Nice.
Blizzard’s 7 day a week hotline? It’s been “full queue” every time I tried. 5 minutes after opening shop, on a Sunday morning, and their “on hold” queue is full for the day?? They don’t even bother trying, sending you to the forums direct. So no talking to a person.
And this 2nd time the hackers added an instant authenticator (iPhone app?) to lock me out permanently.
My own authenticators are coming via ground mail because that’s how they do it now.
I can’t even complain on the forums because I need an authenticator to log on, to access my own account even, and with the hackers locking my account with an authenticator of their own, “So sorry Charlie.” Sucks being me.
Msaker was who they logged in with and did the robbing. Six hours ago, wiping me out a second time, in the middle of the night, six hours or 4:30.
What had I done to fix the computers? I did full scans of both machines. (First hack was while on my laptop in a hotel room. Second here at home on my Mac.) I used SpyBot on my PC laptop to scan for something (nothing), Intego’s VirusBarrier X6 on my mac (also nothing). I removed all the add-on updaters. The Mac’s a new machine and had nothing installed on it, nor have I added anything suspect.
I also created a new e-mail and attached the bnet account to it. And a new password to go along with it.
And I ordered the authenticators. But ground service isn’t via Flash Gordon so I was stuck.
With impunity they logged on again, my e-mail and password change ignored, and applied an authenticator of their own, and went to town a second time. With the new gold, probably sold my level 74 Paladin’s crafted armor, again, some gems and eternals, those I’d gathered last week.
However, this was not a “hack worthy” account, not anymore. And they knew it. (I’m assuming the same people who got me this time got me last time.) Now it’s just malicious spite to mess with me.
And, again, it’s just me and the wife. There are no guildmates involved who may have done this with a borrowed account. Nobody knows the new password. Not even the wife. I simply typed it in. On clean machines. What the frick gives???
So, who can suggest a good software keylogger spotter? (It’s obviously not a hardware USB logger since these are private home machines, and nobody sees the machines but us.) Spybot-S&D saw nothing (nothing!) on the laptop. Intego’s VirusBarrier X6 saw nothing on my Mac. Am I searching for something not even on my machine? Is Battlenet compromised?
Follow up:
Blizzard did help me on the phone. 20 minute wait, but at least I got someone. (Thank you!) Friendly help, offered some advice, helped me reset, and I got logged back on.
What did they get? 550g my Death Knight managed to gather again doing quests since then. A bunch of gems I’d gathered and set aside to do my JC dailies. Saronite Ore I’d gathered together to craft the i178 gear set for my Paladin. All of it. Gone. The Eternals. The new Titansteel bar to start the weapon and shield crafting.
Apparently, the overseas hackers have access to all the hardware based authenticators they want. (Stateside distributors, of course.) You buy on one account, and you can apply it to any account you have access to. So they got me, the night after I order my own, with their own hardware authenticator. Insult to injury this time: They took my Death Knight’s complete T9 kit. They left him boots and his level 58 gear. So much for dungeon running to recover the gear. (I’ll assume they’re reading this and will delete this “rp” kit the next time around.) They went out of their way to destroy Stormsoul’s pvp shoulders, and the rest of the crafted gear the wife had made him after the first hack. They actually cleaned out the last of my tokens, something they’d overlooked the first time. And they sold my level 45 warriors boots, and stripped my 65 rogue of everything non-heirloom, including his epic engineering goggles. It’s one thing to rob someone, it’s quite another to mock them while doing it. I guess wasting $6.50 to hack the remains of an account irked them.
So far all of my hardware here scans clean. I have NO IDEA how they’ve managed to do this.
Follow up to the follow up:
Blizzard and/or the hackers have managed to lock me out of my account yet one more time. I managed to log in long enough earlier today to do some fishing dailies for cash. Then I logged out for dinner. Then I tried logging back in to head to Sholazar with the wife to complete the cooking dailies and collect some eggs and I find I’m locked out of the account again.
Then I see Blizzard sent me an e-mail to go online and fill out a form. Sigh. Isn’t that causing all the problems in the first place? Phishing attempts that I’m supposed to ignore? But I go, figuring WTF and do it. They respond with a form e-mail saying I should get another e-mail to reset my password. Except two hours later it’s still not arrived.
So. I got my account back with Blizzard’s help. That must have been their right hand. Because later Blizzard denies me access to my account. This must be their left hand. At least I hope it’s Blizzard. And not a 3rd hack.
If you’ve gone to the technical support forum today it’s alive today with report after report of bogus (i.e. not applied by the owner to their own account) authenticators locking folks out. That’s way too many people at the same time, in the same style.
Kinless Chronicles 
Oh much sympathy! I have a strong suspicion that some of the hackers have hacked Blizzard, given all the different people who get hacked these days. Unfortunately, even reputable sites get hacked from time to time, and if you hit that site at just the wrong moment, well, there you go, you get hacked too. I got hit by a flash vulnerability the other week, and I keep waiting to discover that I was hacked.
Have you run HijackThis and Malwarebytes Anti-Malware? I dunno if they have Mac versions, as I have a PC. Both of the above programs will catch problems that the virus and spybot programs miss.
Thanks Berry.
I was looking at Intego’s internet security package but picked up the Norton Internet Security at the Apple Store instead after a nice lunch at PF Chang’s.
Then I’ll play some Sid Meier’s Colonization (Civ IV version) while I wait for authenticators. They trashed my Oracle eggs, again, so I’ll fly back to Sholazar on my 3 characters with the wife, but not invest too much more time until my authenticators arrive and are installed. They’ve got me twice now. Fool me once, shame on you. Fool me twice… I’d rather not give them a 3rd chance.
I have reason to believe it’s not malicious software at all that’s causing the problems. If accounts don’t have an authenticator, these hackers are just brute forcing their way into accounts. I had that happen to my while I took a break from WoW but uninstalled and removed teh authenticator from my Android phone and account. I never replaced it with my physical authenticator because I didn’t give it much thought. About a month later I got a facebook message saying I’d been hacked. I run WoW on Linux, no keyloggers or malicious software.
I saw this coming when Blizz switched everything to the BNet system using email addresses instead of names. It was too easy for the hackers.
Only Authenticator I had ever used was the actual hardware one. Even though I always had a IPhone I never used the app authenticator just been a little bit paranoid maybe when it comes to WoW and account security. Though have had 2 physical authenticators for my account, only actually use one.
With as popular as WoW is these days its just also unfortunate the level of hacking is stratospheric as well whether through accounts or the ever growing list of addons made for the game or related game sites. Its damn nuts.
I’m very sorry to hear about this happening to you too. I’ve been dealing with this the last few days. The hacker cracked my email too, so he was reading my emails as Blizz sent replies to me. I think I have it straightened out now, but they even deleted all my tier gear. So I can’t really play the game, except fishing. And Ruby Sanctum just came out :*(
I got the e-mail that they’ve straightened everything out for me and I, and the guildmaster (the wife) will be getting stuff taken from the guildbank in the mail shortly.
I’m crossing my fingers that all my gear is there and I can do the Midsummer Fest’s Lord Ahune fight using the dungeon finder.
Wouldn’t you know it, but they restore everything on the day they take the servers down for extended maintenance.
Your computer doesn’t have to be hacked for them to get access. Several of my guildies have been hacked even though they have let their subscriptions lapse, so these hackers are attacking Blizzard’s servers directly, which makes sense. Blizzard is a huge target and there are zillions of accounts to try hacking. Recent security analysis of password behaviors suggests that most people choose very simple passwords, and that common passwords show up over and over again. Thus, the BEST thing you can do, aside from using an authenticator (which you should do, whether you’re on a Mac or PC) is use a unique strong password. Upper and lower case, no words, numbers and punctuation. Personally, I recommend using two words, replacing some letters with numbers and then swapping parts of them. So like “poopy head” becomes h00Py%P34d, which is marginally easy to remember and not likely to be in anyone’s password database. Well, until they read this post, that is. 🙂