*sigh* guildie hacked...

[Sarayana]

I logged on tonight to find that another one of our guildies was hacked. That's right, another. Seems they don't learn until it's too later... this'll be the fourth hacking in our very short life as a guild.

The second time it happened, I wrote a really elaborate post on our guild forums - how to protect your account, how to keep your computer safe, not to buy gold, get an authenticator, yadda yadda yadda. Clearly, some of them didn't learn. Apart from the obvious (demoting the guildie's toon that's still in the guild, limiting bank access, tearing my hair out), do you guys have any suggestions on how to handle this situation?

We're a very small guild of close friends (we all met in-game), and since everyone has put in a lot of effort to build a solid guild bank, our shared wealth, we were very adamant not to create locked tabs with officer-only access, and everyone has quite a bit of access (20 stacks/day for full members). Obviously, that was a bad idea. But last time it happened, I met resistance with some of the other officers about the "exclusivity" of officers tabs, so I really don't know what to do...

How does your guild handle this kind of stuff?

Thanks guys.


Edited to not sound like I hate my guildies. I love them, I am just frustrated right now.

[Adam-Savage]

You might have to insist everyone gets a authenticator if they want bank access. You can have them show you there mini pet u get for buying them as a way to prove they actually have one.

[Karathyriel]

I always thought that being hacked was always your own fault.
Today, I'm in doubt about that.

Our guild leader, who always told us to take care, was hacked once.
Unless he is lying, he has no idea, where he caught that software that stole his account data.
He, who always told us to be careful, not to visit gold sellers websites and what not.

If only Blizzard would allow other payment procedures as credit card in their shop, I already had bought an authentificator. But as credit cards are not very common here in germany, I just can't.

Damn you, Blizz!

[Xanethia]

I've always considered myself quite knowing when it comes to computer security, ntl i was hacked 2 years ago - and to this day i still never managed to find out what caused it.
Suspicions go towards some kind of rootkit hack - was never able to confirm tho.

In the guild i'm in, the g-bank is mostly restricted for members. out of the 5 tabs we have one tab that full members can make 2 withdrawals from per day.
the rest have to be withdrawed by an officer by request. 1 tab is officer access only.

It's not a written rule, but it is expected that persons with full access to the guild bank (eg. officers) to have an authenticator.
(my own personal view is that it's to stupid not to have one - the phone one is nearly for free).

With the authenticator having been around for more than 2 years, i have a really hard time finding any sympathy for people getting their account stolen.
If one can afford to pay the monthly fee for WoW, i'm damn sure they could find the small amount needed to pay for the authenticator aswell.

[Sarayana]

Thanks guys. Unfortunately, I don't think it's an option to force people to get the authenticator. Whether or not people like them and use them, most people oppose others in a game telling them to spend more money... But yeah, I don't understand why people don't just run out and get them already.

Kara, I suppose it's quite possible to get stuff on your computer without knowing the source, which is why the authenticators are such a big deal.

I started a thread on our officer's forum to figure out what to do next, and I'll let them know what you guys suggested. Either way, access will be restricted until we decide. Thank you for the input.

[Saturo]

My guild has always has two "lowest" ranks, Initiate and Front Line Infantry.
Neither has bank access, and the later will get promotes to Social or Soldier once they can link the Core Hound to an officer.

It's worked great so far, and ever since the mobile authenticator, we haven't had any problems at all with it. We have a good reason too. The bank contains 20k pure gold, and about 20k in mats and enchanting stuffs, and of course pots, feasts, drums, one [Battered Hilt]...

[Anansi]

Last night a friend of mine had his account hacked. I noticed him logged on and staying in Sholazar Basin and he didn't return my /tells.

What struck me as odd however is that this friend had quit WoW, and if he did re-sub he'd not be spending his time mining. So my wife called his house and asked his wife if he was playing WoW - he was not. Hacked account.

Now as I said he had quit WoW. His account was inactive, he had not logged on in months. It was an unused account. So hackers are finding access to inactive accounts and re-activating them. So how many active accounts out there are actually stolen and nobody knows? And how does this happen? Obviously there is a security breach somewhere. His account was dormant, he did not partake in any of the usual shady behaviours that can lead to a hacked account, and his computers are meticulously virus-free.

After 2 hours of being on hold and then talking to Accounts, they remove the credit card and authenticator that the hacker put on the account. His characters still had their worn gear but all bags were empty. And here's the kicker, if he wants his characters restored, he has to re-sub, Blizz won't take action unless he has an active subscription. Which I can understand, but at the same time it's their security failings that led to this situation.

[Azzrazzah]

At one time I had purchased gold from a seller.. It was at the begining of my time playing.. Been playing now for 5 years.. When I bought the gold; at that time gold sold for $200.00-$300.00 real dollars.. I got hacked soon after.. The GM's at that time thought that maybe I had got hacked from the individual selling the gold; when the trade occured, it was by the TRADE WINDOW; one character to another.. If you have a need to buy gold; use the mailbox only!!! Not sure how, as I'm no genius at computers.. I had logged into my character the next day, to see my characters name had just logged out. Then the chills started as I looked at my character and everything that could be sold was gone. The GM's put it off to my buying of gold; probibly was.. I've been using an authenticator ever since they've been afford in the game...

My advice... Never do any trades with anyone other than your guild mates.
As stated above, never buy gold.
And be carefull of people offering services in the game,
Like... LFW tips apprieciated. use your guildies

[Tahlian]

Last night a friend of mine had his account hacked. I noticed him logged on and staying in Sholazar Basin and he didn't return my /tells.

What struck me as odd however is that this friend had quit WoW, and if he did re-sub he'd not be spending his time mining. So my wife called his house and asked his wife if he was playing WoW - he was not. Hacked account.

Now as I said he had quit WoW. His account was inactive, he had not logged on in months. It was an unused account. So hackers are finding access to inactive accounts and re-activating them. So how many active accounts out there are actually stolen and nobody knows? And how does this happen? Obviously there is a security breach somewhere. His account was dormant, he did not partake in any of the usual shady behaviours that can lead to a hacked account, and his computers are meticulously virus-free.

After 2 hours of being on hold and then talking to Accounts, they remove the credit card and authenticator that the hacker put on the account. His characters still had their worn gear but all bags were empty. And here's the kicker, if he wants his characters restored, he has to re-sub, Blizz won't take action unless he has an active subscription. Which I can understand, but at the same time it's their security failings that led to this situation.

Many times, hackers can get a player's account information and will hang on to it for quite some time, then access the account at a much later date. This has been happening quite a lot lately apparently, if you look at the official Customer Service Forum. And even people with otherwise safe browsing habits can pick up something nasty from a site they visit regularly if that site has banner advertising. Some of those ads have used brand-new Flash or Java weaknesses to put malicious code on a computer. I use NoScript for my Firefox as well as AdBlocker, and I also have an authenticator, just to make extra-sure I'm safe.

I can't say it's utterly impossible for Blizzard's databases and servers to be hacked...but I do believe that would be unlikely in the extreme.

[Saturo]

I can't say it's utterly impossible for Blizzard's databases and servers to be hacked...but I do believe that would be unlikely in the extreme.

That, and no doubt Blizzard would reimburse us. A lot.

[Vephriel]

I can't say it's utterly impossible for Blizzard's databases and servers to be hacked...but I do believe that would be unlikely in the extreme.

That, and no doubt Blizzard would reimburse us. A lot.

*nods* I agree. With a company as huge as Blizzard is, and the fact that they keep very important information (Names, Addresses, Credit Card numbers), I'm sure they have the best protection they can get on those databases. It would be a legal nightmare otherwise.

[Golden]

I can't say it's utterly impossible for Blizzard's databases and servers to be hacked...but I do believe that would be unlikely in the extreme.

That, and no doubt Blizzard would reimburse us. A lot.

Plus we would probably know if Blizzard's database was hacked into... At that point it wouldn't be some random cases, but more like nearly everyone losing their valuables. If a hacker had the access to so many accounts, they probably wouldn't pay real money to get into a smaller account - they would go straight for the ones that they know are at the gold cap and active or something.

Oh, thank you Veph for getting past me. XD I didn't even consider the fact that if someone hacks to Blizz's databases, they will have way more than just access to a lot of WoW accounts: they will also have very important personal information that would probably prove a lot more valuable.

My advice... Never do any trades with anyone other than your guild mates.
As stated above, never buy gold.
And be carefull of people offering services in the game,
Like... LFW tips apprieciated. use your guildies

I'm pretty sure that in-game trades are perfectly safe, otherwise we wouldn't be able to do so. The only thing that could happen is that you accept a trade without making sure that your trade partner has put in what he's supposed to. I'm guessing that you just got terribly unlucky. :(

[Sarayana]

My advice... Never do any trades with anyone other than your guild mates.
As stated above, never buy gold.
And be carefull of people offering services in the game,
Like... LFW tips apprieciated. use your guildies

I'm pretty sure that in-game trades are perfectly safe, otherwise we wouldn't be able to do so. The only thing that could happen is that you accept a trade without making sure that your trade partner has put in what he's supposed to. I'm guessing that you just got terribly unlucky.

Yeah I doubt anything LEGALLY within the game (that is, not counting third-party software like botting programs) is harmless. More than likely, the hack happens via the website through which you contact the goldsellers or when making the payment. Since real money changes hands, there's always out-of-game contact with gold sellers.

Could also just be bad timing.