In response to my recent email to customer service, Blizzard has returned the remaining gold, over 3k of it, to my account. I'll good to go.
So, it pays to speak up. I still advocate dealing with customer service in a polite manner and letting them do their job. Just make yourself heard and make sure they know your frustration.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Saturday, December 6, 2008
Friday, December 5, 2008
Tis the season to be hacked...
Fortunately, I think I caught this one before I ended up like LRNs. Unfortunately, I think this one may have had some very ugly side effects.
Ok, now to confess my idiotic noob moment. I'm far too trusting and clicked on a message from an old high school classmate in Facebook, thinking it would be some cool nostalgic stuff from the old days. Nope, it was a loader for Infostealer.gamepass, a MMO password stealer. Dumb I know.
But I caught my mistake and immediately began running Norton to wipe the thing out. But here's my problem, a full system scan on Norton takes about 2-3 hours and it was 11pm when I caught the bug. So I let Norton run and went to bed, figuring I'd finish dealing with it in the morning.
Woke up this morning to a non-functioning computer.
I've changed my password to my WoW account and Armory seems to indicate that my account has not yet been breeched (I still have my stuff according to it.) I did all this on my wife's computer, since mine is dead...dead..dead.
The thing I can't figure out is how a password stealing keylogger could blow up my CPU. There's no mention on any internet articles about it having such a malicious side effect. It's just a password stealer. I suppose it could be that my computer was just ready to give up the ghost anyway, but that seems pretty unlikely also since it's less than 2 years old.
So Nord is out of action on WoW for the foreseeable future. No clue when I'll get my computer fixed or replaced.
Update: Good news. Turns it out, odds are good it wasn't the virus that fubar'd my machine. It was the virus checker itself, which scanned my active RAM and apparently stumbled onto a defective or loose memory chip while doing so. That's what caused the crash and the subsequent headaches.
I've reconfigured my hardware, shuffled the chips around, and everything seems to be working again. Virus has been eliminated and I'm running further scans to make sure it's gone for good (FYI, it was Koobface, not infostealer.)
Should be back up and running shortly. Sorry for the false alarm, but this was likely to be an issue in-game eventually anyway.
Ok, now to confess my idiotic noob moment. I'm far too trusting and clicked on a message from an old high school classmate in Facebook, thinking it would be some cool nostalgic stuff from the old days. Nope, it was a loader for Infostealer.gamepass, a MMO password stealer. Dumb I know.
But I caught my mistake and immediately began running Norton to wipe the thing out. But here's my problem, a full system scan on Norton takes about 2-3 hours and it was 11pm when I caught the bug. So I let Norton run and went to bed, figuring I'd finish dealing with it in the morning.
Woke up this morning to a non-functioning computer.
I've changed my password to my WoW account and Armory seems to indicate that my account has not yet been breeched (I still have my stuff according to it.) I did all this on my wife's computer, since mine is dead...dead..dead.
The thing I can't figure out is how a password stealing keylogger could blow up my CPU. There's no mention on any internet articles about it having such a malicious side effect. It's just a password stealer. I suppose it could be that my computer was just ready to give up the ghost anyway, but that seems pretty unlikely also since it's less than 2 years old.
So Nord is out of action on WoW for the foreseeable future. No clue when I'll get my computer fixed or replaced.
Update: Good news. Turns it out, odds are good it wasn't the virus that fubar'd my machine. It was the virus checker itself, which scanned my active RAM and apparently stumbled onto a defective or loose memory chip while doing so. That's what caused the crash and the subsequent headaches.
I've reconfigured my hardware, shuffled the chips around, and everything seems to be working again. Virus has been eliminated and I'm running further scans to make sure it's gone for good (FYI, it was Koobface, not infostealer.)
Should be back up and running shortly. Sorry for the false alarm, but this was likely to be an issue in-game eventually anyway.
Thursday, December 4, 2008
Restoration Conclusion
After 13 days of waiting, with minimal contact from Blizzard, I received 1850 gold today and an email saying that they were done. I'm still missing over 2,000 gold.
Note: My horde toons were also wiped clean, but I let that one go since I never play any of them.
In response, I sent them some "feedback."
That done, I'm moving on. I have to. In the end, it doesn't matter. I got my gear back so I can play. I have friends who covered me for gold over the last 13 days. Those same friends will give me more if I run out (and not even ask for it back.) Heck, I will make more gold.
Note: My horde toons were also wiped clean, but I let that one go since I never play any of them.
In response, I sent them some "feedback."
To Whom It May Concern:
Thank you for your efforts in restoring most of my account possessions. After an excessive amount of time (13 days) I finally received the following email regarding the conclusion of my account restoration. I am still missing over well over 2,000 gold from my other characters. Am I to conclude from this message that I will not be receiving it?
We are both victims of a crime. Since, it's obvious to me on the front-end that I'm still missing gold, how difficult (after 13 days of looking) could it be for you to not see that it was taken during the hack?
I was taking all reasonable steps to secure my account. Cyber criminals are constantly taking advantage of new and creative exploits to steal from us. On the day of the hack, my system was free of viruses & trojans. My software was completely up-to-date. I don't share my password. I don't play other places. My only obvious failure was not changing my password for several weeks.
But, clearly the password rules put in place are not secure enough. So, since the hack, I've taken additional steps to buy an authenticator keychain.
And that's the bottom line here. Your loyal customers are being robbed but the nice little "Terms of Service" lay the blame on us, the victims. I understand the need for these legal protections. At the end of the day, however, you are a company selling a product to your consumer.
Customer care should be a higher priority than 13 days of minimal contact, "partial" restorations and hiding behind legal documents. I don't need to have "everything" returned. I don't need daily updates. But, more of both would have been better.
I am not oblivious to the chaos you are facing with the expansion. I am not insensitive to the impact of hackers on your business. I simply question the level of customer service I have received in this matter.
That done, I'm moving on. I have to. In the end, it doesn't matter. I got my gear back so I can play. I have friends who covered me for gold over the last 13 days. Those same friends will give me more if I run out (and not even ask for it back.) Heck, I will make more gold.
Saturday, November 29, 2008
More Secure Than My Bank Account
Two Blizzard Authenticators arrived in my mailbox today. I got the PTouch out and labeled them so we could tell them apart. Then, I set them up on our systems in seconds. The process was easy. The extra step of getting the random secure number and entering it is fairly painless. The price included shipping and was reasonable @ $6.50 each. Of course, now I'm more nervous about misplacing them than getting my account hacked. For now, we're keeping them at the bases of our respective monitors. I was thinking about getting some retractable keychains like people get for keycards at work. Heck, we probably have some lying around.
Monday, November 24, 2008
I'm Back
Account is back up and running. I think I've gotten all my gear. I'm still missing my gold, all 5k worth of it, but Typhia is covering me until it is. I've taken this time to follow Blizzard's request that I clear my UI settings & mods. I'm doing it not because I think account settings & addons caused my issues. Instead, when faced with the opportunity for a clean slate and a chance to wipe bad settings, I might as well take it. Unfortunately, I'm a pack-rat. So, the mountains of items that I now have to sort through is insane.
There's only one real problem now.
My inlaws are in-route for Thanksgiving visit, eta 2 hours. I really love my inlaws, but I really want to organize my stuff and get back to leveling. Sigh!
There's only one real problem now.
My inlaws are in-route for Thanksgiving visit, eta 2 hours. I really love my inlaws, but I really want to organize my stuff and get back to leveling. Sigh!
Sunday, November 23, 2008
Waiting
Well, I'm still locked out. I've received an email stating that most of my items have been restored with a long list of said items. I've received an email with a temporary password. The password page tells me that my account is still locked out but the time stamp is for several hours ago.
I've watched all of my Netflix films, my team has played football (although I wouldn't call that "playing") and even done some Christmas shopping. I've got nothing else. The book I've been reading isn't very good. I've caught up on my Heroes viewing.
The time away from the game itself isn't so bad except that it's the 2nd weekend since the expansion and the last weekend before things get nuts for the holidays. Rhus is sitting 1/2-way to 74 & Beroth is 1/2-way to 72.
Then, there's the wife. She's been cleaning all day and is looking forward to a nice evening leveling her druid or mage. So basically, I need to find something to do away from the computers or spend my time watching her play without me.
The good news is that the security software on her system was not compromised and she didn't get hacked too. It's small comfort, but I'll take it.
I've watched all of my Netflix films, my team has played football (although I wouldn't call that "playing") and even done some Christmas shopping. I've got nothing else. The book I've been reading isn't very good. I've caught up on my Heroes viewing.
The time away from the game itself isn't so bad except that it's the 2nd weekend since the expansion and the last weekend before things get nuts for the holidays. Rhus is sitting 1/2-way to 74 & Beroth is 1/2-way to 72.
Then, there's the wife. She's been cleaning all day and is looking forward to a nice evening leveling her druid or mage. So basically, I need to find something to do away from the computers or spend my time watching her play without me.
The good news is that the security software on her system was not compromised and she didn't get hacked too. It's small comfort, but I'll take it.
Saturday, November 22, 2008
Hacked
Well, it finally happened. My WoW account has been hacked. I verified from my wife's bank alt, that OrdoSerp's bank has been totally cleaned out. It had over 2k gold, stacks upon stacks of healing & mana potions, & a ton of Burning Crusade crafting items that didn't get sold durning the expansion run-up. OrdoSerp kept the gold access confined to just my account to protect us from random hacks like this. Heck, I was on my account less than 6 hours ago checking my Auctions before bed. I run full system scans weekly, keep up active scans, worked in IT for several years and am, to say the least, very careful with all my information.
My account has a 24 hour ban on it while they investigate, so, I won't be playing or seeing the damage anytime soon.
Update #1
I've just finish a complete system scan (virus/spyware) on all 3 computers...nothing. I ran scans using other programs...nothing. I've been skimming the forums looking for examples of issues...nothing.
I changed my wife's password info on her computer just in case.
I surf using Firefox w/ NoScript running. I suppose I could have turned off security on a website, but my security software scans should have caught anything. I don't use my WoW password for anything else. And I don't log on to any computers other than ours. I, unfortunately, haven't changed that password in over a month, but usually I do. The only change I made this week was downloading some quest addons. But those shouldn't have gotten my account hacked. Besides, addons should not cause a hacked account, only their source.
I use a Merc keyboard running the ZBoard engine & I use WoWMatrix. But there are no reports of issues with either of these.
There's nothing remotely suspicious running on my task manager either.
Everything here is behind a router/firewall and I keep Windows Firewall on. Yes, Windows Firewall isn't the most secure software firewall out there, but it should be "fine" being run in conjunction with a hardware firewall.
I am at a complete and utter loss here.
I just have to wait and see what Blizzard says. Not that they will tell me anything.
Update #2
My account was hacked at approximately 3AM EST. I assume everything is gone.
After several hours of extensive system scans, a conversation between my wife & and in-game GM, several searches through the forums, and a lot of bad words, I have found nothing...
Absolutely nothing except one tiny "low threat" cookie that seems to be getting past my NoScripts filter currently.
Could something have gotten past FireFox, NoScripts, CA Security Center, Window Defender and remain completely undetected after extensive searches? Yes. Could it have happened weeks ago and since been removed? Yes.
The thing that is really upsetting me is not the part about being hacked, having my virtual stuff stolen or even my account being temporarily banned. It's the not finding anything on my system or any evidence of something on my system. I would much prefer I find something and chock it up to bad luck.
Instead, I've got that nagging feeling like I've missed something. And if "they" hacked my blizzard account, should I worry about my other online accounts like email, iTunes, Amazon, ... , bank accounts? Which, again, I rigorously secure, just like my WoW account.
I've purchased a pair of the authenticator tags for us. They should arrive in the next week or so.
Update #3
They have reset my password, but my account suspension looks like it's going to remain in effect until tomorrow afternoon. No WoW for me. Not that I would want to WoW if all my epics are gone.
Update #4
This is the last "update" I'll add to this thread. I've reinstalled my "stronger" software firewall and have been looking things over. My conclusion? There's nothing here. A few weeks ago, I logged onto the game on the "entertainment" PC connected to our TV. I detected a Trojan on that machine last week. That's when it must have happened and the goldspammers only got around to using my password last night.
My account has a 24 hour ban on it while they investigate, so, I won't be playing or seeing the damage anytime soon.
Update #1
I've just finish a complete system scan (virus/spyware) on all 3 computers...nothing. I ran scans using other programs...nothing. I've been skimming the forums looking for examples of issues...nothing.
I changed my wife's password info on her computer just in case.
I surf using Firefox w/ NoScript running. I suppose I could have turned off security on a website, but my security software scans should have caught anything. I don't use my WoW password for anything else. And I don't log on to any computers other than ours. I, unfortunately, haven't changed that password in over a month, but usually I do. The only change I made this week was downloading some quest addons. But those shouldn't have gotten my account hacked. Besides, addons should not cause a hacked account, only their source.
I use a Merc keyboard running the ZBoard engine & I use WoWMatrix. But there are no reports of issues with either of these.
There's nothing remotely suspicious running on my task manager either.
Everything here is behind a router/firewall and I keep Windows Firewall on. Yes, Windows Firewall isn't the most secure software firewall out there, but it should be "fine" being run in conjunction with a hardware firewall.
I am at a complete and utter loss here.
I just have to wait and see what Blizzard says. Not that they will tell me anything.
Update #2
My account was hacked at approximately 3AM EST. I assume everything is gone.
After several hours of extensive system scans, a conversation between my wife & and in-game GM, several searches through the forums, and a lot of bad words, I have found nothing...
Absolutely nothing except one tiny "low threat" cookie that seems to be getting past my NoScripts filter currently.
Could something have gotten past FireFox, NoScripts, CA Security Center, Window Defender and remain completely undetected after extensive searches? Yes. Could it have happened weeks ago and since been removed? Yes.
The thing that is really upsetting me is not the part about being hacked, having my virtual stuff stolen or even my account being temporarily banned. It's the not finding anything on my system or any evidence of something on my system. I would much prefer I find something and chock it up to bad luck.
Instead, I've got that nagging feeling like I've missed something. And if "they" hacked my blizzard account, should I worry about my other online accounts like email, iTunes, Amazon, ... , bank accounts? Which, again, I rigorously secure, just like my WoW account.
I've purchased a pair of the authenticator tags for us. They should arrive in the next week or so.
Update #3
They have reset my password, but my account suspension looks like it's going to remain in effect until tomorrow afternoon. No WoW for me. Not that I would want to WoW if all my epics are gone.
Update #4
This is the last "update" I'll add to this thread. I've reinstalled my "stronger" software firewall and have been looking things over. My conclusion? There's nothing here. A few weeks ago, I logged onto the game on the "entertainment" PC connected to our TV. I detected a Trojan on that machine last week. That's when it must have happened and the goldspammers only got around to using my password last night.
Subscribe to:
Posts (Atom)
Posts
