WoW: Account hacked, inexplicable actions of farmers

My dormant battlenet account got hacked last week (and no, I didn't have an authenticator). I don't know what method they used to get in, and I probably never will. But what's perplexing is what they did after they got in.

Here is one of the characters. He'd just dinged 80, and they took certain items but not others. I don't think the items were very valuable, but why didn't they vendor all of them? Why did they sell only some and not others?

I'd check on the email account associated with the account, and change the password associated with that too.

Funkenpants wrote:

(and no, I didn't have an authenticator)

If you value your bnet account, get one if you can.

Oh, I'm adding an authenticator. I just don't understand why they didn't sell all the gear if they want to maximize the gold they got out of the account.

That's odd as hell, Funken.

When my son got his account back after getting hacked, he had a whole bunch of Frostweave and various other farmed goods. Turns out the hacker kept the toon more or less intact to use it for farming. I guess the hacker was hoping that my son had abandoned or neglected the account, though that wasn't the case.

I figured yours might have been the same deal until I noticed your mining skill was a little, ah, low.

I'm baffled.

P.S. You might also want to give your PC a good cleaning before you play again. Sorry you got hacked.

The other high level toon on the account is here. Same thing. They used it a bit, but didn't sell everything. The account went inactive in early Feb., and within a few weeks they paid $15 to reactivate it.

Also, I think I'll take the advice and nuke the machine from orbit.

Funken, did you check all servers for characters? I got my account hacked after months of not using it as well. I was going to shrug it off as I didn't play and didn't care. Thanks to my friends not leaving me alone and bugging me to get my account back, I did. Turns out the farmers (I call him my farmer friend) left just over 5k on the account and a boatload of netherweave cloth (2k or so pieces). I also had a ton of Halloween events done, my Kharazan rep maxed (which I never did as I was in the process of doing the key quest for fun), and got me a lot of battleground achievements.

Obviously I never will find out what was going on but I don't really care, it worked out well for me!

Funkenpants wrote:

Oh, I'm adding an authenticator. I just don't understand why they didn't sell all the gear if they want to maximize the gold they got out of the account.

They run scripts to sell items that move quickly, they tend to avoid low selling items as every second spent they could lose that account to the owner or Blizz will lock it. I'd assume that they xref the databases for value amount to vendors and exclude low cost items. Rest assured that thing are changing and it's gonna get even harder for them to hack accounts.

Put a ticket in and got the characters restored within about 48 hours. Blizzard customer service really is top notch.

Not to hijack too much but would a game account be safer if some credit card like protections were added? I'm thinking some things to trigger red flags like

-IP change to another country
-You sell 80% of the total value of your items
-You attempt to send a high percentage of your available gold somewhere else

Blizzard can clearly track these things, why don't they just set a group of conditions that will put a temporary lock on your account when extreme actions occur while they verify the real owner is behind them?

I have seen a couple do two of those things you posted because they were deleting their toons and giving gold to either a person(s) or their guild before dropping WoW from their life. So I am not sure having Blizz set up something like that would work out to well.

Right, there are rare, legitimate excuses but that has to be like 1% of all cases. I'm thinking like a simple email verification so the hacker has to get your email too (which isnt something that you dont want to encourage, but it should be sufficient for most cases.)

polypusher wrote:

Right, there are rare, legitimate excuses but that has to be like 1% of all cases. I'm thinking like a simple email verification so the hacker has to get your email too (which isnt something that you dont want to encourage, but it should be sufficient for most cases.)

But that is just the thing your email is your Bnet account username. So he would already have that and would have changed it to his own before you realized what happened.

You get a warning whenever someone has changed your password or e-mail. What the guys who hacked me did was leave the password alone so I didn't get a notice of a major change in my account. They then slapped on an authenticator to prevent me from getting into the account at all. It helped that I wasn't an active player, and I'm wondering if they knew that, too.

That's easy enough to find out, assuming you have more than 1 toon in the same guild. A quick Last Online check of your other characters and they know if you're active or not.

I just got hacked, and apparently they *added* an authenticator, which I didn't have before.

EDIT: Skimmed. Pretty much the same thing happened to me that happened to Funken. Hadn't played in a while, thieves added an authenticator and sold gold on my account. Didn't find out until Blizzard shut the account down.

polypusher wrote:

Not to hijack too much but would a game account be safer if some credit card like protections were added? I'm thinking some things to trigger red flags like

-IP change to another country
-You sell 80% of the total value of your items
-You attempt to send a high percentage of your available gold somewhere else

Blizzard can clearly track these things, why don't they just set a group of conditions that will put a temporary lock on your account when extreme actions occur while they verify the real owner is behind them?

They do. People have been banned for large gold transactions, and even multiple people logging in (= different IPs).
The hackers probably don't care though, as long as their first transactions go through, it doesn't matter as much that the account gets closed down a while later.

Mine got jacked last night. I haven't played in 6 months or so and had decided im not interested in playing anymore. Luckily a friend of mine saw my toon log in and tried to send me some tells but I never answered so he contacted me to see if it really was me on last night. I was lucky he happened to be on because I was able to change the password back on the account and of course then changed my associated email password as well. What I havent decided is if I really want to log in and see what happened to my toons because I really have no intrest in playing again and it has been long enough I dont remember what gear or cash I had on my main much less alts.

Mine got hacked last night too. I was at work when my housemate notices that I was online. When I got home, the miscreant had added an authenticator to my account. Blizzard blocked it and restored my items and gold today, and I'm just waiting for the final email from Blizz to let me know things are back to normal. I have to say, I'm impressed with their service, all in all.

I was reading an article about hackers getting a username and then cracking the password using brute force attacks. Is it not possible for Blizzard to set up a system where repeated entries of invalid passwords over a short period of time triggers locks the account and sends out a notice to the account holder of a potential security breach?

Funkenpants wrote:

I was reading an article about hackers getting a username and then cracking the password using brute force attacks. Is it not possible for Blizzard to set up a system where repeated entries of invalid passwords over a short period of time triggers locks the account and sends out a notice to the account holder of a potential security breach?

I really wish they would implement something like that because the hackers are taking these accounts w/o us ever knowing unless we get lucky and someone we know see's our toon online and tells us. It doesn't seem like it would be very difficult to do something like this.