I got quite a shock when I logged into my account last night to find my bank mule, Maersk no longer on my account. Also missing in action, was my Druid alt, Honorsclaw.
I logged into Honorshammer. He was just outside of the Shadow Labs in some weird assortment of gear. ZA DPS Plate Chest, Season 2 Gloves, Teir 4 Helm and Shoulders, 2.3 Badge Pants and Boots.
He had 16g to his name. In his bags were his Epic Engineering Helicopter, a Hearthstone, and 2 Super Mana Pots. I hearthed him back to Shattrah, and found an empty bank. Well not completely empty. Whoever had been in my account had left his some Obisidan Warbeads, Oshu'gun Crystal Powder, his Holy Mightstone, all of his PVP tokens (WSG, AV, AB, EotS), the Singed Page I kept from the first time I main tanked Prince into the ground, and all 201 Badges of Justice that I had been saving up. They had also abandoned everyone of Honorshammer's quests.
My Hunter was out of gold, he had all his regular gear on. His bags were emptied. Some of my lower level alts were basically untouched. Why they chose to delete my poor 23 Druid, but left my 65 Hunter alone is beyond me. And what in blue blazes were they doing with me in Shadow Labs?
Somehow, someway, someone had gotten into my account. I was very upset.
I logged into the Account Management screen and changed my password. Then I changed it again about an hour later. Then right before I went to bed I changed it again using the onscreen keyboard that comes with Windows.
I started scanning my hard drive with everything I could think of. I tried McAfee Virus Scan, Lavasoft's AdAware and Safer Networking's Spybot Search and Destroy. All these wonderful tools could find were some ordinary tracking cookies. I've been told that the keylogger may have deleted itself once it delivered its sensitive payload. If it's still there it's hiding itself well.
I contacted a GM and they are beginning an investigation.
My guild has been really cool. Several people in my guild have offered gems and gold to help get ole Honorshammer back on his feet. We can remake the Frost Gear for Hydross. Whether or not I get my gear back is up to Blizzard. I know I can make the gold back eventually, I'm not worried about it.
The hardest part of last night was reading GChat as they struggled with a Gruul's/Mag run. If I had had my stuff, I know I could have helped them. But there I sat in Shattrah.
Crittable. Crushable. Useless.
I felt like Popeye without his spinach, Superman without his cape, Batman without his gizmos, Spidey without his webs.
Everything was right as rain 1am on Sunday Morning, after I logged out following our Mt Hyjal trash party. By 8pm Sunday night, not even 24 hours later,the deed was done.
I'm left with the very perplexing question of how these crooks got my account information.
I consider myself pretty computer savvy. Most people in my circle of friends would come to me in a time like this, but here I am without any ideas. My computer is not safe anymore. That's a very uncomfortable feeling.
One person on this earth knew my password, my buddy, AoesRus. I trust him implicitly. I would have given him anything on that account, and I have access to his account as well. It's possible the thieves got my information off his computer, but his own character was untouched, so that kind of downgrades that as a possible explanation in my mind.
Others have pointed to Wowhead.com, a site that I use quite a bit as a possible culprit. I'm not sure how a website could get my log in credentials.
I've been advised by other players to use a copy/paste method of inputting my password, but I've been told by others that the keyloggers can figure that out.
What I have to do is find out how they got me so I can stop it from happening again. Right now, I don't have any good ideas. Otherwise it won't matter if Blizzard restores my epics or not, it'll just be a matter of time before they hit me again.