Wilhem2451's made some intersting posts over at the Ancient Gaming Noob recently about WoW account hacking. The problem appears to be absolutely massive with Wilhelm's back of envelope calculation suggesting that up to a quarter of accounts may have been hacked. I naively assumed that all hacking was due to people falling for phising scams or being otherwise promiscuous with their passwords but a commenter on Wilhelm's blog opened my eyes when they pointed out that after a major web forum (to which I subscribe) was recently hacked a lot of users subsequently had their WoW accounts hacked using the same usernames and passwords. It appears that WoW is now on the the goto list for purchasers of illicit usernames and passwords so if you get hacked anywhere you can bet that your user details will be tried out on WoW next.
This was brought home to me recently when I got a WoW phishing email addressed to my runes of magic account. In an unusual for me fit of security consciousness I set up a separate email alias for Runes of Magic and I have never used it anywhere other than to log into the game. The phishing attempt was crude but how the hell did these people get that email address?
I know we have long been warned to use separate usernames and passwords for every website but how many of us do?