World of Warcraft Hacked
If you’ve woken up to find that your World of Warcraft account has been suspended due to spam from gold farmers and keyloggers, or that your guild bank is suddenly drained, it’s because an Adobe Flash exploit has been discovered.
From a moderator post in the forums:
A recent vulnerability has been discovered in popular web-content delivery program Adobe Flash, and it could potentially be used to target World of Warcraft players and accounts. The newest available version of Adobe Flash, version 9.0.124.0, does not contain this vulnerability, and we recommend that everyone upgrade their Flash player as soon as possible by visiting the Adobe.com download page at the link below.
http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
In addition, to avoid exploitation of this vulnerability, we have temporarily disabled the ability to post hyperlinks in our forums. Any links will need to be copied and pasted into a browser. We’ll continue to evaluate any potential security threats and take any steps necessary to ensure a safe and fun environment. For more information on this issue, you can read the announcements from the Adobe security team concerning the threat at the links below.
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue.html
http://blogs.adobe.com/psirt/2008/05/potential_flash_player_issue_u_1.html
How am I aware of this? My account’s been hacked by keyloggers TWICE in the last 48 hours, even though my account was not active. Thankfully, I don’t use a credit card for a WoW subscription – I use a Game Card.
Trying to log into my account to complain, I saw among the characters I could choose from:
Gagefgw* 1 Dunemaul
Scarbaraynhn* 1 Dalaran
Forbasyhjs* 1 Doomhammer
Robelagh* 1 Thaurissan
Berreyhjd* 1 Dentarg
Ardrinitytyh* 1 Demon Soul
Saresajyfi* 1 Dawnbringer
Laumesghjd* 1 Dragonblight
Gradeadysfg* 1 Gundrak
Tiroldeweyfg* 1 Saurfang
Erektth* 1 Darrowmere
Khandiandtyh* 1 Draenor
Anjanevbhjn* 1 Drak’Tharon
Simistiafgyh* 1 Nagrand
Gloisonorefg* 1 Dath’Remar
Jarthghsrt* 1 Dreadmaul
Edredgfh* 1 Caelestrasz
Miccaynegh* 1 Frostmourne
Felseatrahgi* 1 Khaz’goroth
Aphedagnycvb* 1 Drak’thul
Jonahfalcon* 1 Argent Dawn
Waylonsongdh* 1 Destromath
Doriafjgaf* 1 Dethecus
Isagenfgh* 1 Dragonmaw
Aruneggh* 1 Barthilas
Adradynnaygf* 1 Drenden
Loisbethgh* 1 Daggerspine
Deweyfgbd* 1 Aman’Thul
Brunhityhj* 1 Dalvengyr
Lemedwalinjm* 1 Duskwood
Jaianejyf* 1 Darkspear
Hanessilhj* 1 Deathwing
Valeghftg* 1 Draka
Maeverladhtf* 1 Jubei’Thos
I didn’t list my real accounts – but this was just SOME of the servers this asshole had been logging in with my account. Worse, my main toon, a level 71 I’d been grinding for 80 to review Cataclysm with, had been deleted by the hacker. I must stress that when my account was hacked, it was NOT ACTIVE. I did not get phished. No, this happened on BLIZZARD’S side.
January 24th, 2010 at 3:45 pm
Security Alert – Flash Vulnerability 05/28/2008 05:06:14 PM PDT
Current flash version is 10.0.42.34
January 24th, 2010 at 9:03 pm
Sucks to be you.
January 24th, 2010 at 9:56 pm
No, it sucks to be you.
January 24th, 2010 at 11:00 pm
always the professional ‘journalist’ aye Failcon?
January 25th, 2010 at 12:24 am
Just because you didn’t get phished and your account was inactive doesn’t mean it’s on Blizzard’s side. You sound a lot like the uninformed masses who always blame Blizzard for everything that happens to them. Doesn’t mean shit.
January 25th, 2010 at 12:29 am
Remember, account security is none of Blizzard’s responsibility, folks.
January 25th, 2010 at 1:55 am
I’m not exactly sure how it could be Blizzards fault that this happened to you?
It seems beyond normal means to get your info from Blizzard themselves, somewhere along the lines you basically had to have your account info compromised. The hackers/farmers/sellers wouldn’t have enough info to get Blizzard to send them your information, it takes quite a bit of specific personal information to get that. Which is why I say, I imagine your information was compromised, even if it seems very unlikely.
Remeber, if you get your account info stolen, you do not have to be currently active get a free scroll of resurrection from another player, costing the farmer/seller/hacker 0 to re-open your account…
It is probably almost entirely impossible to track this back to a true fault of Blizzards, their info-release system is built to prevent that.
January 25th, 2010 at 2:45 am
So Blizzard should prevent you from using the same username/password more than once on the entire interwebs? Get yourself an authenticator and stop whining.
January 25th, 2010 at 3:23 am
Is the idea that the hackers activated the account for you such a large leap in logic that you couldn’t make it?
Seriously, take some personal responsibility. It’s liberating, I promise.
January 25th, 2010 at 3:43 am
But it is alarming that Adobe Flash may be use to hack WOW Accounts. Its useless how much we took care of our computers not to use to by anyone and even not logging in to other computer aside our personal computer if there are program that exist its very alarming. It might be one of the software that we trusted that not contains any suspicious Malware and will suddenly cause our account hack.
January 26th, 2010 at 3:10 pm
[...] you recall, I’d reported my World of Warcraft account was hijacked. I reset my password twice, but then trying to check my account this time, I discovered someone not [...]
January 26th, 2010 at 3:23 pm
Aion (NCSoft game) has the same problem. People’s accounts being hacked when their account was inactive. Their NCSoft Support admitted it was due to PACKET MANIPULATION in game.
I doubt it was an Adobe flaw. You have to pick out the key words here: “hacked while account was inactive”.
Copy of the response NCSoft gave an Aion player.
http://img14.imageshack.us/img14/6616/ticket2o.jpg
January 26th, 2010 at 3:25 pm
I’d assumed it was the Adobe problem – when I did a web search for the exact symptoms of my issue, it brought me to Blizzard’s Adobe report.
There’s an update to my issue:
http://www.gamestooge.com/2010/01/26/world-of-warcraft-hijacking/
You might want to repost that comment there.
February 14th, 2010 at 2:57 am
I have to add my encounter too:
- I have been playing WoW for three years now
- Never was I hacked. I had Spybot, AVG, SPF (old firewall) and Ad-Aware
- I went on hiatus, and my gamecard expired last Dec 25, 1990 (Ho-ho-ho)
- I received an email saying an account was MERGED just last week. Meaning my account of inactive status for 40 days was hacked
NOTE:
- I don’t do gold buying (I enjoy the mindless farming. Mining is my specialty)
- I don’t do porn (yes, we old school grandpas are past that)
- I do not share my PC with anyone
- My two daughters have their own PCs to play WoW with (yep, hordes FTW)
Now, tell me, how would “I” be responsible with the hack?
EPILOGUE:
- My two main 80s deleted
- My 60 toons left naked
- guild bank and personal gold vanished
(yep, my daughters and I are the only members)
CHALLENGE:
Will Blizzard ENSURE and re-compensate us, when our AUTHENTICATOR protected accounts are hacked, again ?
Oh, one more thing: When I received that email, logging on to my account said it was protected, and was asking for my authenticator password. I never had one.
Shut out by the system that should be used to protect us.
I rest my case.
February 21st, 2010 at 11:31 pm
Marduk0304,
I have almost the exact Shit With You. My old Account was Hacked(meaning Password/Id Changed) After Being INACITVE Since Last March til Last September.
I Started Playing Wow Again on my bro’s account. Just 1month, Last Night my internet was fucked up and i couldnt play. 1st thing in the morning when i logged in, They asked me For an authentication code WHEN I DIDNT BUY ONE. 1hour later, My bro’s Account Password/Id was changed. 30mins later My Bro’s lvl 80 main was transfered.
Can Someone Also Tell me What The FUCK is blizzard doing? I’m So Over with Blizzard Man, Fuck Them, Total I’vve WAsted over 500 USD on both account over the Years i’ve been playing. Screw Blizzard
February 25th, 2010 at 10:13 pm
My account was hijacked as well. Had two days of conversation with Blizzard, resetting password and account information. All security measures were in order on my end and several scans proved the same. Account was taken over no more than ten minutes after being reset, five times! Blizzard had no answers. Painfully account was closed and I will never deal with Blizzard again.