hacked :(

Share pet collecting news and advice.
User avatar
Gwenolyn
MVP
Posts:416
Joined:June 27th, 2009
Pet Score:5462
BattleTag®:Gwenolyn#1245
Realm:Aerie Peak-us
Contact:
hacked :(

Post by Gwenolyn » June 23rd, 2013, 1:31 pm

My account was hacked, and I was banned for selling gold /sigh.

I think he hacked me via RealID. His note just said "pets", but I nevr got to speak to him. So be very, very careful who you accept as a RealID friend.

Hope account recovery goes quickly.

User avatar
Quintessence
Site Admin
Posts:2781
Joined:June 4th, 2008
Pet Score:14744
Realm:Proudmoore-us
Contact:

Re: hacked :(

Post by Quintessence » June 23rd, 2013, 1:49 pm

I'm so sorry this happened to you. :( I hope Blizzard recovers your account swiftly and hassle-free.

There was a recent Mobile Armory/Authenticator compromise, so I'm wondering if perhaps they hacked into your account this way? I really don't know enough about RealID or the Mobile Armory to say which is more likely.
Image
Feel free to browse through my pet collecting blog: http://wowpetaddiction.blogspot.com

User avatar
Pompea
Top Rater
Posts:77
Joined:February 6th, 2010
Pet Score:2535
BattleTag®:pomp#1627
Realm:Earthen Ring-us
Contact:

Re: hacked :(

Post by Pompea » June 23rd, 2013, 2:21 pm

A person can't "hack" into your account without finding out your password somehow. If your password was perhaps a family or friends name it's possible he saw it from the list being a realid friend, but if not I don't see how anyone would get your password through that medium.

If you have an authenticator it's possible he went through your account via the AH app, afaik you don't need an authenticator code to log into that, so he would have been able to buy/sell with some ease- you wouldn't have even gotten logged out if you were online.

Truly hope you get your account back! If you don't for some reason I know some of us (mostly talking for myself here) will gladly help you re-obtain some of your pet collection.

User avatar
Zohdee
Top Rater
Posts:56
Joined:February 18th, 2012
Pet Score:3575
BattleTag®:Zohdee#1348
Realm:Azuremyst-us
Contact:

Re: hacked :(

Post by Zohdee » June 23rd, 2013, 3:29 pm

Gosh, so sorry to hear that. Hackers are scum.

A bit OT but I use the armory on line at work to do auctions and such. I have it set to ask for the code every time. I am thinking that might not be that awfully safe.

User avatar
Domie
Top Rater
Posts:246
Joined:April 15th, 2009
Pet Score:10979
BattleTag®:Domie#2293
Realm:Ravencrest-eu
Contact:

Re: hacked :(

Post by Domie » June 23rd, 2013, 5:29 pm

It shouldnt be a problem to get your account back to the state you last had it, ive been hacked multiple times (mostly not my own fault tho), and it mostly just requires an email to their support in some way. But it is super annoying to have that happen tho :/

User avatar
Tahsfenz
Top Rater
Posts:1138
Joined:October 12th, 2012
Pet Score:3920
BattleTag®:Tahsfenz#1414
Realm:Moon Guard-us
Contact:

Re: hacked :(

Post by Tahsfenz » June 23rd, 2013, 6:52 pm

That stinks. I remember when my account got hacked. My wife's called me at work yelling at me for playing WoW at work. I was so confused. Fortunately, they restored my account (and then some). Of course it was my own fault for not having an authenticator.

I wish you luck!
Image

User avatar
Aislinge
MVP
Posts:102
Joined:June 27th, 2009
Pet Score:4299
BattleTag®:Aislinge#1549
Realm:Dath'Remar-us
Contact:

Re: hacked :(

Post by Aislinge » June 24th, 2013, 1:22 am

Listen to Quint - there's a big stink going on with Mobile Armoury atm and people losing gold. Lodge your tickets and fingers crossed!

Good luck! <3

User avatar
Waflob
Posts:159
Joined:January 6th, 2009
Pet Score:4117
Realm:Earthen Ring-eu
Contact:

Re: hacked :(

Post by Waflob » June 24th, 2013, 3:43 am

Nothing really constructive to say in terms of finding the cause, but just wanted to express sympathy for your plight and disgust for the hacking scum.

User avatar
Violetfemme
Top Rater
Posts:131
Joined:January 13th, 2013
Pet Score:4120
BattleTag®:Violet#1301
Realm:Aegwynn-us
Contact:

Re: hacked :(

Post by Violetfemme » June 24th, 2013, 6:07 am

Sorry to hear you got hacked. :(

When I got hacked (before I had the authenticator), Blizzard was able to see the server/IP address that the hacker logged in via (it was an EU server), and compared it to my usual server (US) and it "proved" to them that I was hacked and they restored everything to me (including items the hacker stole out of guild banks that I had access to).

User avatar
Index
Posts:328
Joined:October 30th, 2012
Pet Score:13081
Realm:Azjol-Nerub-eu
Contact:

Re: hacked :(

Post by Index » June 24th, 2013, 8:05 am

I got "compromised" once too, the word hack isn't really correct ;) I'd not done anything out of the ordinary: I had a strong password, never visited dodgy links in e-mails, never went to pr0n sites, never bought gold or any of the usual suspects.

Yet, one day I got a panicked messages from my guildies saying I'd logged in on all my toons, stripped what I could and logged off :(

My heart sank, and when I got home, it was all true. Thankfully Blizz were excellent, sorted everything out within an hour, and I got an authenticator straight away. Been ok ever since, but still somehow they got my info :(

User avatar
Breehit
Posts:180
Joined:October 13th, 2011
Pet Score:2996
Realm:Galakrond-us
Contact:

Re: hacked :(

Post by Breehit » June 24th, 2013, 12:07 pm

I was hacked once too..and I offer my sympathy. Blizzard restored everything, and we actually saw the hacker in action in real time. I did not have an authenticator before I was hacked, and I got one right away. However, it worries me that people are getting hacked even when they DO have authenticators. How is this done? Is there any way to prevent it? Does this mean that we should never use the auction house (assuming that there is some auction house app (or is it an add-on?) that allows hackers to bypass the authenticator)??? Or is there some app or add-on that we should delete? :(

User avatar
Ravnhawk
MVP
Posts:705
Joined:January 2nd, 2013
Pet Score:6534
BattleTag®:ravnhawk#1272
Realm:Zul'jin-us
Contact:

Re: hacked :(

Post by Ravnhawk » June 24th, 2013, 12:33 pm

Gwen I have some extra pets (more then a few) just in case they got to your pets and they aren't retrievable. My roommate just got hacked and all of her stuff was returned and even the gold. On her account she got it all back the same day - she even had the same issue with being banned for selling stuff for real money. She called the help line and they walked her thru submitting a ticket.

User avatar
Quintessence
Site Admin
Posts:2781
Joined:June 4th, 2008
Pet Score:14744
Realm:Proudmoore-us
Contact:

Re: hacked :(

Post by Quintessence » June 24th, 2013, 1:39 pm

Breehit wrote:However, it worries me that people are getting hacked even when they DO have authenticators. How is this done?
At the moment most authenticators should be a major roadblock to any hacker. I haven't heard of any confirmed case where a person with a physical authenticator attached to their bnet account had their account breached.

In the case of the mobile armory/AH compromise, as Pompea mentioned, you don't need a code to log into that, so people were able to remove large amounts of gold from you through the app.
Breehit wrote:Is there any way to prevent it?
An authenticator is still considered the first line of protection for your account. Don't remove your authenticator! If anything, contact Blizzard first if you have concerns about your account or authenticator.
Breehit wrote:Does this mean that we should never use the auction house (assuming that there is some auction house app (or is it an add-on?) that allows hackers to bypass the authenticator)??? Or is there some app or add-on that we should delete? :(
The auction house is safe to use as far as I know. It was the app, not an add-on, that allowed malicious persons access to gold on accounts. The mobile AH has been shut down for now, though.

Add-ons are safe for the most part, as long as you download them from a trusted source like Curse.com. Downloading ANY addon-on, whether it's for the auction house or not, from an unsafe source is risky, and the add-on may contain malicious code.

Follow the [url=http://us.battle.net/en/security/checklist]security checklist[/url], and if in doubt you can always contact Blizzard for further assistance/advice. :)

To the OP: Did you ever figure out how they managed to get your account info? Was it RealID? Or was it through the mobile AH app?
Image
Feel free to browse through my pet collecting blog: http://wowpetaddiction.blogspot.com

User avatar
Ravnhawk
MVP
Posts:705
Joined:January 2nd, 2013
Pet Score:6534
BattleTag®:ravnhawk#1272
Realm:Zul'jin-us
Contact:

Re: hacked :(

Post by Ravnhawk » June 24th, 2013, 1:48 pm

I don't use the mobile AH app on my cell. But I do use the remote AH but it requires an authenticator code every time I log on. Are we talking the same app?

thanks

User avatar
Cyntaria
Posts:26
Joined:March 31st, 2013
Pet Score:14522
Realm:Windrunner-us
Contact:

Re: hacked :(

Post by Cyntaria » June 24th, 2013, 3:03 pm

I little off topic, but I'd like to throw this out there for people using RealID for friends lists.

As someone said above, it isn't possible to "hack" an account just through RealID. They need both pieces of information (Email address and password) in order to access it.

Some people still use their WoW account email address to give out to people to add to RealID. This is half of the information that a hacker needs to access your account. They still need a way to get your password, but they are half way there.

Back when Blizzard offered the Annual Pass and a free Diablo III account with it, they also enable a feature called BATTLETAGS. For those of us that played Diablo III and WoW on the same Bnet account, creating a BattleTag was required. For those that didn't, it wasn't required but the the option is still there.

Blizzard automatically assigned each of us a BattleTag ID when the system went into place. You do have an option to change it. If you log into your Account Management, your BattleTag will be on the very first page to the left under your name in Account Details.

When someone asks to be added to your RealID, you can give them your BattleTag instead of your WoW email address to add them.

User avatar
Gwenolyn
MVP
Posts:416
Joined:June 27th, 2009
Pet Score:5462
BattleTag®:Gwenolyn#1245
Realm:Aerie Peak-us
Contact:

Re: hacked :(

Post by Gwenolyn » June 24th, 2013, 6:07 pm

I got everything returned to me. However, I don't have the mobile AH App or add-on or anything. I do use a mobile authenticator on my phone, but I never download anything on my sadly old phone. I don't use my WoW e-mail account, so I don't click on "suspicious e-mails" as Blizz suggested (I don't even click on non-suspicious ones- don't really use e-mail :o ). I do admit to having a weak password (changed of course... now I can barely log in the first time... hehe) and it was not a name someone might have seen via RealID. Also, this person physically logged in all my toons. My Guild saw it. And my toons had hearthed and/or were in different locations than I had left them.

I am at a loss as to how this happened. The authenticator was removed from my account by the hacker. Not sure how he/she did that either.

Anyway, I did get all my gold/gear back. But I can't help feeling like some toon out there is walking around with MY now black market gold.

Edit: This person requested me as RealID in game. I just clicked accept. Does this mean he/she knew my e-mail? I don't think so. This person may be completely innocent. But it's the only odd thing that's happened lately.
Last edited by Gwenolyn on June 24th, 2013, 6:23 pm, edited 1 time in total.

User avatar
Gwenolyn
MVP
Posts:416
Joined:June 27th, 2009
Pet Score:5462
BattleTag®:Gwenolyn#1245
Realm:Aerie Peak-us
Contact:

Re: hacked :(

Post by Gwenolyn » June 24th, 2013, 6:20 pm

Ravnhawk wrote:Gwen I have some extra pets (more then a few) just in case they got to your pets and they aren't retrievable. My roommate just got hacked and all of her stuff was returned and even the gold. On her account she got it all back the same day - she even had the same issue with being banned for selling stuff for real money. She called the help line and they walked her thru submitting a ticket.
You are awesome!! But they didn't touch my pets. Morons... hehe!

User avatar
Tahsfenz
Top Rater
Posts:1138
Joined:October 12th, 2012
Pet Score:3920
BattleTag®:Tahsfenz#1414
Realm:Moon Guard-us
Contact:

Re: hacked :(

Post by Tahsfenz » June 24th, 2013, 7:01 pm

Gwenolyn wrote:
Ravnhawk wrote:Gwen I have some extra pets (more then a few) just in case they got to your pets and they aren't retrievable. My roommate just got hacked and all of her stuff was returned and even the gold. On her account she got it all back the same day - she even had the same issue with being banned for selling stuff for real money. She called the help line and they walked her thru submitting a ticket.
You are awesome!! But they didn't touch my pets. Morons... hehe!
That's where all the money is! All joking aside, glad they were able to restore you.
Image

Ishildur
Posts:139
Joined:March 11th, 2013
Pet Score:4812
Realm:Uldum-us
Contact:

Re: hacked :(

Post by Ishildur » June 24th, 2013, 7:49 pm

One other thing for added protection I can think of is to not sign up for accounts on various wow related sites with the same email you use for WoW... there have been cases of sites getting compromised and the people trying to get at those sites do try those passwords and variants thereof for WoW. They also do like to send you phishing emails to those emails. I use a special email for many of the gaming sites that is not the same as the email I use for my subscription. I have never gotten any phishing emails on my WoW email, but a TON on the one that I use for gaming sites.

User avatar
Waflob
Posts:159
Joined:January 6th, 2009
Pet Score:4117
Realm:Earthen Ring-eu
Contact:

Re: hacked :(

Post by Waflob » June 25th, 2013, 2:20 am

Gwenolyn wrote: This person requested me as RealID in game. I just clicked accept. Does this mean he/she knew my e-mail? I don't think so. This person may be completely innocent. But it's the only odd thing that's happened lately.
You only need the battle tag to ask for realid friends and most of us have that displayed here. I'm not suggesting for one moment that this fine site had anything to do with this, but merely pointing out that the battlenet tag is intentionally more public than private.

Glad you got your stuff back :-)

Post Reply