Page 1 of 2

hacked :(

Posted: June 23rd, 2013, 1:31 pm
by Gwenolyn
My account was hacked, and I was banned for selling gold /sigh.

I think he hacked me via RealID. His note just said "pets", but I nevr got to speak to him. So be very, very careful who you accept as a RealID friend.

Hope account recovery goes quickly.

Re: hacked :(

Posted: June 23rd, 2013, 1:49 pm
by Quintessence
I'm so sorry this happened to you. :( I hope Blizzard recovers your account swiftly and hassle-free.

There was a recent Mobile Armory/Authenticator compromise, so I'm wondering if perhaps they hacked into your account this way? I really don't know enough about RealID or the Mobile Armory to say which is more likely.

Re: hacked :(

Posted: June 23rd, 2013, 2:21 pm
by Pompea
A person can't "hack" into your account without finding out your password somehow. If your password was perhaps a family or friends name it's possible he saw it from the list being a realid friend, but if not I don't see how anyone would get your password through that medium.

If you have an authenticator it's possible he went through your account via the AH app, afaik you don't need an authenticator code to log into that, so he would have been able to buy/sell with some ease- you wouldn't have even gotten logged out if you were online.

Truly hope you get your account back! If you don't for some reason I know some of us (mostly talking for myself here) will gladly help you re-obtain some of your pet collection.

Re: hacked :(

Posted: June 23rd, 2013, 3:29 pm
by Zohdee
Gosh, so sorry to hear that. Hackers are scum.

A bit OT but I use the armory on line at work to do auctions and such. I have it set to ask for the code every time. I am thinking that might not be that awfully safe.

Re: hacked :(

Posted: June 23rd, 2013, 5:29 pm
by Domie
It shouldnt be a problem to get your account back to the state you last had it, ive been hacked multiple times (mostly not my own fault tho), and it mostly just requires an email to their support in some way. But it is super annoying to have that happen tho :/

Re: hacked :(

Posted: June 23rd, 2013, 6:52 pm
by Tahsfenz
That stinks. I remember when my account got hacked. My wife's called me at work yelling at me for playing WoW at work. I was so confused. Fortunately, they restored my account (and then some). Of course it was my own fault for not having an authenticator.

I wish you luck!

Re: hacked :(

Posted: June 24th, 2013, 1:22 am
by Aislinge
Listen to Quint - there's a big stink going on with Mobile Armoury atm and people losing gold. Lodge your tickets and fingers crossed!

Good luck! <3

Re: hacked :(

Posted: June 24th, 2013, 3:43 am
by Waflob
Nothing really constructive to say in terms of finding the cause, but just wanted to express sympathy for your plight and disgust for the hacking scum.

Re: hacked :(

Posted: June 24th, 2013, 6:07 am
by Violetfemme
Sorry to hear you got hacked. :(

When I got hacked (before I had the authenticator), Blizzard was able to see the server/IP address that the hacker logged in via (it was an EU server), and compared it to my usual server (US) and it "proved" to them that I was hacked and they restored everything to me (including items the hacker stole out of guild banks that I had access to).

Re: hacked :(

Posted: June 24th, 2013, 8:05 am
by Index
I got "compromised" once too, the word hack isn't really correct ;) I'd not done anything out of the ordinary: I had a strong password, never visited dodgy links in e-mails, never went to pr0n sites, never bought gold or any of the usual suspects.

Yet, one day I got a panicked messages from my guildies saying I'd logged in on all my toons, stripped what I could and logged off :(

My heart sank, and when I got home, it was all true. Thankfully Blizz were excellent, sorted everything out within an hour, and I got an authenticator straight away. Been ok ever since, but still somehow they got my info :(

Re: hacked :(

Posted: June 24th, 2013, 12:07 pm
by Breehit
I was hacked once too..and I offer my sympathy. Blizzard restored everything, and we actually saw the hacker in action in real time. I did not have an authenticator before I was hacked, and I got one right away. However, it worries me that people are getting hacked even when they DO have authenticators. How is this done? Is there any way to prevent it? Does this mean that we should never use the auction house (assuming that there is some auction house app (or is it an add-on?) that allows hackers to bypass the authenticator)??? Or is there some app or add-on that we should delete? :(

Re: hacked :(

Posted: June 24th, 2013, 12:33 pm
by Ravnhawk
Gwen I have some extra pets (more then a few) just in case they got to your pets and they aren't retrievable. My roommate just got hacked and all of her stuff was returned and even the gold. On her account she got it all back the same day - she even had the same issue with being banned for selling stuff for real money. She called the help line and they walked her thru submitting a ticket.

Re: hacked :(

Posted: June 24th, 2013, 1:39 pm
by Quintessence
Breehit wrote:However, it worries me that people are getting hacked even when they DO have authenticators. How is this done?
At the moment most authenticators should be a major roadblock to any hacker. I haven't heard of any confirmed case where a person with a physical authenticator attached to their bnet account had their account breached.

In the case of the mobile armory/AH compromise, as Pompea mentioned, you don't need a code to log into that, so people were able to remove large amounts of gold from you through the app.
Breehit wrote:Is there any way to prevent it?
An authenticator is still considered the first line of protection for your account. Don't remove your authenticator! If anything, contact Blizzard first if you have concerns about your account or authenticator.
Breehit wrote:Does this mean that we should never use the auction house (assuming that there is some auction house app (or is it an add-on?) that allows hackers to bypass the authenticator)??? Or is there some app or add-on that we should delete? :(
The auction house is safe to use as far as I know. It was the app, not an add-on, that allowed malicious persons access to gold on accounts. The mobile AH has been shut down for now, though.

Add-ons are safe for the most part, as long as you download them from a trusted source like Curse.com. Downloading ANY addon-on, whether it's for the auction house or not, from an unsafe source is risky, and the add-on may contain malicious code.

Follow the [url=http://us.battle.net/en/security/checklist]security checklist[/url], and if in doubt you can always contact Blizzard for further assistance/advice. :)

To the OP: Did you ever figure out how they managed to get your account info? Was it RealID? Or was it through the mobile AH app?

Re: hacked :(

Posted: June 24th, 2013, 1:48 pm
by Ravnhawk
I don't use the mobile AH app on my cell. But I do use the remote AH but it requires an authenticator code every time I log on. Are we talking the same app?

thanks

Re: hacked :(

Posted: June 24th, 2013, 3:03 pm
by Cyntaria
I little off topic, but I'd like to throw this out there for people using RealID for friends lists.

As someone said above, it isn't possible to "hack" an account just through RealID. They need both pieces of information (Email address and password) in order to access it.

Some people still use their WoW account email address to give out to people to add to RealID. This is half of the information that a hacker needs to access your account. They still need a way to get your password, but they are half way there.

Back when Blizzard offered the Annual Pass and a free Diablo III account with it, they also enable a feature called BATTLETAGS. For those of us that played Diablo III and WoW on the same Bnet account, creating a BattleTag was required. For those that didn't, it wasn't required but the the option is still there.

Blizzard automatically assigned each of us a BattleTag ID when the system went into place. You do have an option to change it. If you log into your Account Management, your BattleTag will be on the very first page to the left under your name in Account Details.

When someone asks to be added to your RealID, you can give them your BattleTag instead of your WoW email address to add them.

Re: hacked :(

Posted: June 24th, 2013, 6:07 pm
by Gwenolyn
I got everything returned to me. However, I don't have the mobile AH App or add-on or anything. I do use a mobile authenticator on my phone, but I never download anything on my sadly old phone. I don't use my WoW e-mail account, so I don't click on "suspicious e-mails" as Blizz suggested (I don't even click on non-suspicious ones- don't really use e-mail :o ). I do admit to having a weak password (changed of course... now I can barely log in the first time... hehe) and it was not a name someone might have seen via RealID. Also, this person physically logged in all my toons. My Guild saw it. And my toons had hearthed and/or were in different locations than I had left them.

I am at a loss as to how this happened. The authenticator was removed from my account by the hacker. Not sure how he/she did that either.

Anyway, I did get all my gold/gear back. But I can't help feeling like some toon out there is walking around with MY now black market gold.

Edit: This person requested me as RealID in game. I just clicked accept. Does this mean he/she knew my e-mail? I don't think so. This person may be completely innocent. But it's the only odd thing that's happened lately.

Re: hacked :(

Posted: June 24th, 2013, 6:20 pm
by Gwenolyn
Ravnhawk wrote:Gwen I have some extra pets (more then a few) just in case they got to your pets and they aren't retrievable. My roommate just got hacked and all of her stuff was returned and even the gold. On her account she got it all back the same day - she even had the same issue with being banned for selling stuff for real money. She called the help line and they walked her thru submitting a ticket.
You are awesome!! But they didn't touch my pets. Morons... hehe!

Re: hacked :(

Posted: June 24th, 2013, 7:01 pm
by Tahsfenz
Gwenolyn wrote:
Ravnhawk wrote:Gwen I have some extra pets (more then a few) just in case they got to your pets and they aren't retrievable. My roommate just got hacked and all of her stuff was returned and even the gold. On her account she got it all back the same day - she even had the same issue with being banned for selling stuff for real money. She called the help line and they walked her thru submitting a ticket.
You are awesome!! But they didn't touch my pets. Morons... hehe!
That's where all the money is! All joking aside, glad they were able to restore you.

Re: hacked :(

Posted: June 24th, 2013, 7:49 pm
by Ishildur
One other thing for added protection I can think of is to not sign up for accounts on various wow related sites with the same email you use for WoW... there have been cases of sites getting compromised and the people trying to get at those sites do try those passwords and variants thereof for WoW. They also do like to send you phishing emails to those emails. I use a special email for many of the gaming sites that is not the same as the email I use for my subscription. I have never gotten any phishing emails on my WoW email, but a TON on the one that I use for gaming sites.

Re: hacked :(

Posted: June 25th, 2013, 2:20 am
by Waflob
Gwenolyn wrote: This person requested me as RealID in game. I just clicked accept. Does this mean he/she knew my e-mail? I don't think so. This person may be completely innocent. But it's the only odd thing that's happened lately.
You only need the battle tag to ask for realid friends and most of us have that displayed here. I'm not suggesting for one moment that this fine site had anything to do with this, but merely pointing out that the battlenet tag is intentionally more public than private.

Glad you got your stuff back :-)