I'm talkin' downtown!
BNet Is Poorly Thought Out
Posted 08-01-2009 at 09:52 PM by Caulle
I havn't blogged in forever, but I felt this was probably warranted so that I could just rant on my own instead of cluttering up the forums.
This morning I got a txt from a friend asking me if I was on my warrior. My reply was "p_O No." Absolutely no one has my password right now, so I rushed to my computer fearing I had been hacked. As soon as my GMail notifier had signed up, there were two pop ups about new e-mails. One saying that I had changed my password. And another saying I had merged my account with another BNet account.
First thing I did was try to log onto my account from the main WoW site. This wasn't working because my account had been merged with a BNet account and it wanted that account information to log in. The e-mail about the BNet account wouldn't have worked about a password recovery because it was linked to "s***@live.cn" so I'd have to have access to that e-mail in order to change anything.
In other words, I was boned.
I logged onto my vent server right away and barged into a channel. One of the guys was an officer, and I asked if I was online. I had to sit there painfully listening to vent as my friends described the events as some guy on the other side of the world proceeded to empty out the guild bank. Being the GM, there was nothing they could do. All my characters were officers, and only the GM can gkick or demote an officer.
Soon after, the person threw GM at one of the other officers and logged my warrior off. The new GM quickly removed all my characters from the guild, but in the process he noticed that 2 of my 80's were missing. He also couldn't add them to his friends list, they were already gone. A short while later my warrior disappeared too.
I've had a few thoughts on today's adventure thus far:
First of all, I've been really angry/emo at the game lately. I hadn't been having much fun until recently, and it wasn't until it was all taken away that I realized how much it still means to me.
Secondly, the whole BNet system is poorly thought out. Normally if you get your account hacked and find out right away, you just do a PW retrieval, answer the secret question, and move on your merry way. Petition a GM, explain what happened, you'll have your gear back in no time. But the way the BNet system currently works, anyone who has your information can just take it away in a heartbeat and there is NOTHING you can do. Except Monday to Friday between 8am to 8pm Pacific. There is no security. It doesn't ask you to confirm your e-mail address from your Warcraft account. It doesn't ask your secret question. It doesn't even verify that the information from both accounts match!!!
And I know what everyone is thinking at this point. Did you run anti-virus? Do you use Firefox? How often do you scan your computer for malicious software? How often do you change your password? Do you have the Blizzard Authenticator? etc etc...
Years ago, when I was first exposed to the internet, I was a poor user. Most people were (and still are to an extent). But I've gotten smarter about browsing over the years. I don't use an anti-virus software because I havn't had one in 6+ years. I already used Firefox so I just assumed I was protected.
And the Blizz Authenticator? This is the part that kills me the most. I have it. I downloaded it 3 months ago for my iPhone. I booted that thing up the second it finished downloading, and it wanted my BNet account so I said "Eff this" and pretty much forgot about it. Big mistake.
So lesson learned, but what a crappy way to learn it.
Pro tip: Use the authenticator and merge your account to Bnet.
This morning I got a txt from a friend asking me if I was on my warrior. My reply was "p_O No." Absolutely no one has my password right now, so I rushed to my computer fearing I had been hacked. As soon as my GMail notifier had signed up, there were two pop ups about new e-mails. One saying that I had changed my password. And another saying I had merged my account with another BNet account.
First thing I did was try to log onto my account from the main WoW site. This wasn't working because my account had been merged with a BNet account and it wanted that account information to log in. The e-mail about the BNet account wouldn't have worked about a password recovery because it was linked to "s***@live.cn" so I'd have to have access to that e-mail in order to change anything.
In other words, I was boned.
I logged onto my vent server right away and barged into a channel. One of the guys was an officer, and I asked if I was online. I had to sit there painfully listening to vent as my friends described the events as some guy on the other side of the world proceeded to empty out the guild bank. Being the GM, there was nothing they could do. All my characters were officers, and only the GM can gkick or demote an officer.
Soon after, the person threw GM at one of the other officers and logged my warrior off. The new GM quickly removed all my characters from the guild, but in the process he noticed that 2 of my 80's were missing. He also couldn't add them to his friends list, they were already gone. A short while later my warrior disappeared too.
I've had a few thoughts on today's adventure thus far:
First of all, I've been really angry/emo at the game lately. I hadn't been having much fun until recently, and it wasn't until it was all taken away that I realized how much it still means to me.
Secondly, the whole BNet system is poorly thought out. Normally if you get your account hacked and find out right away, you just do a PW retrieval, answer the secret question, and move on your merry way. Petition a GM, explain what happened, you'll have your gear back in no time. But the way the BNet system currently works, anyone who has your information can just take it away in a heartbeat and there is NOTHING you can do. Except Monday to Friday between 8am to 8pm Pacific. There is no security. It doesn't ask you to confirm your e-mail address from your Warcraft account. It doesn't ask your secret question. It doesn't even verify that the information from both accounts match!!!
And I know what everyone is thinking at this point. Did you run anti-virus? Do you use Firefox? How often do you scan your computer for malicious software? How often do you change your password? Do you have the Blizzard Authenticator? etc etc...
Years ago, when I was first exposed to the internet, I was a poor user. Most people were (and still are to an extent). But I've gotten smarter about browsing over the years. I don't use an anti-virus software because I havn't had one in 6+ years. I already used Firefox so I just assumed I was protected.
And the Blizz Authenticator? This is the part that kills me the most. I have it. I downloaded it 3 months ago for my iPhone. I booted that thing up the second it finished downloading, and it wanted my BNet account so I said "Eff this" and pretty much forgot about it. Big mistake.
So lesson learned, but what a crappy way to learn it.
Pro tip: Use the authenticator and merge your account to Bnet.
Total Comments 14
Comments
-
Ouch... My sympathies. O_OPosted 08-02-2009 at 02:22 AM by Alent 
- That sucks but you should be able to recover everything in a few days to a week. I have the actual keyring authenticator and after buying it i have never looked back. One tip to any1 who has the authenticator dont put it on your keyring. If your keys are in you pocket they will scratch the plastic on the front and make it look ugly =p
Posted 08-02-2009 at 04:34 AM by Gordonoth - Just happened to me. It really sucks, I agree. I don't have an authenticator though. Thankfully I am not an officer in my guild, so there was little damage done.
The email for a username thing is terrible. My email is 22 characters long. My WoW username? 7. Two people play two different WoW accounts on my computer, so the Remember Account Name option is not a viable option.
Be forewarned: When your items are restored, the ones from your deleted characters will not be enchanted or gemmed.
Good luck getting your things back =]Posted 08-02-2009 at 09:58 AM by Ferag -
Eh, I can deal with my stuff not being enchanted or gemmed. It's not like Sky Sapphires exactly cost anything these days anyway. Oh wait, my fury set will be costly. Crytime.Posted 08-02-2009 at 10:46 AM by Caulle -
Posted 08-02-2009 at 11:37 AM by Caulle - Odd, we had a guildie hacked on friday who was on for a good hour or so, motionless, and untouched.
He was over at his friend's when he logged in his char only to realize he couldn't enter, his buddy logged in to find him sitting in stormwind.
He called support, and his account was merged to a bnet account, however, support rolled it back and changed his password. When he logged in, as I said, untouched (he was the lucky one. I am sorry for your loss.)
It seems like the merger does two things - it buys time for them to do their evil deeds, and it also allows the player to glean personal information. How much - I'm not fully sure yet. It's not much of a smoke bomb, as everything leaves a trail, but I'd monitor your statements and emails closely.
I agree the bnet thing sucked, but because I collect pets, I did it with the gatorade promotion. I also did it with the knowledge that usually when promotions like this happen - they're a carrot on a stick to cause people to do something desired. If the carrot doesn't work, eventually it's replaced by a foot to the rear end.
Here's hopingPosted 08-02-2009 at 01:18 PM by Conreeaght - Well, absolute worst case, I do have a second account that's inactive. I could always transfer my toons over to that one and then close this one down. But, really, they're not going to get much information I don't think. The credit card number is blanked out so that's no good. And I believe the address is my old one back in Canada and I havn't changed it since moving to the US. And I've formatted my hard drive and listened to my nagging husband about security so now my PC is like fort knox.
Posted 08-02-2009 at 01:33 PM by Caulle - I had a similar experience. Hadn't played in 3 or 4 weeks when suddenly I get an e-mail about passwords changing and wotnot. Sounds like you have a pretty cut and dried case, and chances are they'll get your gear back soon. Good luck.
Posted 08-02-2009 at 10:55 PM by TiKrazeeeNeg - So if you don't implement the Bnet merger (which I assume was added to improve security, among other things), it leaves a gaping security hole that someone else can exploit?
FAN-****ING-TASTIC!
Sorry for your loss and frustration, Caulle! That's just ridiculous. Off to warn my guild about this now. *sigh*Posted 08-03-2009 at 06:39 AM by Belak -
Gah...that sounds awful.
We had an officer hacked a while back and while our guild is small our gbank is not, and since we're small we know everyone pretty well, so we're pretty free with the gbank access amongst not-new people.
Suffice it to say things were recovered and after hours of a bunch of people sitting there doing nothing but reorganizing things (gah on that) everything was fine again, but it was pretty distressing (though the guy who was hacked laughed it off, since nothing was really taken from US in the process).
We also had a guild member who we thought was ok suddenly snap and ninja the most expensive items he could and then /gquit, but that's another story.Posted 08-03-2009 at 10:02 AM by Ion - Well, as an update... I got up early and called Blizzard first thing. The guy on the phone was super helpful. He got my Bnet merged up for me, we sync'd up the authenticator on my iphone, so I'm all secure now.
The characters never got transferred. It was flagged as suspicious right away so they were frozen. 2 of them were deleted so I've got a petition into a GM now to get them restored. Now I'm just waiting on someone to get online to get a ginvite back, and to put some of this stuff from my bags back into the gbank.Posted 08-03-2009 at 10:50 AM by Caulle -
The first and last time I was hacked was when we were progressing through Illidari Council. As soon as the Authenticators became available I purchased 5, 1 for myself and the other 4 for friends. When I was hacked I was only an officer so my gbank access was limited. After I became GM there was no way I was risking that shit.Posted 08-03-2009 at 04:54 PM by Inaara -
Holy shit Caulle, I'm glad you're getting everything back, but christ I'm scared now. I never merged my bnet account because I don't really use it all that much, I do have an authenticator but I didn't want to merge it cuz I use a secret name for my WoW account, but my Bnet Account is very public and commonly used....Posted 08-04-2009 at 06:45 PM by Kazeyonoma - I never updated this, but I'm back up and running. I don't know why people complain about Blizz customer service because they were amazing. The guy on the phone had my account all restored in minutes. My gear and the guild bank was completely restored by Wednesday before we started raid. It was amazing.
Posted 08-23-2009 at 11:40 PM by Caulle
