There are many different ways an account can be compromised. The account holder can give away their account information, mistakenly believing they're giving it to Blizzard. Usually this sort of compromise begins with you receiving an email or a whisper in-game telling you that your account is under investigation for suspicion of selling gold or being sold or traded, and directing you to "confirm" the the account is yours by visiting a particular website. These are, uniformly and without exception, bogus. Blizzard will never EVER ask your for your password. They don't need it, it does them no good to have it. That's why their password reset function randomly generates you a new password.
To combat this, learn how to open up the full headers on whichever email provider you use. A "phishing" email may
look like it really comes from Blizzard, but the full headers will show the true story - that the "From" address has been "spoofed," and that the email actually comes from some random internet provider. In-game, know that a Blizzard official will always, ALWAYS have a blue Blizzard logo beside their name when they whisper you, and the chat will take place in its own special chat window. For any other "phishing" whispers, right-click the whispering name and choose the "Report Spam" function. This puts that entire account on ignore until you log out, and alerts Blizzard to the spamming without your having to submit a GM ticket. Plus...Blizzard will never tell you if you're being investigated for something. They will suspend/ban your account and let you discuss the matter with Account Administration after the fact, no warning.
Other than that, keyloggers can get onto your computer from those banner ads on some websites. This isn't the fault of the website owner, as they usually have little if any control what ads get put up on the space they lease to the advertising company. Firefox with the NoScript and AdBlocker Plus addons, plus keeping your Java and Flash programs updated, will help cut down on those potential nasties. Get a good antivirus program on your machine, run it, keep it updated. Do periodic scans with a malware-specific detector like MalwareBytes.
And then there's our leetle friend the Authenticator. No, Blizzard does not make profit off these little guys. They sell them at cost, because they don't want you to have to spend the week it currently takes waiting for an Account Specialist to go through allll the logs and get your stuff back and put your characters back on their proper realms. Blizzard wants you to play and be happy. No other company offers this level of account security, and no other MMO company does restorations for free. Some don't do them at all, some do them for a fee. I'd say we WoW-heads have it pretty good.
Client-side account security is the responsibility of the player. That's us. Server-side account security is the responsibility of Blizzard...and believe me, we'd know if Blizzard had been compromised. US Federal law requires that we be notified of any compromise on their part because they have our billing information for the subscriptions.
I'm also including a link here to the Account Compromise Information Center on the official Blizzard website. It's chock-full of good advice about what to do if the unthinkable happens and you get compromised. Here's the link:
http://us.blizzard.com/support/article. ... leId=30796
Hope this helps give some useful information and perhaps some insight into how these things can happen.
My account has been hacked and they have changed my password. but what is bugging me the most is that I'm the FOURTH member of my guild to be hacked and the THIRD in the last 6 months. It is like the hackers are working their way through.
