The Daily Grind: What would you do if your account were compromised?

by Jef Reahard on Dec 17th 2010 8:00AM

Culture, MMO industry, Opinion, The Daily Grind, Miscellaneous

There's no denying that MMORPG security issues are on the rise and have been for several years now. As more people flood into the MMO space, script kiddies and social engineers naturally have more targets. Account compromises aren't always the result of end-user ignorance either, as several of us know computer-savvy folks who've logged into their favorite game to find their characters stripped (or haven't been able to log in at all).

Some game companies are fighting back, notably Blizzard with its World of Warcraft authenticators and NCsoft with its new Aion PIN system (which basically amounts to a second password). That said, ladies and gents, today's Daily Grind is more concerned with you. Specifically, what would you do (or have you done) if your account were compromised?

Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!

Reader Comments (28)

I'm not sure I understand the question. Contact customer support and get them to recover my account. What else am I supposed to do? (

I recently had my battlenet account hacked. Now, I hadn't touched WoW at this point since the Cataclysm beta (after playing it I knew I was done with WoW for good) but I got an email asking me to confirm a password change. They'd put refer a friend gametime on my account, so when I got control of the account back I managed to log in and see that they'd stripped my two "geared" characters and deleted a fresh 80. I logged back out because, you know, I didn't want to play WoW anyway.

Two days later, my account got hacked again. Unbelievable. Poor guys would have logged in to naked characters though.

easy...take it as divine will and cancel the subscription.

right, never happened to me, but i'm guessing the only thing to do is either quit the game or contact customer support and get the GMs to investigate and fix the theft

My WoW account was compromised a few months ago. I've no idea where I got the keylogger - I only visit respectable porn sites after all. =)

What did I do? Reset my password, asked Blizz to restore my stuff (which they did with surprising speed, I must say) and got an authenticator.

My advice to anyone reading this: get an authenticator. Go, do it now. The mobile version costs just $1, your peace of mind is worth way more. =)

Last year my friend rings me up and tells me my char in wow is logged in and he had sent me a tell but got no reply.

So strait away i began to look how to sort this out, and i must say blizzard have a pretty strong system set up for this.

I managed to change the password, then had to email blizzard telling them what had happened and sending them a pic of my id to prove who i was. Think it was just under a week i had my account back.

But i must say i kinda have to be thankful to the person that hacked my account :P
Before it got hacked i had very little gold left on my chars,but after getting back my account and logging in to 14 pages of mail of items that the hacker had sold for his gold farming. Then selling the items again i had 3k g.

So at the end of the day it was kinda a good thing my account got hacked as in the long run it helped my out more then it hindered me :D

What can we do other than contact the game company and try to verified our account?

I logged in to Guild Wars and found some of my characters naked in the character select screen. I thought i must have been hacked and my characters armors were salvaged for runes and everything else was probably taken too. This was happening around the time GW/NCsoft was having security issues, a year or so back? Before you needed to enter a character name to log in.

Anyway I began screaming in my head, and after what was seemed like the longest loading screen ever , i found my character in GToB, his armor intact and all his stuff in his inventory. Phew. Turns out it was just a weird bug, everything was fine in the char select screen later.

But there's what i'd do if i was hacked - scream. :)

That all depends on the game in question ..... I'm sure I have a hand full of accounts chocked full of random crap from games I don't give two shakes about anymore. That in all honesty I probably wouldn't even notice if they were compromised.

Hell as it is I get about 10 spam phishing emails a day because I have an old WoW account or two that I havn't bothered with since well before WoWs first expansion. Probably wouldn't care if it was obsconded with if it stopped the phishing spam .... but it wouldn't.

I've only ever had one game account compromised and that was AION.

What did I do ? Well I contacted the support team and it took them about 4 days to change my passwords and send the details through to an alternative email address. I also ended up changing the passwords on every single online thing I do, games, online banking, email accounts, everything was changed and it was a right pain but I thought it better to be safe than sorry.

It also wasn't a case of me using the same single password for everything, but I must admit that I tend to stick to the same 3 or 4 passwords for everything, I also don't use 'easy' passwords like my name or 'letmein123' etc. My suspicion was that I had made a crucial mistake of signing up to a well known AION fansite using the same username and password that I used to get in the game (In retrospect this was very stupid), I believe this sites user details later became compromised and that's how they got my details, so in that respect it taught me a very good lesson in not using the same login details for the game on anything else.

More long term, it also soured my enjoyment of the game, within 2 weeks of it happening I found that I couldn't enjoy the game because I was constantly wondering if it would happen again, what other details might these people have obtained etc. In the end I cancelled my AION account and haven't gone back since.

Oddly I have had 2 accounts compromised in the past, both thankfully inactive at the time and no longer used, one World of Warcraft and the other a City of Heroes. I have no idea what damage was done to both I assume both were totally looted but I didn't play either game anymore have any intention of doing so again so from a game angle I wasn't worried. What did worry me however was my private and payment details were potentially accessed as Identity theft etc.. i this day and age is on the rise ina big way.

In both instance I discovered it after being sent notifications my passwords had been changed, which obviously I had not done. In short order I contacted the companies involved and reported that my inactive accounts had been compromised and in short order both were re-secured very quickly and brought back under my control.

It annoys me that it can happen and really drives home the notion of adequate computer security and the net result of the experience has been something of mild paranoia regarding it. I now have multiple layers of security in place and my computer is scoured daily for a variety of potential threats that could possibly compromise it in the future.

Once bitten, twice shy and all that.

Albiet I dont play WoW anymore....
If my WoW account got hacked...
I'd still be pretty PO'd....
It's not the armor I gathered...
nor all the crafting supplies...
It's all the MINI PETS that I would have lost!!!!
Authenticators are a wonderful thing.
even though those can be hacked too.
I still feel safer know that my account is safer with it than without it

I had my inactive WoW account hacked months ago during some database leak that affected a bunch of people. Blizzard really didn't want to work with me, and the hackers took the time to also break into my email for the recovery steps. (No, they didn't share the same password.) I threw my hands up and stopped caring, I wasn't going back anyways.

Now if my City of Heroes account got hacked, I'd fight that to the extreme. But I'm still playing, so there ya go.

Well, I contacted Blizzard and let them know "Hey. My account's been hacked" but because I was not subscribed and not a paying customer at the time, they treated it as just meh, blamed me and said if it happened again, they wouldn't do anything about it. It took about three weeks in full to fully get resolved and I had to buy an authenticator to protect my account from both hackers AND Blizz. I have one, but I feel the authenticator is just Blizz being lazy about trying to actively protect their users accounts and information. (Sidenote... my credit card not long ago was stolen through my iTunes account because Apple's servers were hacked... I'm pretty sure not all of these hacks are the users fault and Blizz most likely has been hacked a number of times, but good luck getting them to admit it. If you value your account/passwords at all... get an authenticator. It'll protect you from both Blizz AND hackers...)

@Ocho

"Sidenote... my credit card not long ago was stolen through my iTunes account because Apple's servers were hacked... I'm pretty sure not all of these hacks are the users fault and Blizz most likely has been hacked a number of times, but good luck getting them to admit it"

Frankly, if Blizzard's servers were that easily compromised, I suspect they'd do MUCH worse than just swipe account info.

Also, I'm not a lawyer but aren't they legally required to disclose security compromises that result in personal information being leaked?

@Eamil

I'm not sure about the laws, but if every time someone's personal information was stolen it had to be warned, my guess is we'd be hearing about it a LOT more than we do now. Gizmodo was recently hacked, and they put out an article and help requests, but when Apple was hacked and I was affected, I found an article written about the incident, but there was NOTHING from Apple warning iTunes customers about the leak (to be fully honest, my iTunes account was NOT hacked. My credit card information was taken from their databases. So my account was not compromised.), so if they didn't have to, my guess is there is no strict law about it.

But really, the rash of account thefts is too big to be true. Are you really telling me that every single person out there who has had their accounts stolen is simply from a keylogger/trojan or phishing scam? That all of the tech savvy people I know who know better are still dumb enough to fall for scams or not know when their system is infected? These sort of scams/trojans catch fewer people and the amount of people compromised compared to that just doesn't add up.

Although, I would totally have agreed with you prior to my account being compromised, more blaming the end-user. But in this day, its not just the users being targeted.

@Ocho You gotta know that "Blizzard's database got hacked" is a hard sell. On the other hand, fansites get hacked all the time, and yes people are foolish enough to use identical emails for both Battle.net and related fansites. And yes other people are just dedicated enough to try those emails and passwords against Battle.net, among other things.

The NCsoft "security issues" someone above mentioned were the same thing -- an Aion fansite was hacked, and those emails were used for phishing and for brute forcing across several of NCsoft's games. It's a different kind of user-error than using 123456 as your password or getting keylogged for sure, but it's still user-error.

I've never been hacked personally, but several of my guildies have been in WoW (leading to our guild vault being compromised too). Blizzard has been nothing but prompt and polite and helpful, honestly. Kind of a shock!

@Brianna Royce

I tried Aion for a week or two and then decided it wasn't the game for me. I let my free month run out and never looked back.

Fast forward a month or so, and I received an e-mail from NCSoft saying my Aion account had been compromised. The account that had been closed. Someone had stolen it and paid for a month's playing time. I replied to the mail (which contained no links, by the way) and a back-and-forth ensued. The NCSoft rep changed my NCSoft main account password and I managed to get in and change it to something else. I checked Guild Wars, which I hadn't played in a while, and fortunately nothing had happened to it. Neither had anything happened to my CoX account. Only Aion was affected.

And I never, ever visited, let alone subscribed to, any Aion fansite.

A thorough scan of my machine found nothing suspicious.

A while later I resubbed to WoW, after not having played it for almost a year. I was hoping to get the spark back for Cataclysm. I logged in, did a few dailies, chatted with an ex-guildie and then logged out again. Didn't log back in for a week or two because of work. Summer started and I found myself with some extra time on my hands, so I wanted to get some good WoW time in. I logged in, only to find out I couldn't. Someone had stolen my account and slapped an authenticator onto it.

I contacted Blizzard and the following day my account was reinstated, and by the next day I had all my stuff back.

Again, a thorough check came up with nothing suspicious on my machine.

Of course this was after Blizzard changed the log-in name to the e-mail address. In my five years of actively playing WoW, I hadn't been "hacked" once.

Obviously, there are ignorant and stupid people, sharing account details and not having taken proper security measures. Some of those will get their accounts compromised.

But there are also people who, though no IT-professionals, are computer-savvy enough to know not to do certain things. I'd like to think I'm in the latter group. But I did become a victim of account theft, twice in the same year.

NCSoft had a security problem. They only admitted it after the shit had well and truly hit the fan. But they started out by blaming the victims. If it can happen to them, it can happen to Blizzard. People aren't perfect, but neither are big companies.

I contacted Turbine and waited an insanely long time for them to research the issue and replace my lost loot with coin. They didn't just undo the theft, though, and considering what the thief took from one of my house chests, I still lost money on the deal. Took me a month after the recovery before I was even in the mood to play again. I was angrier at Turbine for not undoing the damage (and for implying that the problem had to be on my end, no way could it be a compromise on theirs, uh uh no way) than I was at the thief.

My wow account was hacked into 2 weeks ago. I don't even play the game anymore so it was actually kind of funny to see.

I changed my bnet account's address and password for everything else to make sure it doesn't happen again. Going to keep my account status locked so it doesn't happen again.

I only played WoW for a total of 3 months earlier this spring. A couple weeks in my account was hacked. No I'm stupid enough to visit one of the fake account sites and I don't have a key logger or anything on my PC and I installed no UI addons. But regardless of how they got my info, I installed the authenticator app on my iPhone and all that eliminated any problems completely.

Moral of the story is that getting your WoW account hacked doesn't always mean its you. I am positive they got my info from hacking Blizzard. Oh, and use the authenticator.

| 1 | 2 | Most Recent | Next 20 Comments

The Daily Grind: What would you do if your account were compromised?

Reader Comments (28)

Posted: Dec 17th 2010 8:23AM Eamil said

Posted: Dec 17th 2010 8:23AM goatfoam said

Posted: Dec 17th 2010 8:23AM Xilmar said

Posted: Dec 17th 2010 8:24AM (Unverified) said

Posted: Dec 17th 2010 8:27AM Aodhkin said

Posted: Dec 17th 2010 8:33AM Channel84 said

Posted: Dec 17th 2010 8:52AM Dumac said

Posted: Dec 17th 2010 9:01AM Scuffles said

Posted: Dec 17th 2010 9:05AM markt50 said

Posted: Dec 17th 2010 9:09AM NeoWolfen said

Posted: Dec 17th 2010 9:11AM mttgamer said

Posted: Dec 17th 2010 9:30AM Shirogetsune said

Posted: Dec 17th 2010 9:47AM Ocho said

Posted: Dec 17th 2010 10:36AM Eamil said

Posted: Dec 17th 2010 1:05PM Ocho said

Posted: Dec 17th 2010 2:22PM Brianna Royce said

Posted: Dec 17th 2010 7:16PM Lenn said

Posted: Dec 17th 2010 10:12AM DeadlyAccurate said

Posted: Dec 17th 2010 11:04AM (Unverified) said

Posted: Dec 17th 2010 11:26AM drakon said

Info

Description

MSRP

Release Date

Genre

Developer

Publisher

Rating

Breaking News

The Secret World launch delayed to July 3rd

Featured Stories

The Mog Log: The Legacy rewards and what they mean

The Tattered Notebook: The passing of Ribbitribbitt

The Firing Line: PlanetSide 2's Matt Higby on the MMOFPS revolution

Engadget

Joystiq

WoW

TUAW