Wilhem2451's made some intersting posts over at the Ancient Gaming Noob recently about WoW account hacking. The problem appears to be absolutely massive with Wilhelm's back of envelope calculation suggesting that up to a quarter of accounts may have been hacked. I naively assumed that all hacking was due to people falling for phising scams or being otherwise promiscuous with their passwords but a commenter on Wilhelm's blog opened my eyes when they pointed out that after a major web forum (to which I subscribe) was recently hacked a lot of users subsequently had their WoW accounts hacked using the same usernames and passwords. It appears that WoW is now on the the goto list for purchasers of illicit usernames and passwords so if you get hacked anywhere you can bet that your user details will be tried out on WoW next.
This was brought home to me recently when I got a WoW phishing email addressed to my runes of magic account. In an unusual for me fit of security consciousness I set up a separate email alias for Runes of Magic and I have never used it anywhere other than to log into the game. The phishing attempt was crude but how the hell did these people get that email address?
I know we have long been warned to use separate usernames and passwords for every website but how many of us do?
This was brought home to me recently when I got a WoW phishing email addressed to my runes of magic account. In an unusual for me fit of security consciousness I set up a separate email alias for Runes of Magic and I have never used it anywhere other than to log into the game. The phishing attempt was crude but how the hell did these people get that email address?
I know we have long been warned to use separate usernames and passwords for every website but how many of us do?
Comments
Indeed. I've received three phishing WoW emails to my filter email in the last few days. That email was never used for anything other than a trial account four years ago.
I almost wonder if these spammers/phishers are just carpet bombing hotmail email addresses, sending them out to one and all in the hopes that some fall on fertile soil.
I think this because other emails I've used for other past WoW trials don't get those phishing emails, and the one I used for my "real" account (for all of a month) hasn't received phishing spam either. Maybe my mild online paranoia paid off there. (And yes, where possible, I use different emails, passwords and such. Sometimes, I have to write 'em down to keep everything straight, though.)
That said, I still have not yet received any phishing emails in my WoW-only email account. When I do, I'll know for sure that it's Blizzard themselves who have a security leak.
My third account used a separate email used only for WoW, and that account still gets at least 10 phishing attempts in that email per day. PER DAY! There are literally thousands of these emails, that's all that's in the account!
Besides that, I also started pasting my password at the login screen (I have it typed in a .txt document hidden in a whole paragraph of text), stayed away from the forums, and stayed paranoid as hell, and I managed to avoid having that one stolen from me. Thus far....