World Of Warcraft, WoW Hand Armor

Monday, February 21, 2011

Speaking of Hacked Accounts and "Inbred Pets"

This morning, I woke up to a scary sight. My account had been hacked. I was not able to log in. Freaking out, thinking about loosing around 1 mil gold on one server (along with about 400K in banked goods), and about 400K on another server, this is an extremely bad situation to be in.. All the work that I have invested over the years (not even looking at all the cash I tossed them per month), I now have a dead account. I am sure you have read around the blogosphere on a few hacked accounts over the last week, and now you are reading one more.....

Then I woke up. Really. It was all a bad dream (or nightmare). A dream that I didn't want to come true....So hopped outta bed, turned on the coffee pot, and went to the Droid App Store. I downloaded Blizzards Moblie Authenticator. I set it up (very simple instructions, even I was able to figure it out, so it is completely idiot proof). You download the app, then it refers you to, you punch in a code, it sends it to your email, you click the link, and you are now Authenticated. Ahhh. Relaxation. Too bad I now have two cups of coffee in me, so I can't get back to bed....mmmm....the goodness of caffeine...

If you have hesitated on doing this, I would not wait a minute more. Most App style phones (Droid- iPhone) have this style of hookup, and it literally took me 5 minutes start to finish.

Now this might just be me, but upon logging in to WoW (only about 15 minutes later), I saw this in my mailbox.

Let's weigh this quick. I just secured my account, made it "literally" hack free, gave me a bit more confidence in Blizzard wanting to help me from the "hackers", and they give me a pet for notta?

I think it was a good decision. Are you authenticated? I hope that you have taken the plunge, and if not, I hope this post confirmed not just the ease of it (and on top of it, you don't have to wait for the keychain in the mail).

*Edit- I do want to add to be aware of what Authenticator you add, make sure it is blizzard...Now for Droid there is only one available, but I can forsee in the future (using my crystal ball) that sooner or later the scammers will find a way to have you download apps to snatch your account information. Only use the Blizzard one, with true blizzard logo's, or you can even go directly to the blizz site ( to their page to get the download from them.

Now before you say:

 "I am too safe. I watch what I download, what sites I visit, etc, etc, etc."

There are alot of folks that get hacked, for reasons unbeknownst (is that even a word? I dunno, but it sounds cool) to me. Basically, if you have ever used your email (that is linked to your wow account) for ANYTHING, you have a chance to get hit.

That isn't your comment? How about this one:

"I am smart. I have a seperate email that I do not use for anything else linked to my WoW account."

Do me a favor quick. Log into that account. If it's MSN, your email is out there. If it's Yahoo, it's out there. If it's gmail or googlemail, it's out there. If you got an email from "admin at XXXX", your email is on a list somewhere. Not trying to freak you out, but just get an authenticator. For your safety.

Do you utilize this free option from Blizz?

If not, did I convince you to do so?

Since that is done, I can update you on tomorrows post: I am working on a multi post "post" on readers emails.

Now don't take this the wrong way, as I don't want you to hesitate to email me, but please limit your questions to one per email, and if you are looking for a "how do I make money on my server, I have a 525 XXX, and a 520 XXX, and I do XXX right now" answer, please use my coaching program for those (there is a small fee for this).

As you know by now, I love to help out, but those questions are better off solved in person, and on your server (and are very time consuming....and at times, quite complicated) and that is why I refer you to the program (not because I am being a dick, I am sure you understand).

I am thinking about offering a free session to my readers, what do you all think on that? Would you be interested in a "free" one on one with Alto?


Unknown said... Reply To This Comment

Personally, I think Authenticators while a bit of a nuisance at least until you get used to them, should be a requirement. I wish they would have come in the box with Cataclysm. Yeah that'd be redundant for those of us who have the authenticator on their phones but then nobody would have an excuse not to have one.

I also don't get why they don't get them stocked at Gamestop. (Probably because they can't resell them used).

You owe it to yourself and your guild, if you have one, to have an authenticator. For either nothing or a few bucks shipping you're more or less guaranteeing that your account is secure from being hacked.

Vayaz said... Reply To This Comment

If you don't do something silly (e.g., visiting "bad" sites or downloading dubious files), have a rather secure password (like opgGOog254KgklLaf), a separate e-mail account only used for that purpose and a standard NAT-firewall in your router, then there really is no need to worry.

I have all that (and more), so I'm not going to give them even more money for something that was proven not to be a 100% anti-hacking guarantee anyway.

By the way, if you do not have this, they'll still restore your account. So what? :)

Admin said... Reply To This Comment

Did I mention the authenticator cost is NOTHING? As in free? I guess I didn't hit on that part...

Jason said... Reply To This Comment

Authenticators are a fantastic idea imo, I paid the 6 bucks and got the physical one, mostly because I detest cellphones, but a core hound pup! for 6.50$ ? lil xt and the other pets can cost twice that in the blizz store, not only are you securing your account but a pet too ? good deal for piece of mind, no matter how safe you are.

Admin said... Reply To This Comment

Great point syn!


Now I can't speak for the keychain one, but really all you do is login (with your old password), open up the Authenticator app, and type in the digits. Then you are on. It must be more complicated for the keychain, but I only have to type in what, like 8 digits for security? It passes my vote. Thanks for the comment!

Vince said... Reply To This Comment

Don't scare me like that, Alto! Man, that truly would have been awful. I had been resisting getting an Authenticator for some time now, mainly because I really didn't want to pay another $6.50 or whatever. I pride myself in having a virtually unguessable password (and one that would take some time for even a automated program to get), but as they say, pride goeth before a fall. And since the app actually is free, I see no reason not to get it! I've put quite a lot of effort in to my characters, and even if Blizz will restore my account if it gets hacked, I'd rather spend a few extra seconds each log in than have to deal with all that. Thanks for this post, Alto!

P.S. I'm fairly certain "unbeknownst" is a real word.

@James: I believe the reason you can only get the keychain from Blizz online is because they want to sell wholesale. If you were to get it from Gamestop or Target or where ever, it would unavoidably cost you more to do so. I think Blizz is really showing their kinder side here, especially since you can get this service free as a phone app.

Stede said... Reply To This Comment

I have a keychain authenticator. All you have to do for the keychain is press the button, and the numbers pop up on the display. Just enter those into the box in the game and you're set.

All bloggers need to have an authenticator. You spend so much time and effort making gold; you should go a bit further and secure it. By blogging, you put yourself out there on the World Wide Web. There's lots of folks who would love to steal your account and sell your gold.

Also, it's a great idea to have a separate email address for all your wow stuff. In the event your email gets hacked, your other accounts (banking, credit cards, bill pay, etc) won't be compromised as well.

Admin said... Reply To This Comment

Was in the shower when I thought of an "Edit". Once again, safety is key (haha. made a funny. Authenticator "Key", safety is "key"....get it? horrible humor...I know, but you should be used to that by now)

Nev said... Reply To This Comment

I have a keychain authenticator too - after 3 guildies got hacked in one month, it was agreed amongst ourselves that all officers should get one. It just adds a box after the password box, you press the button, it gives you a number & you type that it too - totally painless most of the time :) The only time it's ever given me a problem was the night Cata went live - it took me numerous attempts to log back in & a new authenticator code every time!

@ Vayaz - yes they will restore your account but it's a lot of time & effort & worry until they do & if you are in a guild with bank access on multiple toons - it's a problem for your guild as well. For the sake of a few bucks or even free as Alto has pointed out, it just seems so silly not to have one.

Admin said... Reply To This Comment

After rereading my post, I realized I didn't hit on the Inbred Pet part. Well, here it goes.

Sometime back in Vanilla WoW, there was a male and a female corehound. One was sitting on the outer reaches of Eastern Kingdom, the other on Kalimdor. Now through passers by, they learned of each other being the only ones left in all of Azeroth.

So after a few communications via in game mail, they met up in Ratchet, (as it's kinda tough to swim when you are constantly on fire). After a little bit of goblin munching for dinner (and a female gnome for dessert), they set off to their little cave and made sweet, sweet love. Like rabbits. They didn't leave the cave for a few months.

Time came to pass when Ms. Corehound found out she was preggo. After two weeks (yeah, their pregnancy is quite quick), she popped out a ton of babies. She seemed quite worried, as they came out deformed (musta been a bad gnome- poisoning. All the die in her hair...) and continued to live in their little cave, with all the pups soon turning into adults from destroying all those that entered this little cave.

To make a long story short, you might have heard about this little cave, better known as Molten Core...

Now a few years have passed, and many multiplications of babies, blizz had no idea what to do with them other than to give them out for free to the masses.

There you go. I added it. Thanks for the email reminder!

Azuriel said... Reply To This Comment

I was hacked last year and the entire guild was disbanded as a result. It took over nine days before Blizzard would even unlock my account, and there was no way to restore the guild itself (we had to get a whole new charter, etc) - that means we forever lost the ability to do /ginfo and get the 9/25/07 creation date, which marked Invictus as the 2nd oldest continuously running guild on the server. While they did eventually restore the items (and ended up restoring too much insofar as I had an extra 16k gold and 100 Frost/Triumph/etc badges), the honor points, Arena points, and Arena team rewards were never returned. I lost the Rival title on my PvP toon that the rest of the team have been sporting since Cata launched.

If you think you're safe, think again. The strength of your password is 100% irrelevant because they log your keystrokes. The keylogger I ended up getting got through NoScript, Ad-Aware, and AVG. If you have been to Wowhead lately, they have scrambled all URLs to Imageshack due to security holes, and that was a website I used for years. The keylogger could have came from there, ArenaJunkies, MMO-Champion, Wowhead, Tankspot, Curse, and/or WowAce. Hell, for that matter it could have be embedded in one of the 30+ addons I have installed.

You can suffer under the delusion of personal account security if you want Vayaz, or you can spend the 5 minutes getting a free app on your phone and be immune to everything but an extremely sophisticated "man-in-the-middle" attack in which they have ~30-40 seconds to wreck havoc. Hell, if you don't like the hassle of punching in numbers each time you log (takes no longer than that opgGOog254KgklLaf password), Blizzard even has a free dial-in authenticator deal that will only trigger if you attempt to log-in from a different IP range.

Vayaz said... Reply To This Comment

Well, I surely didn't want to object against getting an authentificator. Whatever... interesting that my short remark found quite some interest.

Of course nobody is ever safe, but I like my little illusion nevertheless! Though it's a fact that most people are indeed the cause for their very (computer-related) problems.

Obviously I won't type in some sihghizs2763637aJKHGg password every time (copy + paste from .txt file actually), and I'll also emphasise that I was referring to the "you've got to buy it" authentificator. If there's one for free, that's good.

I didn't know that (but also strongly that my poor phone could run any application that is >10 years old, haha).

The password strength is only a barrier against brute-force attacks indeed (for which one's e-mail address must be discovered first). I do know how a keylogger works; it's not that hard to write a very basic one actually, but that wasn't my point either.

However, I'll check that blog post out, thanks.

Okay, will check back later. Until then, don't think too negative! :) Always remember that a nuclear bomb could, in theory, drop on your roof as well. It may be possible, but not all that likely.

Vayaz said... Reply To This Comment

Just noticed that there seems to be a word missing. I believe it was 'exclude'? Anyway, didn't mean to spam - sorry.

Michael said... Reply To This Comment

Our guild requires all officers have an authenticator. No exceptions. Also, Vayaz, while I respect your stance (can even appreciate it), just be aware that you're a target, as a gold blogger (who just publicly acknowledged he doesn't use an authenticator)! You might not be aware that keyloggers these days also capture your clipboard, so just because you copy/paste your password doesn't really make you that much safer.

I whined quite a bit when I was forced to get an authenticator if I wanted to remain an officer, but once I got it I realized how trivial it was to use it. Well worth the peace of mind!

Great post, Alto.

Anonymous said... Reply To This Comment

Or just send a mail to Blizz once you get hacked and make them revert the changes that happened. You should at most be without an account for 2 days, at most.

And what is the chance to get hacked? Slim. And if you care a bit when you go to the internet? Even slimmer

Faid said... Reply To This Comment

I used to use the iPod authenticator on my iPod touch. The authenticator bit was just great, but as a downside, everytime Apple updated the iPod software I had to remove my authenticator from my account and re-add it after, because of the iPod restores. It was particularly annoying because then I'd have to go through each character and check their mail and reloot the pets and if I didn't alotholic would soon be yelling at me about mail.

For Christmas my boyfriend bought me a keychain autheticator which is so much better. (Also, great when you're DCd in the middle of a raid boss since there's fewer numbers to type to get in quick!)

Prncesspwn said... Reply To This Comment

My boyfriend and I were in the process of getting hacked in the middle of the night, and his sister woke us up in to log on and change our password, bought an authenticator tht night and never looked back. although it is annoying to always have to punch in numbers every time I log in and try not to lose the little thing, I def. feel a lot safer!

f4t4bb0t said... Reply To This Comment

Just a heads up for all you guys that use the Mobile Authenicator on your Android or iPhone. Once you install it you CANNOT log into your account (ingame or via website). Therefore if your like me and like to "flash" or jailbreak your phones or you go thru one or two phones a year make sure you UNLINK your mobile authenticator with your account first! If you don't do this then you have to call Blizz directly and get them to unlink your account with the authenticator (hour plus on the phone and you have to give them all kinds of info to let them know it's you).

I've had to do this twice now, so learn from my fail!

Ven said... Reply To This Comment

keychain authenticator for the win,have one for almost a year ago,and never regretted it .Its so fast and easy to use ,so i fell safe .

The Gold Queen said... Reply To This Comment

Thanks for the detailed and really useful post.

I have a keychain Authenticator. I'm terrible at losing things, even my phone, so I keep it on a really long bright red and gold shiny cord so I can find it on my messy desk. (Piled up with notes on items to watch, discarded earrings, and half-nommed snacks!)

It was the best investment ever. I have all my tiers from the last 5 years safe in the bank, even T3, and they are irreplaceable to me.

If you have time, come and read the post I made recently called 12 steps to protect your WoW Gold with even more security tips!

Your phone apps and authenticators post is the perfect complement to my security information!

hugs, TGQ

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Powered by Blogger