Skip to main content

WoW account hacking and phishing - Some indirect evidence

Wilhem2451's made some intersting posts over at the Ancient Gaming Noob recently about WoW account hacking. The problem appears to be absolutely massive with Wilhelm's back of envelope calculation suggesting that up to a quarter of accounts may have been hacked. I naively assumed that all hacking was due to people falling for phising scams or being otherwise promiscuous with their passwords but a commenter on Wilhelm's blog opened my eyes when they pointed out that after a major web forum (to which I subscribe) was recently hacked a    lot of users subsequently had their WoW accounts hacked using the same usernames and passwords.  It appears that WoW is now on the the goto list for purchasers of illicit usernames and passwords so if you get hacked anywhere you can bet that your user details will be tried out on WoW next.

This was brought home to me recently when I got a WoW phishing email addressed to my runes of magic account. In an unusual for me  fit of security consciousness I set up a separate email alias for Runes of Magic and I have never used it anywhere other than to log into the game. The phishing attempt was crude but how the hell did these people get that email address?

I know we have long been warned to use separate usernames and passwords for every website but how many of us do?

Comments

Tesh said…
"The phishing attempt was crude but how the hell did these people get that email address?"

Indeed. I've received three phishing WoW emails to my filter email in the last few days. That email was never used for anything other than a trial account four years ago.

I almost wonder if these spammers/phishers are just carpet bombing hotmail email addresses, sending them out to one and all in the hopes that some fall on fertile soil.

I think this because other emails I've used for other past WoW trials don't get those phishing emails, and the one I used for my "real" account (for all of a month) hasn't received phishing spam either. Maybe my mild online paranoia paid off there. (And yes, where possible, I use different emails, passwords and such. Sometimes, I have to write 'em down to keep everything straight, though.)
Cap'n John said…
It just lends further credence to my suspicion that someone within Blizzard is selling their customers' email addresses.

That said, I still have not yet received any phishing emails in my WoW-only email account. When I do, I'll know for sure that it's Blizzard themselves who have a security leak.
Anonymous said…
I've lost 2 WoW accounts to hackers/phishers, both of them had several max level characters with lots of time invested. I'm convinced of keyloggers that get your info from the login screen and from the WoW forums.

My third account used a separate email used only for WoW, and that account still gets at least 10 phishing attempts in that email per day. PER DAY! There are literally thousands of these emails, that's all that's in the account!

Besides that, I also started pasting my password at the login screen (I have it typed in a .txt document hidden in a whole paragraph of text), stayed away from the forums, and stayed paranoid as hell, and I managed to avoid having that one stolen from me. Thus far....
mbp said…
@anonymous it sounds like you should look into that security gadget you can get for your Wow account. My wife has one from her work and it seems pretty foolproof. You gave to enter the number on the gadget as well as your password. The number on the gadget changes in some pseudo random sequence so it would be very difficult to guess.

Popular posts from this blog

Android Tip 3: Sharing a Folder between multiple users of an Android device

Android has allowed multiple user logins for quite a while now. This is can be very useful for tablets which are shared by family members. Normally Android erects strict Chinese walls between users preventing them from using each others apps and viewing each others files. This is a useful security feature and ensures your kids don't mess up your work spreadsheets when screwing around on the tablet and should also prevent them from buying €1,000 worth of Clash of Candy coins on your account. Sometimes however you really do want to share stuff with other users and this can prove surprisingly difficult. For example on a recent holiday I realised that I wanted to share a folder full of travel documents with my wife. Here are some ways to achieve this. 1. If you have guaranteed internet access  then you can create a shared folder on either Dropbox or Google drive. Either of these has the great advantage of being able to access the files on any device and the great disadvantage of bein...

Portal 2 two screen coop on one PC.

I mentioned before that I intended to try Portal 2 in "unofficial split screen co-op mode. Well split screen on a small computer monitor is a recipe for a headache especially when the game defies gravity as much as portal. However a minor bit of extra fiddling allowed us to drive two seperate screens from one PC. The Steam forums describes a complicated method of doing this that I couldn't get working so this simpler method which worked for me might be of use to someone. 1. First I followed the instructions in this post to get split screen multi-player working: http://forums.steampowered.com/forums/showthread.php?t=1847904 A minor issue not mentioned is that you need to enable the console from the keyboard/mouse options menu I am using keyboard and one wired Xbox360 controller as suggested. Getting the controller to switch to channel 2 was tricky at first but as Chameleon8 mentions plugging it out and in again during loading works. The trick for me was to do the plug / p...

Lotro: The Forgotten Treasury

Throg joined a Kinship group for the Forgotten Treasury instance last night. It was an enjoyable change from the solo questing that the now level 55 dwarf champion has been mostly doing so far in Moria. Some members of the group had tried and failed to clear the Treasury before so we knew it would be challenging but we were lucky enough to have a well balanced group with Guardian, Minstrel, Lore Master, Hunter, Burglar and Champion (Throg). Throg (level 55) and the minstrel (53) were both below the 56ish level of the instance but the others were all higher so it more or less balanced out. [SPOILERs ahead] It is a well designed enjoyable instance set in a circular chamber with balcony around. As you enter, a boss absconds to a locked side chamber with his treasure leaving the fellowship to clear trash ringed around the balcony. Once the trash are cleared you have access to a puzzle which must be solved in order to open the locked door. Clearing the (including six mini bosses) also get...