They might be able to figure out when the other people logged into your account, but when they got the information? Hard to say – scammers don’t necessarily use your information the day they get it.
Also, it’s not like the Curse client is all that safe. It’s not even safer than just going to the add-on publishers and installing the add-ons manually. And now that your email address is your login name, you can change it where you couldn’t before the switch. That said, using real information for stuff like this is a pain in the ass and changing, say, your email address to something different is a double-pain. Get an authenticator.
GMs can get your stuff back. Dunno about the Friends lists.
A guildie claimed he got targeted through a failure to update Flash or Java or something, that a known weakness was used by a WoW-specific something-or-other.
In other cases, hackers try to impersonate Blizzard personnel in-game and send tells or in-game mails with website addresses (oo, special Beta testing/pet for you, log in here at worldofwarcraftnotreally.com) or send fake E-mails with similar things or threats that their account has been botting, log in at this link to answer the accusation.
I just got a new one today, a receipt from the official blizzard store for buying pets and the redemption codes for same, with a fake battle.net login page link.
Since I got it on my phone where I couldn’t preview links, my initial response was to grill my wife rather than log in. Scam failure!
Seeing as this is clearly a major problem why haven’t Blizzard started to use a virtual keyboard to login as many banking websites do these days. It seems like a very simple way to remove the risk of key loggers without spending money on external devices to assist in the login procedure.
Probably because it would just stop most of the virus hacks but none of the spam ones? Having something that still prevents people logging in even if they manage to get your password is good. And six-fifty’s cheap.
Now I’ve been hacked just this past day. Judging by the Blizzard forums, there was a wave of hacks Friday. When I phoned Blizzard their on-hold queue was full. That’s right, they were too backlogged to even put me on hold. I sent a few emails and only got an automated form letter. Finally by midnight I got a message stating that my account has been frozen for illegal activity i.e. goldselling. I’m not even sure they got my messages this afternoon.
While I can rest easy that no further damage will be wrought, a few of my characters aren’t showing up on the armory. Hopefully the restoration process won’t be too painful. If they froze my account for goldselling they should have a record of the transactions and therefore should believe me when I truthfully tell them that I had about 58,000 gold on my main.
It’s a good thing that I’ve more or less been taking a break from WoW; I’ve mostly been logging in to use my alchemist’s transmute and do my jewelcrafter’s daily. It’s reassuring that I’m not freaking out over this. I can be confident that I don’t have an unhealthy perspective on the game.
How complete was your restoration, smiling bandit?
Total restoration fo everything. They also checked to see if anyone had nabbed my gold, and apparently that didn’t happen. It was just people deleting characters solely to be dicks, I guess.
For those who don’t know, there’s a free mobile authenticator now. It runs on most smartphones, and the Touch. I got the version for the Touch. Yeah it sucks to have to keep your phone beside you, but it doesn’t cost 6.50 nor do you have to wait for shipping. And yes, you still get the Core Hound Pup!
Edit: Also, you don’t need an internet connection past the initial authentication of the app.
Scam failure!