouble, considering. There is a weird feeling of violation about it, isn't there? My computer has a brief issue with spyware recently - no idea where it came from, I'm usually bloody careful - and I managed to get it restored and cleaned up. But it still felt as though my machine had basically contractd syphilis.

    ReplyDelete
  8. Ouch, what a nightmare!! sorry to hear you got hacked, hope everything will be restored without losses! and get an authenticator asap, it's cheap and really worth it - after all we've spent years on these accounts. :)
    (if you have a smartphone, you can get the authenticator app for free).

    ReplyDelete
  9. the dial-in authenticator is also an option provided by blizzard and it's free.
    http://us.blizzard.com/support/article.xml?locale=en_US&tag=dialinauth&rhtml=true
    --
    Regards,

    Potatoe

    ReplyDelete
  10. @Syl: I don't have a smartphone. And I always find it weird to argue that something is free if you already have a totally unrelated expensive item. :P

    @Anonymous: Thanks for the thought but I'm in Europe, not the US.

    ReplyDelete