Quick question about WoW - account hacking/recovery

[Daggah]

OK, so I used to be a WoW player. I'm kinda feeling that itch out here as something to do with my down time. Anyway, here's the deal. I quit back in the beginning of last year (January/February timeframe) because my account got hacked and I didn't feel like dealing with it. I don't remember the exact details of what I lost but the overview is:

My main character's Jewelcrafting profession was dropped and the hacker started power leveling something else.*
My "main" alternate toons (an 80 warlock and a Death Knight I was leveling) were deleted, poof, gone.

It's been almost a year and a half since then.

If I reactivated my account, what are the chances I'd be able to get that back?

* As I understand it, professions are unable to be restored - it's this fact that made me really pissed off when it happened and drove the whole "screw it, I'm not bothering with this" because I didn't want to re-level Jewelcrafting - mainly because of all of the recipes I had lost.

 

[Kangg]

Good luck man, shoulda dealt with that shit when it happened.

 

[sparks]

I doubt if they will do anything with something that happened that long ago.
You can try and good luck.

 

[Daggah]

It's probably better that way...I don't particularly have any desire to start over, so if I can't get it restored, I just won't play.

 

[noquarter]

If you quit a year and a half ago anything you got restored now would be worthless and replaceable with better quicker than a GM could dig through character logs anyway. But WoW is pretty weak now, I started it back up for about a week and there's just no challenges around, so I wouldn't bother.

 

[Daggah]

If you quit a year and a half ago anything you got restored now would be worthless and replaceable with better quicker than a GM could dig through character logs anyway. But WoW is pretty weak now, I started it back up for about a week and there's just no challenges around, so I wouldn't bother.

It's more about the characters that were deleted at this point...I rather liked my warlock. The death knight wouldn't take much time to replace, but the warlock would.

 

[veterator]

I hadnt played my account in 2 years, about a month ago it got hacked....

I turned it into a battle.net account about a month prior to it being hacked, and I started getting password change requests. The hacker got into it and within hours (definitely less than 12 hours) he was banned and he tried to change the password then thinking I had locked him out or something I guess.

So.......they restored 2 year old characters, it took 3 days of trying to call in to their center and about 2 weeks of waiting for them to send emails regarding the restoration. I actually had to have them do it twice because they restored all my characters but my highest level guy. And he used the trial lich king thing to do all this in, so I can't even use that to login and check to make sure they did what they said. Or if the guy got into guys I had on other servers. So their restoration process can do old accounts, but their restoration time frame and helpfulness sucks ass.... They never did reset my trial time so I could login to check and make sure they got everything and Im definitely not going to re-up just to do that.

Was thinking about re-upping when cataclysm came out, but my dudes are on a PVP server which I quit because it was something a friend talked me into and it sucked to play on a PVP server because there was never actually any PVP. It was more level 70s just ganking low level players all day until the low levels logged in their 70s..and one side would bring in more 70s until one outnumbered the other so much it wasn't worth bothering anymore.

My real concern with getting my account restored was that one of my dudes had about 30k+ gold on him and my plan was to in the future move him to a non PVP server and start over. I wish they'd do 25 bucks to move all characters on an account from one server to another instead of the 25 bucks per.. or let you make a small guild with your guys and move them all for a small fee based on the number of accounts instead of the number of characters.

 

[WasntMe]

I doubt if they will do anything with something that happened that long ago.
You can try and good luck.

^^^This.

Also, there are those that want more out of WoW than what it currently gives. I am of the group that says it gives a ton for the money. I can't think of another game with as many play style options as WoW.

 

[Ragenrok]

They should, I've heard of a few people with your problem and blizzard managed to restore chars that have been deleted for over a year. Email them now and mabey call them.
Posted via [H] Mobile Device

 

[NKDietrich]

I've personally had characters restored that had been deleted after more than 2 years had passed. I know people who have had things restored even older than that.

 

[Ragenrok]

while not a character, Ive had tiems resoted on characters that were hacked like 8 months before hand, but it took a long time to get everything back.

I took them about 1 week to restore my items/gear, and about 3-4 weeks to restore my gold but I did eventually get it all back.

 

[Trepidati0n]

BTW...get an authenticator. A large piece of mind for a few dollars.

 

[Dion]

BTW...get an authenticator. A large piece of mind for a few dollars.

imo blizzard should give these out free to people with subscription accounts. Its bad enough we fund them millions.. and cant provide us some extra free security.

 

[veterator]

imo blizzard should give these out free to people with subscription accounts. Its bad enough we fund them millions.. and cant provide us some extra free security.

Im of the opinion that until they offer them to people who have been hacked for free or include them in the boxes, I don't need one. I have my suspicions that a lot of their breaches come internally, because the timing on mine was pretty astounding given I haven't played WoW in 2 years and they break into it after I created a battle net account.

Plus there are a few things I wonder about when it comes to them. Are the batteries replaceable? What do they do when it breaks? Can you use one authenticator on more than one account?

I understand they let people get the app for free on their mobile devices, but I don't see why they don't make the app available to use on a second computer. It'd be rough for some hacker to get into one computer and able to pull down screen grabs or access key log info fast enough to get into your account before you. It'd be highly unlikely they could get into two PCs and pull screen info from one as you type into another. Maybe they are trying to prevent people from breaking the program, but even if they knew it they'd have to know what it creates it's seed value off of to generate the key.

 

[Daggah]

When does the expansion come out? I may wait until it comes out to start playing.

 

[EvilViking]

When does the expansion come out? I may wait until it comes out to start playing.

November. I would start working on it asap tho. Expect a shit ton of people to start re-playing when the expansion comes out. This will flood their call centers and take you even longer to get your toons back, if at all. Good luck

 

[Dion]

Plus there are a few things I wonder about when it comes to them. Are the batteries replaceable? What do they do when it breaks? Can you use one authenticator on more than one account?

If they die you have to call them.. with your secret word. have them remove the auth thing.. then you just re-enter the code on the new one into the webpage. one authenticator per account. Alot of people get hacked in WoW. I dont know how the hackers get the pw's but they do. My account got hacked when I quit wow and it wasn't even installed on my PC.

 

[Daggah]

I wouldn't be surprised if veterator was right and that some of these breaches are internal. I know enough not to fall for phishing attempts so I have no idea how my account was hacked...perhaps it was a mod installing a keylogger, but nothing else was compromised around the same time.

That said, I get phishing attempts in my spam folder of my old yahoo address at a ridiculous pace. I get like 15-20 WoW account phishing e-mails a week. I even get them occasionally for LotR, Aion, and Age of Conan...all games I've never played.

 

[chronic9]

well, if u have a iphone or droid device you get authenticator free. so no reason NOT to have one.

 

[veterator]

If they die you have to call them.. with your secret word. have them remove the auth thing.. then you just re-enter the code on the new one into the webpage. one authenticator per account. Alot of people get hacked in WoW. I dont know how the hackers get the pw's but they do. My account got hacked when I quit wow and it wasn't even installed on my PC.

One authenticator per account, but could you use the same authenticator on two accounts? I have two wow accounts I used to play, I'd like to just have to consult one device to get into each. I would think one authenticator could be applied to more than one account because most people dont have multiple cell phones to install 2 auth apps on...and it doesn't make sense to have to install it twice.

Either way, I still feel if they want to encourage them they should be boxing them in with their games instead of making you order them separate.

 

[Yoshiyuki Blade]

One authenticator per account, but could you use the same authenticator on two accounts? I have two wow accounts I used to play, I'd like to just have to consult one device to get into each. I would think one authenticator could be applied to more than one account because most people dont have multiple cell phones to install 2 auth apps on...and it doesn't make sense to have to install it twice.

Either way, I still feel if they want to encourage them they should be boxing them in with their games instead of making you order them separate.

Yes, according to the FAQ, you can use the authenticator on as many accounts as you like.

This is probably what hackers do when they compromise accounts.

 

[Daggah]

well, if u have a iphone or droid device you get authenticator free. so no reason NOT to have one.

I have a Droid...I'm deployed though, so my only connectivity on it is wi-fi. How's the Droid authenticator work? Does it just display a code that you then enter on the login screen?

 

[Ragenrok]

I have a Droid...I'm deployed though, so my only connectivity on it is wi-fi. How's the Droid authenticator work? Does it just display a code that you then enter on the login screen?

yes, your givin a serial number to register to your wow account, then when you go to play wow you launch the authenticator app on your phone and tell it to generate a code. The code is different each time and is generated using some algorithum based on your serial number. You just enter that at login to play. WoW then de-autherizes that code you used so no key loggers can try and use it on you.

 

[Daggah]

yes, your givin a serial number to register to your wow account, then when you go to play wow you launch the authenticator app on your phone and tell it to generate a code. The code is different each time and is generated using some algorithum based on your serial number. You just enter that at login to play. WoW then de-autherizes that code you used so no key loggers can try and use it on you.

Would it work over wi-fi or only over 3G?

 

[Ragenrok]

Would it work over wi-fi or only over 3G?

it doesnt need internet, only to download it once. once its downloaded its an offline app, its the exact same thing as the authenticator key fob you can buy for 7$ except its free.

 

[Yoshiyuki Blade]

Yep and in case anyone isn't exactly sure how it works. A unique serial number is generated for each authenticator, which is associated with a unique algorithm that generates random codes. Only the app/key fob and Blizzard's authentication system knows it. Once you synchronize them, they generate the exact same codes at the same time, independently from each other, so there's no middle man that can intercept the codes. Also, once the code is used, it immediately becomes invalid, so 2 people can't log in within the same time frame.

The only attack I'm aware of, that can compromise accounts with an authenticator, use the "man-in-the-middle" attack which spoofs the login screen forms and keylogs the authenticator code while it's still valid. It's very rare from what I've heard, but it's happened before.

 

[Armoured]

^^ cool explanation. Always wondered how it worked. Didn't realize that it's all offline.

 

[tuksonrider]

You'd be suprised (or maybe not), that MANY people use the same login credentials they use for many other programs (IM, email, eBills, other online games) are exactly the same as their WoW acct.

If a keylogger gets your AIM acct for example, the hacker then just goes out and tries that same login credintials against other accounts you may or may NOT have.

One of the MOST common is NOT using a key logger at all. I knew a guildie who used to play some f2p mmog. He stopped and gave the account away. Well... he used the same login credentials as his WoW account. The person who got the f2p acct knew that the person who gave it to him played WoW.

Tried the login creds on WoW, found out it was the same as the f2p game login, and stole the WoW account.

The original owner raised hell saying he was hacked and blamed Blizzard. Found out, blizzard had NOTHING to do with it.

 

[Yoshiyuki Blade]

Yeah, it can spread farther than one may think. My first login information was basically the same as all my other unimportant stuff (facebook, myspace, etc.). After that, I changed my WoW login information and e-mail address password. I've also changed my battle.net e-mail as well. Some months later I found myself spamming on facebook. It made me realize that they'll probably crawl through the whole web to try and see what they can get into, so I changed any other services (that I could remember) that I used the same credentials for.

I've been thinking of just retiring this nickname I had for 10 years and starting fresh with a new alias across the board. Being 12 years old at the time, it's not as inspiring as it used to be.

 

[Daggah]

Just an update...

I got my account back last night, set up the Droid authenticator, logged in for the first time since last February. They had restored my deleted characters but they were all naked...completely stripped, right down to even the bags being gone. My level 72 warlock still had some gear equipped - pvp gear that couldn't be vendored or disenchanted. My 69 death knight had nothing. There was a level 1 alt that I had never created called "Bbac" ("I'll be back?") with some of my gold on him, so I snatched that up before deleting him. Blizzard couldn't restore my gear, saying it was too long ago, so they sent me 8500 gold instead. I don't really remember how much gold I had when I quit so I don't know whether I came out ahead or not though.

My shaman main had all of his main spec gear still equipped, and all of his bags, but all of his off-spec gear that I had collected is gone. All of the various trinkets he collected...gone. Argh.

On the bright side, Blizzard did restore my jewelcrafting, 445/450 (which I think I was at when it happened) with what I think are the specific recipes I had at the time too...which makes it kind of ironic, because I quit out of frustration thinking that all of that work couldn't be restored. If I had known I could've gotten that back...I would've gotten it restored a long time ago and probably gotten a full account restoral. Although the GM I talked to told me that he'd just restore it to 375 JCing...I logged in and discovered that it was at 445/450 instead.

I'm thinking I might as well start over and create a new DK.

 

[WasntMe]

Glad to hear you got your characters back.

If you last logged in last February then the 8500g was a lot more than your gear was worth (maybe ilvl 200). The dungeon finder will get you some much needed gear fairly quickly if you decide to go that route.

 

[Yoshiyuki Blade]

Yeah, a year and a half is a long time. A few days of heroic badge farming will get you far better gear than anything you could get that long ago. But since there's no artificial limit to farming badges anymore, it's basically grinding and you can possibly burn yourself out. Naxx gear was in the ilevel 200 and 213 range. "Entry level" gear is ilevel 245. Not really worth going for anything much higher though since cataclysm beta is in full swing at the moment. Although you may be able to get into some ICC10 groups and snatch some upgrades.

 

[eurin]

I'm curious, when you use the random dungeon system, do people get dickish and boot poorly geared people?

As dps, I always found it a hassle to get heroic gear, because people would demand you ridiculously outgear an instance.

 

[Ocellaris]

Just an update...

I got my account back last night, set up the Droid authenticator, logged in for the first time since last February. They had restored my deleted characters but they were all naked...completely stripped, right down to even the bags being gone. My level 72 warlock still had some gear equipped - pvp gear that couldn't be vendored or disenchanted. My 69 death knight had nothing. There was a level 1 alt that I had never created called "Bbac" ("I'll be back?") with some of my gold on him, so I snatched that up before deleting him. Blizzard couldn't restore my gear, saying it was too long ago, so they sent me 8500 gold instead. I don't really remember how much gold I had when I quit so I don't know whether I came out ahead or not though.

My shaman main had all of his main spec gear still equipped, and all of his bags, but all of his off-spec gear that I had collected is gone. All of the various trinkets he collected...gone. Argh.

On the bright side, Blizzard did restore my jewelcrafting, 445/450 (which I think I was at when it happened) with what I think are the specific recipes I had at the time too...which makes it kind of ironic, because I quit out of frustration thinking that all of that work couldn't be restored. If I had known I could've gotten that back...I would've gotten it restored a long time ago and probably gotten a full account restoral. Although the GM I talked to told me that he'd just restore it to 375 JCing...I logged in and discovered that it was at 445/450 instead.

I'm thinking I might as well start over and create a new DK.

All of the characters and gear can technically be restored, however Blizzard was doing so many of these on such a regular basis they are overwhelmed with requests. Check any gaming forum and there are usually a bunch of people that have been hacked. When I was leading a guild there were always people losing their account or getting them recovered at almost all points in time. I've recently seen characters that were deleted months ago recovered with full gear. Plus you have people deleting each otherss accounts and shit for fun or because they are pissed, its endless. Hopefully Blizzard irons out their log in system before Cataclysm by making *everyone* use authenticators.

The Blizzard recovery system requires them to have someone personally go over each account before restoring the gear (massive time and money sink for them given the numbers involved). Now they default to giving you a pile of gold and some emblems to get you started again. Even that can take a while. Like most companies, Blizzard wants to spend as little money as possible supporting the end users when it comes to problems like this. Also these things always start due to some failing on the end user to properly secure their account, which makes Blizzard care about it even less.

 

[Ragenrok]

I'm curious, when you use the random dungeon system, do people get dickish and boot poorly geared people?

As dps, I always found it a hassle to get heroic gear, because people would demand you ridiculously outgear an instance.

normally no, the random finder has a gear limitations for some of the heroics and wont let you que up for themt ill you get better gear. Only time Ive seen a someone kicked was a healer who "met" the gear reqirments by throwing on pvp dps gear. Instead of healing pve gear, one thing to note is you can only ick one person per dungeon so if they kick you they risk not being able to kick anyone else for the rest of the run. Beyond that I wait to see how bad they fail at there role before I kick.

Most people are really good about letting you gear up, my pally was fresh 80 and never had any problems with people being dicks about it in heroics

 

[Yoshiyuki Blade]

I'm curious, when you use the random dungeon system, do people get dickish and boot poorly geared people?

As dps, I always found it a hassle to get heroic gear, because people would demand you ridiculously outgear an instance.

Personally, not once on my mage, but he was decently geared to begin with. With a fresh Shammy I leveled a while ago, I had one incident of a dickish player, but I wasn't kicked for it. My gear was so bad, that I was locked out of heroic dungeons and had to scramble some gear to get in too.

 

[ShadowStriker]

I hear random will group you with people within your gearscore range sometimes.

 

[BinarySynapse]

Yep and in case anyone isn't exactly sure how it works. A unique serial number is generated for each authenticator, which is associated with a unique algorithm that generates random codes. Only the app/key fob and Blizzard's authentication system knows it. Once you synchronize them, they generate the exact same codes at the same time, independently from each other, so there's no middle man that can intercept the codes. Also, once the code is used, it immediately becomes invalid, so 2 people can't log in within the same time frame.

The only attack I'm aware of, that can compromise accounts with an authenticator, use the "man-in-the-middle" attack which spoofs the login screen forms and keylogs the authenticator code while it's still valid. It's very rare from what I've heard, but it's happened before.

There is another potential avenue for exploiting the mobile authenticators. The app and the data it uses to generate codes is in no way tied to the device it's installed on, so all that has to be done is to copy the data file for the authenticator from your phone to another and have two authenticating devices that give identical numbers (I have done this with my phone, a java app, and an android emulator).

Of course, this means having your log-in and password along with knowning which device you use to generate codes, but it's possibile to design a phone app that appears to be useful that requires logging in with your B.net info.


OT: I had my inactive account hacked earlier this month (and cannot find any way that it was my fault). They restored my trade skills and all the items the hacker destroyed along with a character they created that had about 13k gold. But my account had only been inactive since March.

 

[WasntMe]

I hear random will group you with people within your gearscore range sometimes.

Rarely and not on purpose. This is a myth.

You will be grouped with anyone in a HUGE range (from just eligible to overgeared). I always check GS, not to be a dick, but just so I know what I am up against.I like to always do 110% on my hunter and I like beating people with a higher GS.

My groups alway range from super high gear to just starting out. It's a good random dungeon group (hence the name).

 

[Daggah]

Update #2 - after they said they couldn't restore my gear, they restored my gear.

I don't know either, but I'm not complaining!