Clean as a Whistle and Still Got Hacked

Finally it happened – my account in World of Warcraft got hacked. It was the usual stuff; gold missing, items missing, characters parked elsewhere and even a new level 1 Warrior created with a nonsense name (probably used for selling gold).

I’ve had a World of Warcraft account since I’ve started playing in 2005 as the game was released in Europe and I’ve never been hacked before. Sure, I read a few forum posts about the authenticator but always figured that if I was careful, I would never be hacked. I had AVG installed, scanned regularly, never visited any ominous web sites and never clicked links in questionable e-mails. I wasn’t always subscribing, but when I was (usually for several months after an expansion was released), I never had any problems and trusted my ability to avoid all attempts at keylogging. I didn’t use an authenticator and was confident I would never have to.

And then I got hacked anyway.

After having contacted a GM and replaced my passwords, I started reading various forum threads about other people being hacked. It dawned upon me that the hackers don’t even need keyloggers. I could be clean as a whistle (as described above) and still get hacked. I’m pretty sure I was; I scanned with both AVG 2011 and Spybot and they didn’t find anything at all.

Here are three interesting posts I found in an official US forum thread:

I had my account since the game released, something like 6 years, and was finally hacked this last June. Took them less than a day to strip the account and get it banned for gold selling activities. I did get everything back, but it tooks days to sort out the changes and mess made to the toons, my keybars and bank vault. The hackers even redid my keybinds and stole from the guildbank.

So far as I can tell the hack occured through an update to Adobe Flash with a security loophole that they hadn’t yet released a patch for. Ironically the OLD UNupdated version didn’t have the vulnerability. They apparently accessed my system while VIEWING web pages on the fansite thottbot.com since that’s the only WoW related site I’d visited in over a year.

They were able to disable my updated virus protection and hack my web brower to get my e-mail passwords. From there it was simple to steal the WoW account because of the new battlenet log-ins that use an e-mail in lieu of a separate log in name.Blackflower

The second:

You can get your account “hacked” without ever getting keylogged. I was meticulous for 6 years, never visited strange sites, only used links I’d saved in my favorites for official Blizzard sites, it doesn’t matter. There are ways they still compromise accounts. They can use flash banner ads if you have flash allowed in your browser, they also have random password generators they use and other processes of breaking into accounts.

You can’t really avoid getting hacked just by being careful. I used to think people who got hacked were just irresponsible too, then I got hacked myself. I’ve never gotten a single phishing email in my entire 6 years of playing WoW, I’d never even searched the internet or used it to visit sites on the computer I used to play WoW on. I still got hacked. It’s just a matter of random chance it seems.Elrith

And the third:

It took them six years of Everquest one, then five years of this game, but they finally got me.

I took every precaution, did everything right, never even let anyone else use my computer (let alone my account), used firefox with noscript, locked everything up tight, went no where naughty in the first place, only let the scripts run on “friendly” sites which absolutely had to in order to display the site at all (wowhead, etc), did not use a similar login or password for any other site…

Only played in Linux since patch 2.0 or something.

Logged on Monday naked in the Hinterlands, with my gear and 10 K gold missing.

I checked everything afterwards, with every scanner possible and found nothing.Kybeorie

This actually scared me. It felt almost like having my own home robbed. I thought I was being so careful – how arrogant of me. I’m not taking any chances with this anymore. I’ve just ordered an authenticator to be delivered one of these days. I should have done this a long time ago.

UPDATE, February 13, 2011: I found a nice post on Psychochild’s Blog that you may want to read as well, in case you’ve been hacked like I was. Oh, and I received the authenticator about two weeks after I ordered it (I live in Denmark in case you’re wondering).

2 comments on “Clean as a Whistle and Still Got Hacked

  1. Saw the trackback to my site. Yeah, sucks when it happens to you; you have my sympathies.

    Looking back, I think the most interesting thing is how people always seem to think that the hacked person has to be “stupid” about security. As I posed, I’m probably better informed about computer and internet security than a lot of people. But, there are a lot of points of weakness a hacker could attack. In my case, it’s an email account.

    I recently played a bit of WoW during a 10 day free trial, and my characters were still around. Relatively poor compared to characters in the game’s current economy, but I figure the account hackers haven’t been back since I fixed my email account password, so that was almost certainly the attack vector.

    Thankfully, Blizzard seems to have account restorations down pat by this point.

    Good luck!

  2. Thanks.

    I checked my Google Mail account right after being hacked. It showed no signs of intrusion of all, but of course the hacker could have been there anyway and just didn’t touch anything. The password there was also different than the one I used for my Battle.net account, but to be sure I changed all passwords anyway.

    One thing that had me puzzled was that my account at the official WoW forums had a different avatar selected, for a character I never play anymore. Perhaps the hackers got access through my forum account and then browsed through my avatars there to see what characters I had.

    Anyway, I have an authenticator attached to the account today and I hope I’ve seen that last of that.

Leave a Reply