Filed under: MMORPG News, World Of Warcraft | 90 Comments »
The worst possible thing to happen to a MMO player is getting their account hacked. All the work that you put in to your account can be gone and the process of getting your character and items back is a painful and long process. Companies of course take steps to protect customers like Blizzard’s Authenticator for World of Warcraft but recent events show that even these aren’t fool proof.
The Authenticator for WoW has a reputation for being hack proof and because of that a lot of people own one. Basically what it does is it gives you a set of random digits that you put in with your original password. So every time you log in to your WoW account you get an extra random password that only the owner of the Authenticator can know.
From what I know there hasn’t been a case of an account that used an Authenticator getting hacked but that changed today. There is a virus going around that can hack the World of Warfcraft Authenticator. The virus intercepts the Authenticator code when you log into WoW and sends Blizzard a wrong one (which is why you can’t log in since you will get a “Wrong info” error) and then the people behind the virus have a few minutes to log into your account with the real Authenticator code. A Blizzard employee said this about the recently hacked WoW accounts that used Authenticators.
So the Authenticator is not a fail safe way to keep accounts safe but it is still a very good investment. If you want to check to see if you have the virus just search for the file “emcor.dll” on your computer. If you have it then your account most likely has already been hacked.
Tools like the Authenticator can only do so much. It is really unfortunate that people are getting hacked even with this security measure but it all comes down to the user. Safe browsing habits, a good anti-virus, common sense (against phishers) and things like an Authenticator can make your account virtually hack proof.
All the comments I’ve seen have the same issue! My self also haves the same issue with the Authenticator code on my account, which I never bought or had bought one before! The first thing you need to do is contact Blizzard (US) or Blizzard (EU), it will take up to three weeks for them to fix it…
I went to log in to play wow today and it asked me for an authenticator code and I’ve never purchased an authenticator. I went to wowheroes.com and all of my toons have been cleaned out. I refuse to start over and may again play WOW when Blizzard finds a way to outsmart these hackers.
I’m just gonna quit playing WOW. What’s the point of starting all over and having this happen again. What am I gonna do with all my free time?
I agree….same with my account. All of a sudden an authenticator shows up on the account. The account password or e-mail not changed, because those can be tracked to an IP address. Something wrong with the authenticators imho.
this is the 3rd time my account has been hacked!!blizzard makes some much money, i dont understand why our wow account is so easily hacked..they need to out smart these hackers
There is more to this than Blizzard is admitting. My account was apparently hacked — I got banned for sending spam email to people which I know I didn’t do. I run a clean machine, every patch up to date on 64-bit Vista (which is a lot tougher to infect than 32 bit if you leave all the administrator controls on). But just to be sure I hadn’t somehow slipped up in my old age, I ran multiple anti-virus product scans, spyware tools, and even root-kit detectors like GMER. I scanned everything. Multiple times. The machine is perfectly clean.
I didn’t visit any phishing sites, or use my email to log in to any other WoW site other than Blizzard’s own BattleNET forums and their WoW Armory. Still, I got hacked.
So you tell me — how did someone get my password? Methinks it’s about time they started looking at their own forum security because I am not the only person making this claim. Even the so-called “Authenticator” you can buy from them for $6.50 has now been hacked. The problem is completely out of control (customer service is so backed up you can’t even get through anymore) and they just keep blaming it on the users. And most of you keep buying their story and blaming it on user error. That’s the oldest developer trick in the book — it’s uh…user error…yeah.
Want to do some investigative journalism here at MMO Crunch? I suggest you set up 20 new accounts on crystal clean machines and keep them in a controlled environment. Log onto the Official Forums, the game and Armory daily, but don’t do anything else with those boxes. I bet you at least one of the accounts gets hacked within two weeks.
Then perhaps you will start to believe us.
Not only did I have an authenticaor put on my account and my shit all gone but the keylogger gave me a virus that ate my whole operating system….. wow hackers are becoming worse….
I started a new account on Wendnesday and I have been hacked already. I only have a lvl 14 priest on the account! I’m required to input an authenticator code which I didn’t even knew existed before this… It’s been literally 3 days and it’s been hacked!! I’m glad it happened so soon and I didn’t invest too much money/time into this account. No more WoW for me… maybe I’ll try a private server…
I WUZ HACKED IT IZ BLIZ FAULT
Grow up you damn children… they’re on your side.
“They should be able to outsmart them”
You know what, that’s stupid. It’s been years and they can’t even stop music piracy, you think there’s a magic bullet for this? Invent it, sell it to them.
Fact of the matter is that they’re some creative fucks, and the auth was blizz’s counter to the general phishing bullshit that people fall for. I wouldn’t doubt that they’ll counter this in some way if it becomes common.
But the general whining feeling of entitlement that I’m seeing from you butt-hurt children is disgusting and you should be ashamed. yeah, you got hacked, but Blizz didn’t hack your shit and give out your password… some douchebag gold-farmer did. Direct your little pissy fit toward the problem, not the people who are trying to help.
Fucking modern culture… ‘baw, something went wrong so I should be treated special’
I agree with dig on his comment. I also want to add that if your account has been hacked and you have the authenticator then most likely you gave out your authenticator to someone else. I’ve been playing a very long time and honestly out of all the times I’ve used my authenticator (which is on my iPhone) I have not once had a problem. For those who complain about authenticator codes newly on thier accounts I sympathize but also recommend getting an authenticator to avoid that from happening. Lastly a lot of emails have been sent to account emails about being banned for spamming and other suck nonsense. They’re fake even though they look real. The most obvious sign is bad spelling or sentences that sound unproffesional. I guarantee you go on your account and play you will notice there is no problems. They’re trying to get info from you by asking for account information. I cannot express enough times that blizzard does not need your password. I have recieved these emails as well.
Well I just got hacked. after 5years of playing this game. I was a little shocked. All my money was taken. any items that could be sold for money sold. I changed the password on my account after it was changed.. I know my system is clean. Im a little shocked that it happen. I am and always have been maticulous in browseing websites. Not sure how or why it happened but. Oh wells I was just waiting for my prepaid account time to expire before stopping for good. However since my wow password is the same as my battle.net password its an issue since I would like to play Sc2 and other games that are tied into that account. its sad that the authenticator which i was thinking of getting to place on my battle.net to make it safe now is reported as being crackable. Some
I returned from Lisbon and had a message regarding my account being suspended for three hours due to unauthorized activity. Needless to say, this wasn’t me so I tried to log on to see what happened. But I can’t because it wants an Authenticator code, and I never applied for one. I emailed WoW and got a response that they would get back to me but that it might take several days. This is it for me for WoW, time to try Red Dead Redemption.
the exact same thing just happened to me Brooklyn Bar Man! I’ve never used an authenticator, also run a clean machine, and have been playing wow since it was first released without ever being hacked before. This is simply ridiculous.
Same thing happened to me. I was asked to enter an authenticator code which I never applied to my account. THink I got hacked using a fake wow armory website. Sent an email yesterday to Blizzard, of coure I haven’t got a reply yet. If Blizzard was a Bank or a credit card company their security service would be a running gag.
Maybe I’ll be able to play again before Christmas.
Funny how the authenticator has become hacker’s best friend.
Anyone knows how long it takes to Blizzard to remove the hacker installed authenticator?
I keep getting emails saying i’ve done something wrong in WoW but thing is i havent been on since school was let out i dont have the file on my computer or say ive searched but my computer has a virus that causes many issues like it wont even turn on or it will crash with even the slightest movement really annoying (this is my 3rd attempt to write this using my computer)
Oh and another thing why do these hackers want to hack us so badly if they keep it up they wont have any people to sell their farmed gold to since everyone will most likely quit
Rikki, you don’t know what you’re talking about did you even read what people say when you said “i recomend everyone gets authenticator” why i would waste my money on getting one (i don’t have iphone) when people just reported it’s crackable. 2) No, the emails we got were not spam, it’s for real, we been banned for 3 days and our stuff was stolen.
And Dig, are you an idiot? How can you compare music piracy to hacking account? Nobody can stop you from making a copy of a music, but preventing hackers from stealing your account that should a be job done by a company that earns 165 million dollars every month (11 million users x 15 bucks a month) Next time your real bank account gets hacked, i’ll see what tune you’re going to sing next.
this article or what it would be called is not for u who is hacked WITHOUT the authenticator… it is easly done when u do not have an authenticator… i was hacked and my dad said that i should have an authenticator and i have never been hacked since… all u got to do to not getting hacked is:get an authenticator(buhu 6$ buhu… comeon) and:only read mails that ends on @blizzard.com
and dont download anything like wowkeygen or wowhack or anything like that it is all virus… virus, virus and again it is just pure virus.
A good idea would be download some good virus software. I deal with these problems all the time and the ones we use at my shop are, Avast, Malwarebytes and Spywaredoctor. Also Ccleaner is a good idea for keeping your computer running. These are almost all freeware except for spyware doctor which you can easily find a cracked version for. Please start using some protection people.
I got hacked and some one put a code onto my account and i dont know how to get the code so if u could tell me what to do i will be very greatfull
Well i’ve recently been hacked luckily I got my account back but only with 2 accounts… My main and another account so i’m still grateful I have my main but they deleted all the others and then they made around 33 taurens 1 human and 1 orc to spam 3rd party services….. The reason it happened was because my friend got key logged and I played at his house and my other friend got hacked and put an authenticator on his account but I was lucky they didn’t put one on mine. $6 is totally worth it for the authenticator or download an app on the iphone/itouch GET THE AUTHENTICATOR!
hi yeah this is the 2nd time mines been hacked and its really anoying as soon as i make another account that one has bee nhacked to and i keep having to repay the boxes so they should do something about that like a code that can only be used for that computer instead of binded to your account :S
see i got this problem solved once .. all you have to do is call blizzard .. ” u can call them for FREE using skype” waiting time is actually long .. took me about 1 hour 20 minutes
costumer support will help remove it directly when u give them the answer to your secret question and Classic wow CD key
might be something else .. but it’s just general info
———————–
but then i applied my OWN authenticator again logged in was doing icc 25 … all of a sudden i got Dced then i tried logging back again using my authenticator code and password .. it didn’t work :s and i dont even have the encor.dll thing .. anyone had this happening?
The clean machine test has been tried, and failed (or succeeded depending on your viewpoint). They got hacked. It’s a problem with Blizzard’s own security. There are people who have disabled their accounts and haven’t logged in or typed their passwords for 8 or 9 months that have gotten hacked recently.
which isn’t to say run wild giving away your password and downloading viruses. you can still get hacked the old fashion way by being an idiot. but for those of you feeling like you’ve done everything right… you probably did. Sorry :/
buy a mac. problem solved. i have been running on my osx for 2 years now, not a single virus ( and i visit some sites that would give a vista system a virus guaranteed
) i have been playing wow on this laptop for two years now and ive never had this problem. i have been sent e-mails from some blizzard impersonators before requesting that i “change my account information” or i have “violated the terms of use, and urgent action is required”, along with these messages would be a link for me to click, for example, a link like : http://www.usa.battle.net (pulled that out of my head) would be attatched. i did enter those sites, and my opperating system always told me ( on three occasions ) “that the website you are trying to view has been flagged as a PHISHING website, a report has been sent” and it would navigate me back to my e-mail where i would delete the messages. all im trying to say is, don’t fall for these tricks, and unless you running a mac (or a windows with government type security) don’t look at… well…. you know… those kinds of websites. trust me, i used to have a windows with norton security, it was loaded with trojans and keyloggers in a matter of months.
I haven’t played WoW in months. I use a Mac. I’ve used only Google Chrome since it came out, with all the alerts in place for suspicious sites. I played WoW for five years without ever getting hacked. No viruses or trojans, always behind a firewall on a network protected with an absurdly secure password — I can’t even memorize it, we have to keep it written down and hidden in a locked drawer. The password on my account is very strong.
Today, I got e-mails from Blizz saying my password had been changed. I was dubious so I didn’t click anything and manually opened my browser and went to the account page myself. Yup, hacked… but how in the world?
I don’t know if it’s Blizz’s security itself that’s bad because I haven’t posted to the WoW forums in years; if it is Blizz, that means that the leak is not as clearcut as posting on the forums. I am skeptical that it is Blizz’s security, though; I’d like to hear more about the test Kim mentioned before I’m convinced. It would certainly make me feel like less of a fuck up to know it’s Blizz.
What I do wonder, however, is if some old WoW forum or website got hacked. Why? Because back when I started playing, your account name was not the same as your e-mail — it was just a word/name you made up. When I registered for WoW websites I didn’t think much of using my usual e-mail/password combo because it wouldn’t be connected to my account in any way. But after the Battle.net change, your e-mail address became your account handle, which suddenly makes the registration info I put into websites years ago a way to hack into my account. Plus, if that’s the case, it wouldn’t matter that I hadn’t played for months; the info is still lying dormant stored in those old website databases. I wouldn’t had to type it in months.
That, to me, seems more likely than Blizz not keeping their account info secure enough.
Granted, using the same e-mail/password combo for many sites is sloppy and I take responsibility for that — I’m not trying to blame anyone, but that is the weak point (at least for me) and where I would start looking to find the source of the hacking. I have a very strong password that no one could ever *guess* and that gave me a false sense of security — but if someone got access to a whole database of e-mails and passwords, it doesn’t matter how hard the passwords are to guess because they don’t *have* to guess. The passwords are just right there — maybe encrypted, not that it matters too much at that point. I’m sure some other people might be in the same boat: super-vigilant about websites and trojans, never signed up for a website with what was their WoW account info *at the time,* always made sure their password was really strong… but are a bit lax about using the same e-mail/password log-in for everything.
So, what sites could be the source of this? I don’t want to alarm anyone or point fingers, but we should share what sites we’ve registered for. Since it’s been so long since I looked at WoW stuff, the only two things I can come up with are:
Curse
Elitist Jerks
And maybe wowinterface.com; I can’t recall if I ever registered, but it seems plausible. I can say with some confidence I’ve never registered for any of the other popular off-site WoW forums or blogs.
Anyone else want to help me see if we can narrow it down? Note that you don’t necessarily have to use your e-mail to log-in to a site, you just have to give them the e-mail at some point in the registration process, and then have used the same password you used for your WoW account.
for the authenticator…. use a soft keyboard… yes thats right a keyboard that you have to click and it scrambles the numbers every time you click… like on maple story
only reason why the hackers are getting your authenticator is because you’re typing it out.
When the window pops up for the auth. it triggers the virus or “key logger” as some would like to say it records your key strokes and sends them back to the originator of the virus and gives you the error message.
so, use the soft keyboard Microsoft gives you while running wow in windowed mode for that short amt. of time until blizz gets smart and puts their own soft keyboard in the wow program
i have a authenticator and now it is not working and i cant log on
can you help me
Hacked… on a completely virus free computer…
Can’t believe it took a hacking to realize I should finally give up on WoW.
I’m not spending money on getting a new account and all those upgrades again.
its your f**king addons u cant trust most of them out there ive been hacked twice and all i did was download the explorer addon it could not be detected by virus scans but i found it by my self in the addon
well, my wow account was dead for about a month now and when i try to log in to add a time card, my battle net asks me for an authenticator which i did not but. my computer is completely clean too…
My character is hacked at this moment. I was suspended for 72 hours and they sent me a faq’s on blizzards website about antigold. this is the 2nd time I was hacked,, the first time was a gold seller, and the second time is probably.. a gold seller. So how did I get hacked?
1/ I have an auth – this auth NEVER leaves my house – I have no children – I do not account share. I’m not retarded enough to “give” someone my auth serial number.. or even codes.
2/ I have maybe, 5 websites I visit on a daily basis.. and if someone sends me a link.. im not going to go “OMG LINK! -click-!”
3/ I have never received a phishing email or any emails from “blizzard” telling me to visit their website, other then when I registered, and now telling me A) my password was changed and B) now im suspended.
4/ I do not have a file named emcore or emcor.dll on my machine
5/ Ran multiple scans with multiple AV’s and Spyware, nothing came back.
6/ My character was already logged in…I got kicked off, then my password was changed.
So what’s the deal?
Yeah i just got hacked a few minutes ago too, everything coincides with what cynthia said. I was kicked off and password changed as i was levelling druid
Ya so sure enough my account was hacked today. I have played for 5 years. I get stupid emails but never even open them. I have an authenticator. I run a clean machine. How does it happen?
/still on hold with blizzard atm
/sigh
If Blizz REALLY wanted to fix this problem without cost to the player, they could always add a VIRTUAL KEYBOARD on the login screen. Easy fix.. hook line, sinker.. DONE. A virtual keyboard with a password requirement of at least 2 caps, 2 numeric, 2 special characters and many other characters is nearly a foolproof line of defense against hackers.. I was hacked with a SQUEEKY clean machine. I ran spybot s&d, hitman pro, avg, norton, malwarebytes, stopzilla, TM security suite.. among others. No threats identified. Period. I run those every three days or EVERY single time I download ANY mod or update. No exceptions! I quit wow shortly before ICC came out. I was a hardcore raider, having Ulda on farm and many of the bosses down HM. Anyhow, I did not touch my account since that time. 3 months later, it was hacked. It took blizz 4 months to repair the issue.. the hacker did a back-charge to retrieve his/her money spent durring the hacked time. Blizz footed me the bill for 6 accounts being hacked for 7 months at $15 a peice. I ended up paying to get my accounts returned and re-secured in case I desired to come back durring cata. A couple months later, the entire process repeated it’s self and blizz is footing me another bill!
Long story short, here is an EXAMPLE of my email and pw (After the first time entered, my PW was placed on a word doccument along with the email addy.. to log in, they were copied and pasted into the login info tabs)
EXAMPLE EMAIL:
B!gS(urRyd3wd931@whatevea.com
EXAMPLE PW:
H3!!oJeLl031ILike
I think it has something to do with blizz’s security.. I haven’t logged into the account since quitting EXCEPT to re-secure it.. and I resecured it on a BRAND NEW out of the box laptop from ibuypower. Only items i installed were the antivirus and spyware protectors and registry cleaners for future use.. all were dl’ed at cnet.
This issue has been getting worse since the battle.net has been out and everyone having to use it for their account info. I’m not taking blame for viruses, spyware, addons, etc. This is a blizzard problem and not 100% player. They really need to get their crap together. As of next month when my game time runs out I’m quitting for good unless they start to get a handle on this situation.
I think the authenticator is worth every penny… my friend irl said that if you have an advanced keylogger and you have logged in 50 times with the authentiacator it would be cracked thats only if you have an advanced keylogger now i have been hacked 4 times 3 of those times were keylogged and i learned my lesson 1 of those times were just random. every time i got hacked i called blizz (1-800-592-5499) and i got my account back but im sure if u have the authenticator its a 99.9% chance that you wont get hacked and it’s a .1% chance that you will.