So an inactive guildie was confirmed to be hacked last night. Wouldn't respond to tells, toons standing naked in front of AH, other toons server xferred or something.
It's been happening a lot to inactives - how would this be happening? Are the 'hackers' brute forcing passwords or only now getting around to using old keylooged passwords?
I was always curious why Blizzard didn't have a wrong-password lockout. Make it generous - 10 or 15 tries or something. Maybe brute-forcing's not really something they see.
Likely a brute force, a nine year old with a brute force program can get into any account that doesnt have an authenticator, as long as your e-mail address is known. You see thats the second part of the security flaw with Blizzards game authentication process. Having a user sign in name thats common and easily attainable, in fact is often given out without a second though about security, added to no password lock out on ANY number of failed attempts makes WoW one of the easiest games EVER to hack an account on.
Considering the popularity of the game at 11 to 12 million subscribers and the potential for making money off hacked accounts, its no wonder that they have the problem they do.
The other possible, and even likely cause for the hack is that the inactive guild members computer has been compromised by a virus/trojen/keylogger.
Anyone playing WoW without using an authenticator WILL eventually get their account hacked. A guild member in our guild got hacked. He is an IT technician for a local school district and I know his computer was not compromised so it had to be Brute force. The guild bank had fair amount of items missing as well because who ever hacked this members account took out the maximum number of stacks he could. Everyone in the guild now has authenticators and we dont accept anyone in unless they also use them
.
Facebook
Twitter