HACKED!
I got quite a shock when I logged into my account last night to find my bank mule, Maersk no longer on my account. Also missing in action, was my Druid alt, Honorsclaw.
I logged into Honorshammer. He was just outside of the Shadow Labs in some weird assortment of gear. ZA DPS Plate Chest, Season 2 Gloves, Teir 4 Helm and Shoulders, 2.3 Badge Pants and Boots.
He had 16g to his name. In his bags were his Epic Engineering Helicopter, a Hearthstone, and 2 Super Mana Pots. I hearthed him back to Shattrah, and found an empty bank. Well not completely empty. Whoever had been in my account had left his some Obisidan Warbeads, Oshu'gun Crystal Powder, his Holy Mightstone, all of his PVP tokens (WSG, AV, AB, EotS), the Singed Page I kept from the first time I main tanked Prince into the ground, and all 201 Badges of Justice that I had been saving up. They had also abandoned everyone of Honorshammer's quests.
My Hunter was out of gold, he had all his regular gear on. His bags were emptied. Some of my lower level alts were basically untouched. Why they chose to delete my poor 23 Druid, but left my 65 Hunter alone is beyond me. And what in blue blazes were they doing with me in Shadow Labs?
Somehow, someway, someone had gotten into my account. I was very upset.
I logged into the Account Management screen and changed my password. Then I changed it again about an hour later. Then right before I went to bed I changed it again using the onscreen keyboard that comes with Windows.
I started scanning my hard drive with everything I could think of. I tried McAfee Virus Scan, Lavasoft's AdAware and Safer Networking's Spybot Search and Destroy. All these wonderful tools could find were some ordinary tracking cookies. I've been told that the keylogger may have deleted itself once it delivered its sensitive payload. If it's still there it's hiding itself well.
I contacted a GM and they are beginning an investigation.
My guild has been really cool. Several people in my guild have offered gems and gold to help get ole Honorshammer back on his feet. We can remake the Frost Gear for Hydross. Whether or not I get my gear back is up to Blizzard. I know I can make the gold back eventually, I'm not worried about it.
The hardest part of last night was reading GChat as they struggled with a Gruul's/Mag run. If I had had my stuff, I know I could have helped them. But there I sat in Shattrah.
Crittable. Crushable. Useless.
I felt like Popeye without his spinach, Superman without his cape, Batman without his gizmos, Spidey without his webs.
Everything was right as rain 1am on Sunday Morning, after I logged out following our Mt Hyjal trash party. By 8pm Sunday night, not even 24 hours later,the deed was done.
I'm left with the very perplexing question of how these crooks got my account information.
I consider myself pretty computer savvy. Most people in my circle of friends would come to me in a time like this, but here I am without any ideas. My computer is not safe anymore. That's a very uncomfortable feeling.
One person on this earth knew my password, my buddy, AoesRus. I trust him implicitly. I would have given him anything on that account, and I have access to his account as well. It's possible the thieves got my information off his computer, but his own character was untouched, so that kind of downgrades that as a possible explanation in my mind.
Others have pointed to Wowhead.com, a site that I use quite a bit as a possible culprit. I'm not sure how a website could get my log in credentials.
I've been advised by other players to use a copy/paste method of inputting my password, but I've been told by others that the keyloggers can figure that out.
What I have to do is find out how they got me so I can stop it from happening again. Right now, I don't have any good ideas. Otherwise it won't matter if Blizzard restores my epics or not, it'll just be a matter of time before they hit me again.
Comments
Dude i am so sorry to hear that about your acct!
Do you remember Oakensledge? He had the same thing happen to him, they took less than a week to get his gold/gear back so hopefully you have the same luck.
I wish i knew something helpfull to say about key loggers, i have heard that most people get them installed by clicking on flash banners, but i dont even know how true that is.
Good luck with your account bro.
Blizz got my gear back for me but told me that the modifiers on it they coudln't restore ... so the "of the bear", "of the eagle" parts they may not put back but you'll get your base items I bet and your gold.
It's a sad day man and I know how you feel. If I can help you out, please let know.
And before your gear gets back ... let's duel :P
Same thing happened to "Ulushnar" another T5 Tankadin over at http://www.wulfsblood.net/ on his blog last week and he still hasn't gotten his stuff back yet or hear a word as yet and he's about at the same point of progression as you are also. Sucks for both of you.
Getting Hacked seem to be a weekly thing and its getting to the point we all have to be security experts to play a game for fun with all our computers. Even that sucks. I play on a Mac and haven't had any problems but thats no guarantee of what may happen at any point in the future on my account also.
For the most part I do change my Password every few days constantly. Biggest thing is trying to remember what i change it to all the time. I've played WoW for over a year with various stuff addon and vigilant on my own PC also. Its been over a year though since I dumped my drive wipe it clean irregardless. I may do that this week in lite of things since so many people getting hit with a Hack lately. Hope you get your stuff back soon though. Blizzard must be working over time to just work on restoring peoples account when they get hacked alone.
What buggs me though is why people are always left in "Shadow Labs"?
I've heard the WoWHead.com being the source of hacks, and I believe it's not the site itself, rather than that, the adds that come with it. I have set the noscript addon on Firefox up to allow wowhead.com but not the advertisement sites, but I guess you can't be too sure either.
I really hope you get your stuff restored.
*goes to change his password, just in case*
This is getting me worried, Ulushnar and now YOU. 2 guys i feel i almost know from reading your blogs daily.
Very very sorry Honor's, hope that blizz can sort this mess out quickly for you. Will be interesting to see if the US gm's are any quicker than Ulu's euro counterparts.
I hope everything works out well for you. I had to completely reformat my computer because I could never feel safe anymore after what had happened.
I also started choosing what website I go to and used firefox with no script.
Thanks!
Fedaykin98
Right, but assuming you have made it a regular practice to change your password, keep in mind that stripping an account is a manual process which takes time. Working under the assumption that a keylogging account thief has to select targets manually, log on while the owner is offline, then check all the toons available to go after the juicier parts first, I tend to assume that a password garnered from the blizzard website has a higher value than one from the game (because you protect valuable stuff), something which he would look at sooner in a large list of accounts to check out.
It also prevents you from running into situation like Birgin or one of his guildies (don't remember which one had this particular problem) who got re-hacked right after getting stuff restored by the GM.
In short, I believe it can buy you time and make you look stand out less in a list of potential targets.
I've also been unable to find anything keylogger related - Mcafee, Ad-aware, spybot, process explorer, AVG, nothing.
I'd be interested to know if you also have the Curse client, and what addons you use? That's the only thing I can think of.
I used a bunch of mods. Omen, CTRaid, Fubar, Xperl, etc.
I had WoWAceUpdater. Which I don't use anymore. If I'm going to download something, I'll do it manually.
I had an interesting experience with the Curse Client. Downloaded it, installed it but never could get it to work, so I uninstalled it. I had gotten about 2 weeks prior to getting hacked.