Support NeoGAF

[Flakster99]

4+ years with an active WoW account. Was hacked this previous weekend, not only were my characters looted (items, gold, bank), 2 of my toons were deleted. :lol

Blizzard stated in an email 4-7 days until my account is restored. Oh yeah, I also placed an order for an Authenticator as well. A fantastic, needed idea I must say.

 

[Stabby McSter]

Outcome unlikely

i'll reroll as a troll

 

[vehn]

If you guys ever need to call the blizzard account phone #, the quickest way to speak with someone is to use the automated hotline thing that they have at the beginning of the phone call, and then use the option for 'none of the options helped me'. Then it will connect you with a rep within a few seconds. I had wait times of over 2 hours before I figured that trick out

 

[maniac-kun]

Holy CRAP. Is it really this bad? I know many of my friends use authenticators, but I always thought this was more of an extra security or collector trend than a real actual issue. What the fuck is wrong with people in general? Can't we just have a nice decent human society which does not attempt to exploit, cheat or steal everything we can? :/

well theres several methods of how the "hackers" get the accounts:
hacking a unsecure guild forum to recieve email names and if the userers are stupid enough they have the same password for the forum and wow or they use scam sites that either install a trojan or fishing sites where users are fooled into entering theire account data themself to win a price ._.
others are leveling servies, gold buying, and other scam services, and stupid passwords

 

[Xyphie]

I just want a way to use more than one authenticator with an account. If you loose it you're fucked and can't play for a few days while Blizzard CS fixes it for you.

 

[Kyzer]

and I also been sharing my account with friends since I started playing. It would make it difficult to continue doing so. :\

I got banned for this.

 

[hyduK]

If it's free, fine. The hell if I'll pay for something I'd never need, it still amazes me how so many people get 'hacked'.

 

[Joba62x]

I have never played WOW, had an account or gone to any WOW sites or even tried the game and I get about 3-4 Phishing E-mails a week . I have never opened them but they always come from official looking address and say in the header to do something to avoid my account being banned.

 

[Dynoro]

If it's free, fine. The hell if I'll pay for something I'd never need, it still amazes me how so many people get 'hacked'.

As mentioned before; a pack-in with Cataclysm would be a good plan as they could sell everyone on heightened security for Cataclysm accounts too. The authenticator is not expensive though; and you can even use the free iphone app.

 

[ColonelT]

I was hacked this weekend. Lost everything on my main (gear, gold, badges, honor points, bank inventory) and some gold off my alts. I THINK it was related to having a similar password on a couple different websites because I'm pretty meticulous about trojans, keyloggers, and viruses. Don't know though, probably will never know.

I opened a ticket, and sent an e-mail to Blizz account support. I got an e-mail within 12 hours that they are working on the restoration. They seem confident they'll be able to restore everything, but we'll see.

An authenticator is on its way. (No BB Storm 2 support!) I know this is a cliché, but folks if this can happen to me, it can happen to you. Authenticate up, pilgrims.

 

[Acidote]

The authenticator is not expensive, but the shipment costs are. Packing it in would be a good idea.

 

[Nirolak]

The authenticator is not expensive, but the shipment costs are. Packing it in would be a good idea.

The shipping has been made free to my knowledge.

 

[Amneisac]

I'll say this, I've had my account for a long time and it hasn't been hacked, but every time I reactivate or cancel I get flooded with spam trying to phish for my password. Somehow there has to be some connection to communication from Blizzard and these obviously fake e-mails.

 

[Diablohead]

A pack in would be for the best, then anyone not wanting the expansion just have to order one manually or own an iphone/mobile of sorts.

Shortly after some minor trouble with my bank I was given one of those mini calc units which I have to use if I want to do any online transactions, was a pain at first but now I prefer it to be much safer.

 

[Nidain]

Yes shipping is free since december

 

[ampere]

A friend of mine just got hacked the other day and he said it wasn't the first time for him either. Then I told him to get an authenticator and he said Blizzard gave him 7k gold and a bunch of badges so he hopes it happens again...

I think people really don't realize how available they're making account information online. I don't think you should ever make a post on a forum or blog where your WoW account email can be linked to your real name, address, etc. Those phishing emails look pretty poorly construed though; I can't imagine anyone with a decent grasp of account security would be fooled (something most WoW players must lack). So my advice to people is to have a separate email for forum accounts or blogs, don't visit warez or pornography websites, use Spybot Search&Destroy with a virus scanner regularly, and get an authenticator as soon as possible.

 

[mclem]

As mentioned before; a pack-in with Cataclysm would be a good plan as they could sell everyone on heightened security for Cataclysm accounts too. The authenticator is not expensive though; and you can even use the free iphone app.

Even better: With Cataclysm, bundle a voucher which entitles you to an authenticator or a free month. That way, people who already have one don't feel cheated.

I have to admit, I was expecting an authenticator to creep into the Collector's Edition of Cataclysm anyway.

 

[FLEABttn]

What happened is I used the client that curse.com offers.

Not the source of your hack. You've logged on a PC at some point or shared your account with someone. Don't blame the innocent for your ignorance.

 

[Dynoro]

Even better: With Cataclysm, bundle a voucher which entitles you to an authenticator or a free month. That way, people who already have one don't feel cheated.

I have to admit, I was expecting an authenticator to creep into the Collector's Edition of Cataclysm anyway.

Good idea and maybe another vanity pet too - I'm only on 64 pets atm :lol

 

[Yaweee]

When you log in to War3, it gives you information like your last log in time and how many incorrect passwords have been inputted. Is there any way to get a record of log ins or failed passwords for your WoW account, so you can see if somebody is trying to get in?

I really don't want to have to get an authenticator. I understand it can be easy to get a key logger (it's as simple as misspelling a URL due to how similar the site names are to the official ones), but in between an up to date browser, anti-virus, and frequent scans of my computer I'm not all that afraid of getting one.

 

[Lenardo]

my guildmaster's account got hacked- he got an authenticator (this was ~year ago)

i got one for my account
i got one for my wife's account
i have not linked one to my son's account yet (boy is 8 he doesn't have much good stuff -he'd rather pvp)

in my guild- at least 10 people have the authenticator.

pack in with expansion imo would be perfect.

buy 1 expansion box- the more expensive one- for the wife to get whatever pet comes with it
buy 2 expansion downloads

link the authenticator that comes in box with son's account


i'm all for it.

 

[Tamanon]

BTW, one of my favorite things about the Authenticator giving you a Core Hound pup is that you can use it if need be to verify someone with Guildbank access actually has one.

 

[mclem]

Not the source of your hack. You've logged on a PC at some point or shared your account with someone. Don't blame the innocent for your ignorance.

I do recall that there was actually an exploit through the curse client in the past, actually - something about an advert's payload able to act if you used the 'start game' option from within the client.

But I'm pretty sure that was cleared up some time ago, and I've not heard of anything similar recently.


Edit: In retrospect, it might have been WoWMatrix rather than Curse Client

 

[Zzoram]

If they do Battle.net2 authentication, the device better come in the Starcraft II box.

 

[mrgone]

I'm all for this as pack in and maybe a limited discount on the authenticators for folks who don't want to jump into Cataclysm just yet.

Speaking of accounts with a lot to lose, I wish Valve would set up an authenticator system for Steam. Every time I buy something it gets a little more frightening to consider what would happen if someone else got a hold of my account

 

[larvi]

I already have a Verisign authenticator that I use for Paypal/Ebay does WoW work with that?

 

[FLEABttn]

I already have a Verisign authenticator that I use for Paypal/Ebay does WoW work with that?

No, it's not synced to Blizzard.

 

[nataku]

I had the Authenticator, but just switched over to the iPhone OS one. It's free on the App Store, and works just as well.

If they're heading to this route, though, they'll probably release Android and Blackberry apps too.

They better release a WebOS one.

 

[nyong]

Wow, that's nuts. I wonder if the gold-farmers put out of business start to resort to more criminal methods of making money.

 

[water_wendi]

The authenticator is $6.50 on the Blizzard store. They probably leak people passwords and login info to get people in panic so they can rebuy the account and then buy a $6.50 authenticator. :lol

 

[FLEABttn]

The authenticator is $6.50 on the Blizzard store. They probably leak people passwords and login info to get people in panic so they can rebuy the account and then buy a $6.50 authenticator. :lol

Yeah, totally, so they can then spent more money on customer service than they'd bring in with your idea.

 

[SirPenguin]

If this happens, I think it's safe to say it will NOT be with the physical USB drives. They'll have to think of some other solution.

I mean, think about it. Even outfitting 1 million subscribers with the device, teaching them how to use it, and making sure everything works correctly would redefine the phrase "logistical nightmare". Now do that for 11.5 million accounts from all over the world, from North America to Europe to Australia and everywhere inbetween.

It would take literally years to switch everyone over

 

[water_wendi]

Yeah, totally, so they can then spent more money on customer service than they'd bring in with your idea.

Heres how you solve the problem. Make the code the authenticator generates bullshit. Any code will work. Therefore nobody will have problems to call about.. they just think they typed it in perfect every time.

edit: just in case anyone else thinks im being serious here, im not. Obviously its not obvious. :lol

 

[bengraven]

I'm assuming they will be software based...and that's not good.

 

[FLEABttn]

Heres how you solve the problem. Make the code the authenticator generates bullshit. Any code will work. Therefore nobody will have problems to call about.. they just think they typed it in perfect every time.

This prevents the cost of man hours spent on fixing hacked accounts how? If the authenticator literally did nothing, not only is that lawsuit worthy, but it wouldn't prevent me from contacting their customer service, and then have them spend god knows how many hours trying to rectify the problem. Now multiply that out times however many people get hacked and contact customer service, and you've found a delightful way to lose money.

 

[Bregor]

Heres how you solve the problem. Make the code the authenticator generates bullshit. Any code will work. Therefore nobody will have problems to call about.. they just think they typed it in perfect every time.

You don't get it. Every time that a players account is hacked they contact a GM and the customer service department has to spend many man hours verifying that the account was hacked and restoring the lost gear.

Hacked accounts mean Blizzard loses money.

 

[Sciz]

The authenticator is $6.50 on the Blizzard store. They probably leak people passwords and login info to get people in panic so they can rebuy the account and then buy a $6.50 authenticator. :lol

Blizzard has to buy them from a manufacturer, and they waive shipping now. There's no profit for them anywhere in this situation, never has been.


Interesting to compare how Blizzard is responding to the situation compared to how Jagex handled a similar one. Runescape wasn't having trouble with accounts being stolen outright, but people were having their credit card information swiped and used to register accounts to gold farm with. Jagex finally solved the problem by changing the game mechanics so that selling gold was impossible.

 

[Acidote]

The shipping has been made free to my knowledge.

That's nice, might get one when I renew my subscription.

 

[Bisnic]

I've been playing this game for 4 years now, never played WoW on another computer than mine, never went to any obscure websites or responding to emails coming from blzzard-net.com or crap like this or got any serious spywares or virus on my computer, and never got hacked. So i never saw the use to buy an authenticator.

But.. i would be lying if i said all these stories don't make me nervous. :lol

 

[JWong]

I have an authenticator, and it's awesome.

Quickly snapped one up because someone or something spontaneously changed my blizz password. My friend even got it worse. Her account had the password change almost every hour, and the thieves used her account to spam trojan sites on the forums.

The shipping has been made free to my knowledge.

Only in the states... and I think Korea.

Cost me 10 bucks shipping for Canada.

 

[FLEABttn]

I've been playing this game for 4 years now, never played WoW on another computer than mine, never went to any obscure websites or responding to emails coming from blzzard-net.com or crap like this or got any serious spywares or virus on my computer, and never got hacked. So i never saw the use to buy an authenticator.

But.. i would be lying if i said all these stories don't make me nervous. :lol

If you're running flash, you're at risk. Non-obscure website can miss flash-based trojans and can accidently run an ad infected with them.

An authenticator removes virtually any chance of a keylogger wrecking your account. The only somewhat viable authenticator loophole is social engineering (so when someone says they'll sell you trading card loot for like 1000g, avoid it. They're trying to jack your account).

 

[Shrennin]

It's from a Blizzard domain. Or it looks like it. I think it may just some ridiculous flaw in Hotmail's name display system. I can see how people would be fooled. But I know it's not legit because I don't have an account on that e-mail address and it's asking questions they're not supposed to ask.

Yup, Blizzard NEVER asks for your password - usually to verify an account they'll ask for your secret answer.

 

[Bisnic]

But how does the authenticator works? It generates 1 random number that you will use until you stop playing? Or do you have to use a different number everytime you have to log on?

I sure hope that if it's a different number everytime that it's not something super long like 20 characters. :lol

 

[Shrennin]

But how does the authenticator works? It generates 1 random number that you will use until you stop playing? Or do you have to use a different number everytime you have to log on?

You have to use a different number each time you log on - a randomly generated one.

 

[JWong]

Yup, Blizzard NEVER asks for your password - usually to verify an account they'll ask for your secret answer.

Or if you forget that, they will ask for your CD Key as a last resort. 8)

But how does the authenticator works? It generates 1 random number that you will use until you stop playing? Or do you have to use a different number everytime you have to log on?

I sure hope that if it's a different number everytime that it's not something super long like 20 characters. :lol

It generates a random number based on the time, and whatever Blizzard has tracking the authenticators will know what number it is by generating the same code and matching it to the serial number on the back.

 

[Lenardo]

TALKING to a gm he was amazed at when my account for wow was actually made...

he was like, there is no way your account was made in 2003 there has to be something wrong, i replied, i started playing during the F&F alpha, if you want i could fax you the NDA i signed to get my account (i played everquest on the same server & grouped with on occasion - rob pardo, jeff kaplan & Other blizzard employees were on the server as well- of course at the time i didn't KNOW that)

 

[Hari Seldon]

EDIT: Nvm, they are only $6.50 lol. No big deal.

 

[JWong]

TALKING to a gm he was amazed at when my account for wow was actually made...

he was like, there is no way your account was made in 2003 there has to be something wrong, i replied, i started playing during the F&F alpha, if you want i could fax you the NDA i signed to get my account (i played everquest on the same server & grouped with on occasion - rob pardo, jeff kaplan & Other blizzard employees were on the server as well- of course at the time i didn't KNOW that)

I don't believe you either.... 8D

 

[Shrennin]

Or if you forget that, they will ask for your CD Key as a last resort. 8)

Yup, and another point: In the case of fishy Blizzard emails - before you respond, you could always send Blizzard a copy of the email through Blizzard's site on their homepage. Of course, they'll probably look at it and respond with: A Blizzard employee will never ask for your password (TM).

 

[Spire]

The account hacking situation in WoW is pretty damn crazy, everyone I know (including myself) has been hacked at least once. And I'm not sure authenticators would even help the problem. The top warlock in my guild got hacked just yesterday and he uses an authenticator, I also know some servicemen that use authenticators and they have all been hacked as well since buying them. They were all pretty fucking furious, since they paid Blizzard for something that essentially did nothing.