World of Warcraft Hacked
If you’ve woken up to find that your World of Warcraft account has been suspended due to spam from gold farmers and keyloggers, or that your guild bank is suddenly drained, it’s because an Adobe Flash exploit has been discovered.
From a moderator post in the forums:
A recent vulnerability has been discovered in popular web-content delivery program Adobe Flash, and it could potentially be used to target World of Warcraft players and accounts. The newest available version of Adobe Flash, version 9.0.124.0, does not contain this vulnerability, and we recommend that everyone upgrade their Flash player as soon as possible by visiting the Adobe.com download page at the link below.
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
In addition, to avoid exploitation of this vulnerability, we have temporarily disabled the ability to post hyperlinks in our forums. Any links will need to be copied and pasted into a browser. We’ll continue to evaluate any potential security threats and take any steps necessary to ensure a safe and fun environment. For more information on this issue, you can read the announcements from the Adobe security team concerning the threat at the links below.
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html
How am I aware of this? My account’s been hacked by keyloggers TWICE in the last 48 hours, even though my account was not active. Thankfully, I don’t use a credit card for a WoW subscription – I use a Game Card.
Trying to log into my account to complain, I saw among the characters I could choose from:
Gagefgw* 1 Dunemaul
Scarbaraynhn* 1 Dalaran
Forbasyhjs* 1 Doomhammer
Robelagh* 1 Thaurissan
Berreyhjd* 1 Dentarg
Ardrinitytyh* 1 Demon Soul
Saresajyfi* 1 Dawnbringer
Laumesghjd* 1 Dragonblight
Gradeadysfg* 1 Gundrak
Tiroldeweyfg* 1 Saurfang
Erektth* 1 Darrowmere
Khandiandtyh* 1 Draenor
Anjanevbhjn* 1 Drak’Tharon
Simistiafgyh* 1 Nagrand
Gloisonorefg* 1 Dath’Remar
Jarthghsrt* 1 Dreadmaul
Edredgfh* 1 Caelestrasz
Miccaynegh* 1 Frostmourne
Felseatrahgi* 1 Khaz’goroth
Aphedagnycvb* 1 Drak’thul
Jonahfalcon* 1 Argent Dawn
Waylonsongdh* 1 Destromath
Doriafjgaf* 1 Dethecus
Isagenfgh* 1 Dragonmaw
Aruneggh* 1 Barthilas
Adradynnaygf* 1 Drenden
Loisbethgh* 1 Daggerspine
Deweyfgbd* 1 Aman’Thul
Brunhityhj* 1 Dalvengyr
Lemedwalinjm* 1 Duskwood
Jaianejyf* 1 Darkspear
Hanessilhj* 1 Deathwing
Valeghftg* 1 Draka
Maeverladhtf* 1 Jubei’Thos
I didn’t list my real accounts – but this was just SOME of the servers this asshole had been logging in with my account. Worse, my main toon, a level 71 I’d been grinding for 80 to review Cataclysm with, had been deleted by the hacker. I must stress that when my account was hacked, it was NOT ACTIVE. I did not get phished. No, this happened on BLIZZARD’S side.
January 24th, 2010 at 3:45 pm
Security Alert – Flash Vulnerability 05/28/2008 05:06:14 PM PDT
Current flash version is 10.0.42.34
January 24th, 2010 at 9:03 pm
Sucks to be you.
January 24th, 2010 at 9:56 pm
No, it sucks to be you.
January 24th, 2010 at 11:00 pm
always the professional ‘journalist’ aye Failcon?
January 25th, 2010 at 12:24 am
Just because you didn’t get phished and your account was inactive doesn’t mean it’s on Blizzard’s side. You sound a lot like the uninformed masses who always blame Blizzard for everything that happens to them. Doesn’t mean shit.
January 25th, 2010 at 12:29 am
Remember, account security is none of Blizzard’s responsibility, folks.
January 25th, 2010 at 1:55 am
I’m not exactly sure how it could be Blizzards fault that this happened to you?
It seems beyond normal means to get your info from Blizzard themselves, somewhere along the lines you basically had to have your account info compromised. The hackers/farmers/sellers wouldn’t have enough info to get Blizzard to send them your information, it takes quite a bit of specific personal information to get that. Which is why I say, I imagine your information was compromised, even if it seems very unlikely.
Remeber, if you get your account info stolen, you do not have to be currently active get a free scroll of resurrection from another player, costing the farmer/seller/hacker 0 to re-open your account…
It is probably almost entirely impossible to track this back to a true fault of Blizzards, their info-release system is built to prevent that.
January 25th, 2010 at 2:45 am
So Blizzard should prevent you from using the same username/password more than once on the entire interwebs? Get yourself an authenticator and stop whining.
January 25th, 2010 at 3:23 am
Is the idea that the hackers activated the account for you such a large leap in logic that you couldn’t make it?
Seriously, take some personal responsibility. It’s liberating, I promise.
January 25th, 2010 at 3:43 am
But it is alarming that Adobe Flash may be use to hack WOW Accounts. Its useless how much we took care of our computers not to use to by anyone and even not logging in to other computer aside our personal computer if there are program that exist its very alarming. It might be one of the software that we trusted that not contains any suspicious Malware and will suddenly cause our account hack.
January 26th, 2010 at 3:10 pm
[...] you recall, I’d reported my World of Warcraft account was hijacked. I reset my password twice, but then trying to check my account this time, I discovered someone not [...]
January 26th, 2010 at 3:23 pm
Aion (NCSoft game) has the same problem. People’s accounts being hacked when their account was inactive. Their NCSoft Support admitted it was due to PACKET MANIPULATION in game.
I doubt it was an Adobe flaw. You have to pick out the key words here: “hacked while account was inactive”.
Copy of the response NCSoft gave an Aion player.
http://img14.imageshack.us/img14/6616/ticket2o.jpg
January 26th, 2010 at 3:25 pm
I’d assumed it was the Adobe problem – when I did a web search for the exact symptoms of my issue, it brought me to Blizzard’s Adobe report.
There’s an update to my issue:
http://www.gamestooge.com/2010/01/26/world-of-warcraft-hijacking/
You might want to repost that comment there.
February 14th, 2010 at 2:57 am
I have to add my encounter too:
- I have been playing WoW for three years now
- Never was I hacked. I had Spybot, AVG, SPF (old firewall) and Ad-Aware
- I went on hiatus, and my gamecard expired last Dec 25, 1990 (Ho-ho-ho)
- I received an email saying an account was MERGED just last week. Meaning my account of inactive status for 40 days was hacked
NOTE:
- I don’t do gold buying (I enjoy the mindless farming. Mining is my specialty)
- I don’t do porn (yes, we old school grandpas are past that)
- I do not share my PC with anyone
- My two daughters have their own PCs to play WoW with (yep, hordes FTW)
Now, tell me, how would “I” be responsible with the hack?
EPILOGUE:
- My two main 80s deleted
- My 60 toons left naked
- guild bank and personal gold vanished
(yep, my daughters and I are the only members)
CHALLENGE:
Will Blizzard ENSURE and re-compensate us, when our AUTHENTICATOR protected accounts are hacked, again ?
Oh, one more thing: When I received that email, logging on to my account said it was protected, and was asking for my authenticator password. I never had one.
Shut out by the system that should be used to protect us.
I rest my case.
February 21st, 2010 at 11:31 pm
Marduk0304,
I have almost the exact Shit With You. My old Account was Hacked(meaning Password/Id Changed) After Being INACITVE Since Last March til Last September.
I Started Playing Wow Again on my bro’s account. Just 1month, Last Night my internet was fucked up and i couldnt play. 1st thing in the morning when i logged in, They asked me For an authentication code WHEN I DIDNT BUY ONE. 1hour later, My bro’s Account Password/Id was changed. 30mins later My Bro’s lvl 80 main was transfered.
Can Someone Also Tell me What The FUCK is blizzard doing? I’m So Over with Blizzard Man, Fuck Them, Total I’vve WAsted over 500 USD on both account over the Years i’ve been playing. Screw Blizzard
February 25th, 2010 at 10:13 pm
My account was hijacked as well. Had two days of conversation with Blizzard, resetting password and account information. All security measures were in order on my end and several scans proved the same. Account was taken over no more than ten minutes after being reset, five times! Blizzard had no answers. Painfully account was closed and I will never deal with Blizzard again.
April 17th, 2010 at 9:21 am
My WoW account was recently hacked. Not only had I not logged into the account by web or client in over 2 years, the computer that I played WoW on was gone over a year and a half ago. All of a sudden about a month ago, the account gets hijacked. I have not typed account information into anything, either my computer or someone elses since I stopped paying for the account. There is 0% chance that this condition resulted from something that I did. It appears that the registration system om WoW has been compromised. Thankfully I had already shut down the card I was using to pay for WoW. I would strongly recommend getting any payment information the hell out of Blizzard’s system.
April 22nd, 2010 at 6:01 am
I too have had my account hacked twice in the last 48 hours – both times I used a different email account and password when resetting. The only reason I know I was hacked was my account was suspended for spamming – I hadn’t even logged in so I certainly wasn’t the one spamming! Waiting on Blizzard to respond……..I have been playing for 4 years with no issues, don’t share an account or computer, have all my anti-virus etc up to date and then this shit happens. Not happy!!!
July 26th, 2010 at 11:08 am
I just received an e-mail today from Blizz saying that my password had been changed, neither my husband or myself have logged into our WoW accounts for over 6 months…..the accounts were inactive, and still got hacked, how does this happen?
July 26th, 2010 at 11:15 am
Your email address is on a database somewhere.
Please, do not click on anything in the email, and forward it to hacks@blizzard.com.
July 30th, 2010 at 6:59 pm
Yep…same here. Account not used for 2-3 months, re-instated for summer holidays to find 000′s of gold missing, all epic’s and blue’s sold. Strangely, raised a ticket with WOW and all items have been returned in post. Do you think its an inside job – wow employees looking for disabled/unused accounts?
August 12th, 2010 at 8:13 pm
Everything that i wanted to say has already been said or mention by the others who haven’t logged on there account in long while. So what now.. Im not wining im not what others have posted giving info out and in addition i use a mac os that i haven’t turned on untill 48hrs ago. Whats going on!! i donl’t care about what was taken from my charaters or even if they were stripped i just want to know whats going to happen?? i don’t care whos’ fault it is… can someone just fix it? or provide a way we can hack it back or something..just want to see solutions to our problems instead of back and forths of who’s to blame we both have good reason to say or post what we do is there anyone out there that can Help!! if so can you personally email me. or post it up!! I’ll be personly waiting for some results..
August 23rd, 2010 at 1:05 pm
I got hacked too. Active daily player. I have no idea how they did it (took all the smart known precautions). Is it possible that a player to player transfer within the game would somehow give the hacker access?
August 24th, 2010 at 4:36 pm
I got hacked within 24 hours of canceling my account. I had done it because i was in between switching methods of payment. I know its been said before, but I am into PC security and have paranoid related issues. The is no way my account questions were answered, nor is there a possibility that a keylogger/trojan/virus/malware was involved. My account password was changed, and it was not through the email generated system that blizz uses. I have gone over the details with some associates and there is just no way my account was compromised with out someone at some point on blizz’s side. Or the worse case scenario, the auth servers have been compromised and someone is keeping it to themselves.
September 2nd, 2010 at 6:12 pm
Yeah geting hacked sucks,. know what they are doing, and you can better prevent it in the future. I recommend reading some of their content even if you dont mod/hack
September 16th, 2010 at 2:41 am
same thing happened to me. i don’t even play wow anymore, and today i get an email saying my account has been suspended for suspicious activity. my email account was being logged into by IP’s from China. something is going on. i have no idea how they would have gotten my passwords, but I’m glad the account was suspended and that i got notified.
October 13th, 2010 at 12:53 pm
It seems that is usualy the inactive ((READ: USUALY, TROLLS))accounts that get hacked. Is Blizzard or some third party reselling these accounts?
October 13th, 2010 at 1:55 pm
No. I just stopped playing WoW. When I went to reactivate, someone had stolen it.
October 15th, 2010 at 12:06 am
This happened to myself and several friends as well. We had all quit playing in the previous year, then friends who still played, emailed us, asking if we had come back to the game. What’s completely retarded about this, is that Blizzard doesn’t send you a “re-activation” email. So you have no idea that someone has re-upped your account, until you try to log in. If they just required some email reactivation confirmation, it would stop most of this.
November 9th, 2010 at 8:45 am
Ive seen 3 accounts get hacked, only thing in common is we used the “real id” feature in wow…seems like that is probably getting phished by a packet sniffer. since blizz pushed ppl to use their email as log in…youre screwed. and this wouldnt be a problem if people didnt buy gold etc with real cash…and I say that as I look at an add to buy gold on this pages banner ad…