It took 13 years, but I've been haxored!

[DarkHand]

I've never had a computer related security breach in the 13 years I've been online until today. I got a text message from a friend of mine who was amazed that I was playing WoW again after having canceled my account two years ago... Only I never reactivated it.

Tried logging into my old WoW account only to find I can't. Check my Gmail, and there's a WoW password change confirmation email from 2 days ago in there that I hadn't noticed before. I figured they shouldn't have been able to do anything without access to my email, but the email had been read.

Check the gmail access logs, and I have these two IPs in there:

59.56.87.249
119.118.113.1

Both trace to China.

EVERYTHING is routed through that email account, so I've been changing every password I can think of in a flurry. Nothing seems to have been touched in my bank accounts, paypal, amazon, etc, so I'm hoping they were just after my WoW gold. I've got an account security ticket open with Blizzard, but while I've got the important ones done, I've got dozens and dozens of passwords to change still.

No idea how it happened yet, I haven't touched WoW in 2 years so it couldn't have happened that way. I'll have to check every PC at home now for spyware/keyloggers. Alerted my parents and brother as well, they're rushing to do the same thing with their accounts.

 

[Briansol]

This is ALWAYS why i suggest having at LEAST 3 passwords.

1) forums/general web accounts
2) email account (or, one for each if you're nuts)
3) banking stuff (one for each... i use 99% the same for all mine, but change one character in it or at the end sometimes to make it different but easy to remember).

 

[DarkHand]

This is ALWAYS why i suggest having at LEAST 3 passwords.

1) forums/general web accounts
2) email account (or, one for each if you're nuts)
3) banking stuff (one for each... i use 99% the same for all mine, but change one character in it or at the end sometimes to make it different but easy to remember).

I use two, one for forums/general, one for anything involving money. My gmail account was on my 'general' password, but inside that gmail account is info for bank info, etc (which sounds really dumb now... It touches money stuff, it should have the money password).

WoW had its own completely different password if I remember correctly though, so I'm still in the dark as to where the breach happened.

Credit card info was wiped from the WoW account when I canceled it, so they must have reactivated it with something... Probably a pre-paid game card though.

No reference in my email anywhere to my WoW account name either... Now I'm really unsure where they would have gotten that from.

 

[95b16coupe]

WOW is the devil....too many nerds play that for it to be safe.

 

[Taco15]

damn man. sorry about that. My bro in law usually tries to find the hackers and plants a virus. He too has the hacking skills but you can say he uses it to get back at them.

 

[DarkHand]

This is karmic retribution from my teenage years, offering a Starcraft maphack back in the day that would install Back Orifice, where I'd then log in and wipe their drives.

 

[Drake]

That sucks hopefully nothing else gets touched.

 

[Honda20000]

I do not have any passwords that are the same. I used to play FFXI but quit because it wastes life.

 

[klyph]

Uh, guys, even posting info about your password habits is pretty dumb.

 

[DarkHand]

Well that's all old info now anyway... Everything from here on out is completely different.

Still no reply from Blizzard yet, the guy's still using my character to do the mining exploit with, according to my old guildmates.

 

[phyregod]

My password is really good. Its "one2345". Noone will ever crack that shit.