- Games, Toys, and Hobbies
What To Do If Your World of Warcraft Account is Hacked
I Lived Through It.....So I Know !
On January 21st, about midnight, I logged into World of Warcraft, just like I had millions of times before, in the six years I have been playing. A friend of mine was on, and he said "Two of you on at once ?" Now, I have two accounts, but I was not logged into my other one. My eyes flew open and my blood instantly turned to ice. I was being hacked ! I immediately opened another instance of WoW and tried to log into my second account, only to find that an authenticator had been put on it. I was still in my first account, so I switched back and told my friend I was being hacked. I opened a ticket and started filling it out, when I was kicked offline. I tried to log back in and yep.......you guessed it.....authenticator. I was locked out of both my accounts, and thanks to battle.net forcing me to link my accounts, they had access to both of them. There was absolutely nothing I could do. Blizzard does not have 24 hour support, so I could not call anyone to stop this intrusion. I was a pure bloody nightmare. Needless to say, I didn't get any sleep that night.
Having your WoW account hacked is a a truly terrible thing. After it happened to me, I decided to make this lens and give a carefully detailed account of exactly what happened and when, so that others would know what to expect. Hopefully it will give a small amount of comfort to people in this situation.
What To Do Immediately
As soon as you know you are in trouble....
If this happens between 8am and 8pm PST, you should call Blizzard immediately at: 1-800-592-5499 and select the Account Administration option. Most of the time, hacking is done in the hours that Blizzard is closed, so they have more time to strip your account. If you are hacked after 8pm, and Blizzard is closed, follow the list below, step by step.
1. First thing you should do is call someone you know that has a WoW account, ask them to sign on and file an in-game ticket for you. Make sure they know the name of your Battle.net account and all WoW accounts involved. Then, have them contact your guild(s) and have them remove your toon's guild bank access, so the hackers cannot steal from the guild bank.
2. Next, go to the World of Warcraft Community site at http://www.worldofwarcraft.com. On the left side you will see a menu, under Account choose "Change Password" and click on it. When you get to the next screen, at the bottom, click on "Forgot your account password ?" Follow the instructions to change your password. This WILL NOT stop the hacking, but it is necessary for you to change your password as soon as possible.
3. Go back to the home page and look at the bottom of the menu under Support and click on the option "Account Admin." When you get to that page, look at the bottom of the left side menu and choose "Contact Support." This will take you to an e mail form. Choose the Game 'World of Warcraft' and then Select the Category "Account Security/Compromise." When you fill out the description, make sure to put the following:
Battle.net account name.
All World of Warcraft account names involved.
Exactly how you determined you were being hacked and the time.
The character name and realm of the person that you had file the ticket for you, in game.
Reiterate your e mail address and include your phone number.
This is all you can do, for now. The next step comes the next day, at 8am PST, when you call Blizzard.
Do this as soon as they open...
The next morning, I called Blizzard at 1-800-592-5499, at 8am PST. (11am my time) I was, of course put on hold for 15 minutes, and then cut off. I called back and was informed by a recording, that they were too busy with other calls, and to call back later. At my wits end, I called the tech support line, (949-955-1382) desperate to get a hold of someone....ANYONE ...... that I could report this to. After a 10 minute wait, I was connected to a technician. I told him what had happened and he looked my account up in the computer. He told me that my account had been suspended for "unauthorized activity" and was shut down. He also told me that they had received my e mail and they were investigating my allegations that my account had been compromised. He told me that I should check my e mail for notification of account suspension, and that the letter would tell me what to do about it.
He then said we needed to determine, if possible, how they had gotten my password. The first thing he asked me was if I used mods. He asked if I used WoW Matrix or Curse Client. When I told him no, he asked me if I had been to the Armory lately. Indeed I had, the very afternoon, of the night I was hacked. He then asked if I was asked to log in to use Armory....and I had. Now, Blizz has been advertising that the Armory was recently updated and contained more information. Due to this advertising, I just thought they had added the log in as a part of the "new features" of the Armory. Come to find out from him that hackers have devised a way to hijack people logging into armory, and put them on an official looking page that asks for their log in and then after you do, they take you back to the opening armory page. Apparently tens of thousands of people have been compromised, using this scam.....which made me feel a bit less stupid, but sure didn't help my ravaged accounts.
Protect Yourself with an Authenticator - Total Account Security
An authenticator is a small (2.5 x 1.5 inches) plastic box, on a keychain, that has an LCD screen and one button. When you get yours, you have to log into your account at the World of Warcraft Community Site and go to "Add an Authenticator." On the back of the Authenticator, there is a serial number. You simply copy that serial number into the required box on the website and you are done ! Now when you log into your WoW account, you will put in your password, and then a box will pop up to ask you for an Authenticator number. You simply pick up the Authenticator, press the button, and copy the six digit number into the box in WoW. Voila ! Simply and easy to use, and protects so much. Get one today !!
The Next Step - Cleaning your Computer
Use more than one program...
The technician advised me that the first thing I needed to do was to run antivirus and antimalware to see if my computer had a keylogger or virus on it from the hackers. Apparently nothing could be done towards lifting the suspension on my account until I was sure that my system was free of malicious software. He directed me to use my own antivirus and to also visit http://us.blizzard.com/support/article/20569 which has more information and places where you can get free antivirus software.
The antivirus software they recommend is:
Symantic security check
For Mac: Symantec Antivirus
The Anti Spyware software they recommend is:
Microsoft Windows Defender
Spybot-Search & Destroy
I used Norton Antivirus and Windows Defender and did an in depth scan and they found absolutely nothing. I downloaded Spybot S&D, and it found nothing. I was unsure about what to do, so I looked on some geek forums and found that a lot of people were using a program called Malwarebytes. (http://www.malwarebytes.org) So I downloaded it and ran a full scan, which took hours. It found 10 pieces of malicious software: 7 files called Rogue.RegistryKey and 3 files called Rogue.BulletProofSpyware. These files were quarantined and deleted by Malwarebytes. I was so relieved, my system was clean and everything was ok ! Or so I thought.
Letter from Blizzard
They were fairly quick and helpful
I looked in my e mail and I had a letter from Blizzard about the account suspension. I opened it up and this is what it said:
Account Name: XXXXXXXXX
Account Action: 72 Hour Suspension
This suspension happened because one or more characters on the account were identified exchanging, or contributing to the exchange of, in-game property (items or gold) for "real-world" currency. This exchange process negatively impacts the World of Warcraft game environment by detracting from the value of the in-game economy.
Even if this behavior is the result of a third party accessing the account instead of the registered user (for example, a friend, family member, or leveling service) then the account can still be held responsible for the penalty because of the impact it had on the game environment.
We've found the above behavior is many times directly related to groups responsible for compromising World of Warcraft accounts; we take these issues very seriously. To better understand our position against exploitative activity and the risks involved, please review this article: http://www.worldofwarcraft.com/xxxxxxxxxx
For any disputes of this action, please visit the Exploitative Activity FAQ and Contact page here: http://us.blizzard.com/xxxxxxxxxxx
Blizzard Entertainment Support
I also had another letter from a GM regarding my account:
I have removed the authenticator from your account. I have also sent an email off to you so you can change the password for the account. Please contact a gm in the game if anything is missing. Also, your accounts have been suspended due to the activity on them. I will be able to lift the suspensions but first I need to know that you do everything you can to keep your computer and accounts secure, such as run virus scans. If you do, please email me back so I can get you back into the accounts.
Billing and Account Services
You are receiving this email as you had expressed that your password was changed without your knowledge and/or concern that your account might have been affected in a detrimental way. Below is information that should be useful to assure your computer's security and to assist with any related in-game issues on your account
I found this letter to be a bit presumptuous, but what could I do ? I sent them a letter back and told them my computer was clean and that I ran antivirus and antimalware twice a day and to please release my accounts, as I wanted to get in to see what kind of damage had been done. About an hour later, I got this letter:
I have unlocked your accounts and they should be good for play. As before, please contact a gm if anything is missing. Also please don't hesitate to contact me back if you have further account issues.
Billing and Account Services
A few hours later I got the following e mail:
Account Name: XXXXXXXXXXXXX
Thank you for contacting the World of Warcraft Game Master Department regarding the compromised accounts.
Information regarding the status of these accounts has been forwarded a specialist for further analysis. When their evaluation is complete, you will be notified via e-mail of the status of the above accounts and the possibility of reimbursement. This may take a few days for you to receive notice, and we apologize for the wait.
Be aware your password will be reset in an effort to secure your account and prevent any unauthorized access. A separate e-mail will be sent with additional details after the reset is confirmed. Please make sure you are the only person using the accounts and access is not shared with anyone else. As a precaution, you may wish to take the following steps to ensure the security of these accounts:
--Run a virus scan on your computer to remove all viruses, Trojan files, and key loggers.
--Delete any UI modifications you may be using, and check to ensure that all future UI modifications you wish to use are obtained from a reputable source.
For more information about unauthorized account access, please visit:
*** Please do not respond to this email as a Specialist will contact you upon the conclusion of their investigation. ***
After receiving this wonderfully vague letter, which told me nothing, I was ready to go into my accounts and see the damage that they did. I have to tell you I was scared to death. I had acquaintances in the past that had gotten hacked and they always said, that they got everything back......but I had always wondered if "everything" meant EVERYTHING, or if it meant just the important stuff.
The Damage They Did
and what they stole....
I have been playing WoW for 6 years and I have six level 80's. I have over 30 characters. I am a real fan of playing the Auction House and I have been doing so, almost daily for over 5 years. As a result, I have over 150,000 gold, spread over 3 realms and many characters. I figured that, at least, the gold would be gone and I tried to steel myself for what I would find, as I was logging on.
The first site to greet my eyes, when I logged on to my main account was my level 80 blood elf priest, dressed in a pilgrim dress and hat. The hackers had to have a good sense of humor, as I always mask my helm, which means they had to unmask it deliberately, so I would get the full pilgrim outfit effect. Thanks guys. I quickly flipped through the rest of my toons. All of the below 80 characters looked normal, but my 80's were all in various states of undress.......my dwarf priest was stark naked (because she is an enchanter) my elf priest was naked other than her PVP pants and boots. My Dranei mage was the only 80 I had that seemed to still be fully dressed. Checking deeper, I found that not only did they steal my gold, weapons, armor and other items, but they also deleted my two major professions on my 80 mage (450 herbalism and inscription) and my 80 hunter (450 herbalism and alchemy). I almost had a heart attack. They also redeemed every single badge I had and cashed in all my battleground marks and honor.
Going through the items they took on my level 80 characters, there seemed to be no rhyme or reason to the things they took. They took my hunters pet food, and left an unbound Merlin's robe in the bag of my druid. They cleaned out my inscriptionist's bank of herbs and inks, but they left my priest's bank completely intact, full of enchanting mats. It really made no sense. My druid is an officer of a guild, and they cleaned out the guild bank, taking every single mat, every piece of armor, weapon, gem.....anything that was of any value. I also have two personal guild banks that I use for storage and they cleaned them out too.
They didn't take all my gold, they left 40 gold on my 80 dwarf priest, and all of my lower level toons that had less than 100 gold on them. Some of the items from the guild bank were also left on my priest, as well as some items from the guild bank were put in the Auction House. Not really sure what was in the mind of the hackers in doing that, but kind of think that Blizzard must have shut down my account (from the ticket my friend filed) while they were in the middle of things. I can't imagine any other reason for finding things as they left them.
The New Expansion - Warlords of Draenor
How I Got My Stuff Back
and How Long it Took....
On January 27, I got a bunch of e mails....one for each character that had items stolen. The letters said that the characters items had been restored. It had three categories, gold restored, professions restored and items restored. It had a list under each category of everything restored on that character.
When I went in the game, I checked each toon and I found every single one of them had multiple e mails, all chocked full the the items that had been taken from each. There was no order to the items, bag and bank stuff was mixed in with armor sets and everything else. To be honest, I didn't care, I was so happy to see my stuff back I would not have cared if they sent it back in the saddle bags of a kodo. When I put my armor back on, I was pleased to see that even the enchants and gems had been restored.
I have so many characters, I made a checklist of all of them, so I could make sure than none were missed, and it was a good thing I did. I have two characters, on different realms named Xindi and also two named Ravencry. The lower level character of both the double names were over looked by Blizzard. I send an e mail to the GM that has sent me the restoration e mails and explained the situation. I had the restoration for those two toons, the very next day.
All in all, it was an extremely horrible experience to have my account hacked. However, I did get everything back....gold, professions, items, badges, honor, marks....even down to my mead basted caribou pet food. It only took 6 days, but they were some of the longest days of my life. My characters were not naked, as they left all my PVP gear (cannot be vendored or disenchanted) but I had no weapons of any kind, so I could not do WG or any battleground, no instances.....not even dailies. It was pretty awful, and when I think it could all have been avoided for the small amount of money an authenticator costs, I could slap myself around Stomwind Harbor. Please take it from one that knows, if you do not have an authenticator yet, GET ONE !! They are so cheap and easy to use, there just in NO reason not to have one. Not to mention you get an adorable corehound pup non combat pet on each character you make for the rest of your life ! Please save yourself the grief. Don't be like me and think that hacking is just something that happens to "other people." Don't wait for something to happen, get your authenticator now !
Poll on Hacking - Please Participate
Have You Everf Been Hacked, or Know Someone That Has ?
Some of My Other WoW Pages You May Enjoy
I have many Hub Pages, far too many to list here, but below are a few of my favorites that you may enjoy. If you would like to see a complete list of my pages you can view them here: Jadelynx
World of Warcraft Costume Shop
As a World of Warcraft player, I have always wondered what it would be like to have the awesome clothes and accessories that my character has......and a pla...
How to Be Unpopular in World of Warcraft
Anyone who has ever played a MMORPG has run into people that are annoying. They say annoying things, they do annoying things or they don't do things that the...
What To Do If Your World of Warcraft Account is Hacked
On January 21st, about midnight, I logged into World of Warcraft, just like I had millions of times before, in the six years I have been playing. A friend of...
How to Install World of Warcraft Mods
Do you want to use add ons in World of Warcraft ? Have you had problems trying to understand how to do so ? Then you are in the right place ! This lens will ...
Auctionator - World of Warcraft Auction Mod
Do you find it frustrating to put items in the Auction House on World of Warcraft ? Do you wish that you could just click a couple buttons and have the aucti...
Free Tips on Making Gold at Low Levels in World of Warcraft
I used to have a WoW Blog.......but after writing in it for over a year, I reached a time in my life when I just did not have time to write in it any more. A...