![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
pauraque_bkI had the very annoying experience yesterday of my WoW account being hacked into. It's all more or less straightened out now, but it was a big stressful hassle.
I remember a few years ago, my dad read an article about gold selling and asked me how it worked (I guess the article wasn't clear). At the time, it worked like this: Some people in the game are too lazy to do the normal stuff you do to make gold. Blizzard doesn't sell gold. So some people made a business of making lots of gold (usually by setting up bots to perform repetitive tasks like killing creatures that drop valuable items), selling it on an outside web site, and then delivering it to the buyer in-game.
That's how it used to work. You'd see the bots occasionally and know what they were doing, and you'd report them, and that was it.
Things seemed to change around the time Blizzard started allowing server transfers (moving characters to a new server to play with different people), which I guess made it more efficient to generate gold by hacking accounts rather than using bots.
Now this is how it works: I picked up malware from a web site, probably while using Internet Explorer a couple of days ago because a site didn't work with Firefox. The malware logged my keystrokes, recording the password to my WoW account and sending it back to a gold selling company. I logged off around 2am, and a couple of hours later while I was asleep, an employee of the gold selling company logged into my account.
He logged into all of my characters to see what they had of value. (We could see this from checking the record of guild log-ins.) He sold everything I had and everything I had access to from my guild's bank and consolidated the gold on one character.
At this point what usually happens is that they transfer the character to another server where a player has ordered gold from their web site and deliver it to them there. This has happened to friends of mine and it would have happened to me eventually, but luckily for me, the guy decided to make some more gold first by playing my character for a while, maybe manually but probably with a bot. (For the expert reader: He ran my pally through BC instances for about 6 hours, DEing and selling the mats.) One of my friends saw my character logged on before he went to work, but didn't think anything of the fact that I didn't say hi.
I got up around 10am, and again luckily, tried to log on first thing in the morning, which I usually don't. Surprise -- my password doesn't work. I go to the lost password page -- no account with that email address. I checked the web site and confirmed that my characters had been stripped. At this point it was obvious I'd been hacked, so I set my virus scanner running and logged on![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
_hannelore's account on her computer to make sure she was still fine (I've logged on her account from this computer before).
Her account was good, and I got the surreal experience of seeing my own character logged on and farming gold. Another friend was online, I told him what was happening, he told me the guild bank had been cleaned out. I was profusely apologetic and embarrassed, but he wasn't mad, just worried. We'd known several people who got hacked before, but he was nice enough to say that if it could happen to me, then it could happen to anyone.
My virus scanner found the keylogger and got rid of it, so I reported the problem on Blizzard's web form and then called them. I was ready to be put on hold for a while, but I was actually talking to a person inside of two minutes, which is damn good for such a big company. The guy I talked to was very nice about it and quickly verified what was going on.
"Oh yeah, your account's been compromised, no question. They changed the password and email address and put an authenticator on it." (An authenticator is a physical device that allows only someone who has it to log into your account. I didn't have one, because I fail.)
So he reset everything, told me to make a completely new email address for my account, and said the staff had already gotten my initial report and were working on restoring the items that had been sold. (He sounded surprised they were already working on it -- I guess it was a slow morning at Blizzard.)
My account was suspended for a few hours while they verified everything and restored most of the items. There were a couple of things I didn't get back (and many things I got back that I didn't want -- I had actually been selling a ton of old junk right before I logged off, and they gave it all back to me, oh well), including something difficult to replace that was of sentimental value, but overall they restored nearly everything very fast and I'm not complaining. They also restored what was taken from the guild bank, along with some stuff the guild leader claimed wasn't there before. Thanks?
Oddly enough, they didn't take away all the gold the hacker made selling the stuff that was restored, so once I got access to the account back and took stock, all told I had profited about 5000 gold from the experience. I tried to give it to the guild leader to put in the bank by way of apology, but he wouldn't take it -- told me to buy myself something nice with my pain and suffering settlement. :P
Other souvenir: To encourage people to buy an authenticator, people who get one also get a special in-game pet. Since the hacker put an authenticator on my account (why? Blizzard could obviously take it off in a second), now I have the pet. I will call him Bandit.
I remember a few years ago, my dad read an article about gold selling and asked me how it worked (I guess the article wasn't clear). At the time, it worked like this: Some people in the game are too lazy to do the normal stuff you do to make gold. Blizzard doesn't sell gold. So some people made a business of making lots of gold (usually by setting up bots to perform repetitive tasks like killing creatures that drop valuable items), selling it on an outside web site, and then delivering it to the buyer in-game.
That's how it used to work. You'd see the bots occasionally and know what they were doing, and you'd report them, and that was it.
Things seemed to change around the time Blizzard started allowing server transfers (moving characters to a new server to play with different people), which I guess made it more efficient to generate gold by hacking accounts rather than using bots.
Now this is how it works: I picked up malware from a web site, probably while using Internet Explorer a couple of days ago because a site didn't work with Firefox. The malware logged my keystrokes, recording the password to my WoW account and sending it back to a gold selling company. I logged off around 2am, and a couple of hours later while I was asleep, an employee of the gold selling company logged into my account.
He logged into all of my characters to see what they had of value. (We could see this from checking the record of guild log-ins.) He sold everything I had and everything I had access to from my guild's bank and consolidated the gold on one character.
At this point what usually happens is that they transfer the character to another server where a player has ordered gold from their web site and deliver it to them there. This has happened to friends of mine and it would have happened to me eventually, but luckily for me, the guy decided to make some more gold first by playing my character for a while, maybe manually but probably with a bot. (For the expert reader: He ran my pally through BC instances for about 6 hours, DEing and selling the mats.) One of my friends saw my character logged on before he went to work, but didn't think anything of the fact that I didn't say hi.
I got up around 10am, and again luckily, tried to log on first thing in the morning, which I usually don't. Surprise -- my password doesn't work. I go to the lost password page -- no account with that email address. I checked the web site and confirmed that my characters had been stripped. At this point it was obvious I'd been hacked, so I set my virus scanner running and logged on
_hannelore's account on her computer to make sure she was still fine (I've logged on her account from this computer before).Her account was good, and I got the surreal experience of seeing my own character logged on and farming gold. Another friend was online, I told him what was happening, he told me the guild bank had been cleaned out. I was profusely apologetic and embarrassed, but he wasn't mad, just worried. We'd known several people who got hacked before, but he was nice enough to say that if it could happen to me, then it could happen to anyone.
My virus scanner found the keylogger and got rid of it, so I reported the problem on Blizzard's web form and then called them. I was ready to be put on hold for a while, but I was actually talking to a person inside of two minutes, which is damn good for such a big company. The guy I talked to was very nice about it and quickly verified what was going on.
"Oh yeah, your account's been compromised, no question. They changed the password and email address and put an authenticator on it." (An authenticator is a physical device that allows only someone who has it to log into your account. I didn't have one, because I fail.)
So he reset everything, told me to make a completely new email address for my account, and said the staff had already gotten my initial report and were working on restoring the items that had been sold. (He sounded surprised they were already working on it -- I guess it was a slow morning at Blizzard.)
My account was suspended for a few hours while they verified everything and restored most of the items. There were a couple of things I didn't get back (and many things I got back that I didn't want -- I had actually been selling a ton of old junk right before I logged off, and they gave it all back to me, oh well), including something difficult to replace that was of sentimental value, but overall they restored nearly everything very fast and I'm not complaining. They also restored what was taken from the guild bank, along with some stuff the guild leader claimed wasn't there before. Thanks?
Oddly enough, they didn't take away all the gold the hacker made selling the stuff that was restored, so once I got access to the account back and took stock, all told I had profited about 5000 gold from the experience. I tried to give it to the guild leader to put in the bank by way of apology, but he wouldn't take it -- told me to buy myself something nice with my pain and suffering settlement. :P
Other souvenir: To encourage people to buy an authenticator, people who get one also get a special in-game pet. Since the hacker put an authenticator on my account (why? Blizzard could obviously take it off in a second), now I have the pet. I will call him Bandit.
