Getting hacked is srsly fun.
This was a post I made to wow_ladies, but for the sake of having it in my journal, here it is again:
Last night I joined the ranks of people who have been hacked more than once! "How does that happen?" you may ask. "Did she not think to protect her account?" you may wonder. This little post is less of a complaint as much as it is sharing a learning experience.
A few months back, (around July, I believe) my account was hacked. I am usually very careful of which links I click, which sites I visit, and make a regular habit of ensuring I've cleared my system of any malware/spyware/unauthorized cookies, so how my account information got out, I can never be sure; I have assumed it was one of those middle-man hacks that intercept your information between the time you click "log in" and the time it reaches Blizzard. I go to bed one night after raid, came back the next morning to do some dailies, and lo-and-behold, all of my toons had been stripped clean, my Bankalt's Gbank cleared out, and the chance of my guild having a disc priest for raids the next two weeks had been reduced to nil. A friend of mine saw me log in at 2am, and did not respond to psts, but there was nothing he could do but watch and open a ticket in my name.
I sulked, of course. But it also drove me to take action. I had an authenticator put on my iphone, changed my password, and upped the security on my system even more.
Fast forward to a week and a half ago - my iPhone went for a swim, and was damaged beyond repair (yes, I know The Rice Trick - it worked for my husband's phone when it "fell" in a lake, but it was unable to save mine) and since without a phone I have no authenticator, I had it removed until I could afford to replace my phone.
It was a Bad Idea.
Last night on the drive home my husband recieved a text from my dear guildie and fellow wow_lady, asking if I'm online, followed by another a few minutes later - she and a few others were not getting responses, my main just went to the mailbox in org, and stripped down. A few minutes later I also received a text from my brother (also informing me I was hacked, how sweet of him).
When I get home, I immediately go to log in... of course, the launcher needs to download new tools right now. so while that goes, I rush over to Battle.net hoping they hadn't beat me to it. I can SEE which toon they've got logged in, (my poor baby level 10 druid!) and change my password, which boots the assbasket off, then hop on my cold, naked main to let my friends know I'd regained control of my account, and to assess the damage. It was extensive, but at least they didn't get everything off all my toons - it looks like they first make a sweep to mail all the gold off ASAP, then cycle back to strip you of your belongings and vendor them. I still had some gear and full bags on three toons, but all my 80+ toons were completely cleaned out. Apparently about 15 people put in tickets in my name, and all of them were boggled as to how I'd gotten hacked again, after I'd put the authenticator on... to which I had to admit my shame of being forced to remove it temporarily... I didn't think that a week of not being protected would get me hacked. But it did.
Before logging, I made sure my guild knew that I was going for the night, and if I came back on again, that it was NOT me, and that changing my password did not help.
For an extra measure of protection (though there was little left to protect), I was going to try to turn the parental controls on, but I stumbled across something even more effective - the Dial-in Authenticator. I don't know how secure it is; it apparently does not require you to call every time, only when it feels like your account is threatened - perhaps if you're not using your usual IP? Either way, I feel better knowing that I've got that on there, at least until I can replace my physical Authenticator. Perhaps I ought to dig out one of the ones in storage that we got from BlizzCon?
So yes - if you ever ever EVER have to remove your authenticator for any reason, please take extra measures of precaution - put the dial-in authenticator on, or if all else fails, lock down your account as securely as possible, because those gold-selling douchebags WILL find a way to get in if you let them. And if you have someone in your guild that you know and trust, (and I MEAN that, don't do this casually), give them a way to contact you outside of WoW in the event of something like this - I felt a LOT better about the whole ordeal knowing that I managed to kick him out of my account before he finished his dastardly task. Getting that text from my friend is what made me log on last night, when I had no intention of doing so. It feels better knowing what you're getting into than it does to log in unknowingly to a set of stripped toons.
The End!
Last night I joined the ranks of people who have been hacked more than once! "How does that happen?" you may ask. "Did she not think to protect her account?" you may wonder. This little post is less of a complaint as much as it is sharing a learning experience.
A few months back, (around July, I believe) my account was hacked. I am usually very careful of which links I click, which sites I visit, and make a regular habit of ensuring I've cleared my system of any malware/spyware/unauthorized cookies, so how my account information got out, I can never be sure; I have assumed it was one of those middle-man hacks that intercept your information between the time you click "log in" and the time it reaches Blizzard. I go to bed one night after raid, came back the next morning to do some dailies, and lo-and-behold, all of my toons had been stripped clean, my Bankalt's Gbank cleared out, and the chance of my guild having a disc priest for raids the next two weeks had been reduced to nil. A friend of mine saw me log in at 2am, and did not respond to psts, but there was nothing he could do but watch and open a ticket in my name.
I sulked, of course. But it also drove me to take action. I had an authenticator put on my iphone, changed my password, and upped the security on my system even more.
Fast forward to a week and a half ago - my iPhone went for a swim, and was damaged beyond repair (yes, I know The Rice Trick - it worked for my husband's phone when it "fell" in a lake, but it was unable to save mine) and since without a phone I have no authenticator, I had it removed until I could afford to replace my phone.
It was a Bad Idea.
Last night on the drive home my husband recieved a text from my dear guildie and fellow wow_lady, asking if I'm online, followed by another a few minutes later - she and a few others were not getting responses, my main just went to the mailbox in org, and stripped down. A few minutes later I also received a text from my brother (also informing me I was hacked, how sweet of him).
When I get home, I immediately go to log in... of course, the launcher needs to download new tools right now. so while that goes, I rush over to Battle.net hoping they hadn't beat me to it. I can SEE which toon they've got logged in, (my poor baby level 10 druid!) and change my password, which boots the assbasket off, then hop on my cold, naked main to let my friends know I'd regained control of my account, and to assess the damage. It was extensive, but at least they didn't get everything off all my toons - it looks like they first make a sweep to mail all the gold off ASAP, then cycle back to strip you of your belongings and vendor them. I still had some gear and full bags on three toons, but all my 80+ toons were completely cleaned out. Apparently about 15 people put in tickets in my name, and all of them were boggled as to how I'd gotten hacked again, after I'd put the authenticator on... to which I had to admit my shame of being forced to remove it temporarily... I didn't think that a week of not being protected would get me hacked. But it did.
Before logging, I made sure my guild knew that I was going for the night, and if I came back on again, that it was NOT me, and that changing my password did not help.
For an extra measure of protection (though there was little left to protect), I was going to try to turn the parental controls on, but I stumbled across something even more effective - the Dial-in Authenticator. I don't know how secure it is; it apparently does not require you to call every time, only when it feels like your account is threatened - perhaps if you're not using your usual IP? Either way, I feel better knowing that I've got that on there, at least until I can replace my physical Authenticator. Perhaps I ought to dig out one of the ones in storage that we got from BlizzCon?
So yes - if you ever ever EVER have to remove your authenticator for any reason, please take extra measures of precaution - put the dial-in authenticator on, or if all else fails, lock down your account as securely as possible, because those gold-selling douchebags WILL find a way to get in if you let them. And if you have someone in your guild that you know and trust, (and I MEAN that, don't do this casually), give them a way to contact you outside of WoW in the event of something like this - I felt a LOT better about the whole ordeal knowing that I managed to kick him out of my account before he finished his dastardly task. Getting that text from my friend is what made me log on last night, when I had no intention of doing so. It feels better knowing what you're getting into than it does to log in unknowingly to a set of stripped toons.
The End!