It’s no fun being hacked :(
Luckily this hasn’t happened to me but to a guildie this week. While never a cool thing at all, I thought I would use this issue (and my experience with attempted hacking) to illustrate a few points regarding Blizzard and hackers.
Firstly a bit of background
The guildie in question uses an authenticator and knows plenty about pc security. This means regular pw changes and checking of computer for spyware, maintaining a good AV and firewall (that are kept updated) and not visiting any suspect websites (e.g. goldsellers and such).
So what happened?
Well, the authenticator was temporarily removed from the account. Then, a couple of days later my guildie logged in and noticed that on the character selection screen a few toons were wearing the wrong gear, upon logging in they discovered that all gear had been sold, banks and bags emptied, all VP etc spent on BoE stuff and so on. Obviously this is a rather distressing thing to happen, so Blizz was ticketed and within an hour a reply was received and they returned the gear via in-game mail. Unfortunately this was followed within an hour by an email stating that the account had been locked due to illegal activities (it would appear that the hacker had been trying to sell gold/gear for real money).
This however was resolved by a call to Blizzard and the ban was removed and the account sorted and handed back to the rightful owner with no trouble.
This raises a couple of points regarding account security, Blizzard etc
Firstly, despite all the usual whining that goes on in forums about Blizzard customer support, this issue was resolved swiftly even when there was a mistake made (probably automated) that was also fixed quickly. The support staff were sympathetic to the issue and wished to resolve it as soon as possible. This is the complete opposite of what many people would have you believe – namely that Blizzard CS is a bunch of gits who positively delight is randomly banning accounts and then making it as difficult as humanly possible to retrieve and unlock. If this ever happens to me I sincerely hope I get the same kind of response to my issues.
Secondly, and this is definitely a worrying point, how the hell did the hackers get the details in the first place? Due to the barrage of regularly updated security software (and regular scans) a keylogger or similar would seem almost impossible. The details were not given out to websites and such. It is worrying that this is still possible despite taking as many precautions as possible.
The brief lack of authenticator isn’t really the problem as that simply removed the last layer of security that allowed them in, but in order to get in you still need an email address and password. As I said before this is the potentially very worrying part – that somehow people can get your details even when using unique emails, passwords and so on. It paints a picture of a poor little lone WoW player on an island surrounded by hungry sharks with nothing more than an authenticator between them and being nommed by a bunch of hackers.
That is certainly not to say that the authenticator is totally secure, nothing is absolutely guaranteed 100% unbreakable but something based on an algorithm that changes the codes every 30 seconds or so is obviously more secure than only having something static or that changes more infrequently (e.g. your email and pw).
So how can you protect yourself?
- Paranoia – As Blizzard is fond of saying NEVER share your email and password with anyone, I know that a lot of us don’t necessarily stick to that and share details with spouses, friends etc, but it is still true that the smaller the number of people that know you details the less chance there is of it screwing your account. I don’t just mean them messing with you or telling someone else your details (though it can happen) , how about the scenario where you give a friend your details because he is going to do your dailies for you while you’re on holiday? Maybe they are not as strict with regular scans as you and have a keylogger on their system, even with total trust and no funny business you can still potentially lose your details.
- Regular sweeps – Again, a common blizzard saying but again its true. Keep your anit-virus, firewall and anti-spyware software up to date and use it. Run scans at least once a week (or more often if your machine is regularly on without being used). Even without paying for stuff there are plenty of good free programs out there. Personally I use AVG (Anti-virus), Zonealarm (firewall) and Spybot SD (anti-spyware) and (touch wood) can say I have never had a single trojan, worm, virus or anything else (and thats running 3+ computers over more than 5 years)
- Blizzard Authenticator – Yh they cost £5 or something, and maybe you don’t want to give Blizzard anymore of your hard earned cash, but you pay £9 a month to play so look at it as 2 weeks play time to secure your account that little bit more. As I said above, an algorithm that changes the codes every 30 seconds or so adds so much security to your account that it is probably priceless if you have multiple characters and have invested a lot of time in them over the years. Remember though, it is just another layer, it is not totally unbreakable, don’t allow other measures to lapse because you have an authenticator.
- Don’t cheat or cut corners – It’s simple human nature to try and take the easy way out, after look at some of the earliest human inventions such as the wheel and fire – they make life more comfortable and easier. Alas, the temptation is there in WoW as well and its easy to think “hmm, I work 8 hours a day, I wonder how much ore and herbs my toon can gather with 8 solid hours of farming? I could just download this bot and have my farmer spend 40 hours a week gathering while I work.” The same applies to buying gold instead of grinding dailies and such, or deciding you want a high level alt for enchanting but really cba to do it yourself when you could easily pay someone to do it quite cheaply. These services, programs etc carry two problems; 1: they are banned by Blizzard and therefore could get you a perma ban if you use them and 2: a lot of them will be rife with various spyware and such and by downloading, installing etc you are opening yourself to a multitude of potential problems. Be strong, resist temptation and just say NO! 😀 Anyway, you enjoy playing this game? Don’t you?
- Have unique details – Having a totally unique email address and password that you only use for your battle.net is a very good idea. It’s easy enough to go and make a yahoo or gmail address or such that is simple to remember and use it for nothing except logging in. Likewise with your password, make it easy to remember but hard to break. use words that are not “real” i.e. not found in dictionarys and such and therefore to a computer will appear to be a string of random letters, try throwing some numbers and the odd symbol in there and suddenly you have an easy to remember to hard to break password. For example, use an old character name or such combined with a phone number and a random symbol, such as “kentari#290789”, if the words and numbers mean something to you then you shouldn’t have difficulty remembering them, but they won’t be easily broken by a program.
There are other ways of protecting yourself from trouble, but following the points above should shield you from the worst of the potential security leaks. The key thing to always remember is not to make breaking into your account impossible, as that itself is impossible, as given enough time anything is breakable, but to make it so damned difficult that the hackers go look for someone with a keylogger and the password “1234”.
99% of ensuring security on your system is about prevention and giving people as little opportunity as possible to break in.
Stay safe out there 🙂