Hacked – 25 minutes later.

Near the end of May, I received an email from Blizzard stating that I had reset my WoW Account password. I, in point of fact, had not made that request. I immediately tried to log into WoW and was unable to. Going to the account pages on www.worldofwarcraft.com I reset my password and verified that I could log in once again. The time between the original email being sent by Blizzard and my successful login to the game was around 25 minutes.

I learned three things: 1) a lot can be done in 25 minutes; 2) these “people” – and I use the term very loosely – can be very sly; and 3) I won’t log in to WoW when visiting my parents.

Initially, I didn’t notice anything was amiss. I logged onto my high level characters and did a check of their gear. Everyone one of them was wearing exactly what they should have been wearing. I came to the conclusion that I lucked out in my timing and thwarted the attempt by checking my email early enough. I have been playing a Horde mage on Earthen Ring over the last month or so and nothing was changed. I don’t log into Skywall much right now since there doesn’t seem to be much of a need for healers, but as I said, all my equipped gear was there.

Notice how I said that – “all my equipped gear was there”. I didn’t look any deeper than that. Nigiri doesn’t carry much gold and had 18g still on her. No reason to think anything was wrong right? INCORRECT.

I went to self buff myself with Prayer of Fortitude. Imagine my surprise to find out I didn’t have any Sacred Candles. I usually carry 60 at all times. I checked my bags and that’s when it came crashing down. I had 4 mounts (reg and epic land and flying), 2 non-combat pets and that was it. My bags were otherwise empty. My bank was empty of anything that could be sold.

After a recheck, all of my characters were in the same condition. A few thousand gold and a lot of elixirs, potions, food items, non-combat pets (see a previous blog post on my former collection), alternate sets of gear and dozens of other items were missing. The void space in my bags is overwhelming.

The ruse of leaving my currently equipped gear worked for a short period of time. The only saving grace, I think, is my timeliness of resetting the password. I didn’t give them time to invade all my characters across all realms.

I am very selective about what I open and download at home. I suppose I should have known my parents aren’t as selective. A few times a year I visit and log in. I will still visit, but no more logging in from their desktop.

Blizzard is working to investigate and within 20 minutes of my reporting the incident, had returned most of my stored BoP gear via in-game mail. They were very understanding and very helpful. The remainder of the investigation will take a few days.

In-Game Mail

As I’ve said, I haven’t played on Skywall for some time. This security issue may serve to revitalize the updating of this blog. My mage on Earthen Ring is also named Nigiri, so I won’t have to change things much.

I’ll keep you updated on the status of my GM ticket.


~ by Robert Stewart on June 3, 2008.

2 Responses to “Hacked – 25 minutes later.”

  1. glad to hear you caught it fast, and that it (for the most part) came out ok.

  2. […] with some analysis of how the bad guys monetize their stolen stuff. After all, how do you fence stolen virtual goods? And knowing that, is there a way to put the kibosh on game account […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: