Friday night I logged out at approximately 1:00am EST. Sometime after that one of my good friends was disconnected and when he tried to get back on he couldn’t access his account. Turns out his password was changed. When he started to investigate he found the e-mail associated with his account was also changed. He had been hacked!
I woke up at the butt crack of dawn (4:30am EST) to play before my family woke up. About an hour later I get a tell from a guildie asking if I can get on Vent. I log in to find my friend asking me if I can see him online. Of course I could. He’d been there a while. I’d even tried to whisper hello to him, but I figured he was AFK when he didn’t respond.
My friend could also tell he was online and he wasn’t happy about it. He’d been up all night trying to get back in. He even went so far as to create a trial account which is how he knew I was online. So I ran to the guild bank and sure enough, my friend’s two toons had pretty much wiped out the bank. There was only trash left. A few hours later it was all gone. He’s one of the Co-GMs and so has complete access. Fortunately, our GM never returned gold withdrawal access to us after a guild bank snafu that Blizzard fixed a couple of months ago so all of our gold was still there.
At first I wasn’t going to say anything to the guy. But I did whisper hello to him again while talking to my friend on vent and got a response, so it was definitely a hacker. What I don’t get exactly is the guy played for over a day on the toon. I always figured hackers would steal what they could and get out. This guy hijacked the toon to play.
We put in GM tickets and let them know about it. They tried to reset it, but evidently they didn’t understand the part about the hacker changing the e-mail so the password reset was e-mailed to the hacker. /sigh
My friend will be calling Blizzard and getting his account back today. You’d think that Blizzard makes enough money to staff phone lines 24 hours/day, especially on weekends when most people play. But as my dad always used to say, “That’s what you get for doing your own thinking.”
Get yourself an Authenticator
I’d told my friend about getting an Authenticator in the past, but he figured he didn’t have anything to worry about. I know my friend well enough to know that he doesn’t do any of the things that most people think of when someone gets hacked. He downloads few add-ons, doesn’t buy gold or power-leveling services, or even visit questionable websites. So how did he get hacked?
I remember reading somewhere (and I can’t for the life of me remember where) that there are hackers out there with false Blizzard sites. As you try to login you are redirected to their site and unwittingly enter your login information. My friend recalled that while updating his account for Wrath, he had trouble accessing the site. He had to close Windows and try again. It’s my belief that this is how and when he was hacked.
Chances are you can get the majority of your stuff back, although I don’t think gold is among that. I was told by a fellow guildie that you can even get your toons back if they’re deleted. This evidently happened to him a few months ago. The hacker left him a personal message in the names of 10 toons. I didn’t ask what, but I bet it wasn’t nice.
Do yourself a favor. If you haven’t gotten one of the Authenticators, get one now. If you haven’t experienced getting hacked whether personally or through those you know, don’t wait for it to happen. The $6.50 plus shipping is definitely worth the piece of mind the Authenticator will bring you.
Filed under: Hardware