Friday, October 17, 2014

World of Warcraft: Account Hacked

So I've been playing WoW a fair bit lately, trying out all the raids I missed and digging up some artifacts and leveling my alt to 90. It's been fun. Then I woke up Friday morning to some odd emails. Apparently I'd paid to transfer off 5 of my characters and then Blizzard locked my account down for suspicious behaviour. This had happened about 30 minutes before I woke up. I was able to change my password to something else and log in, discovering that I'd stolen the guild bank and run off with the cash. Just like what happened to Stochastic a year ago.

I went to submit a ticket stating that I'd been hacked. In the process it asked me to enter my SMS phone number, which I couldn't do because I hadn't associated a phone number with my account. (And I actually can't do such a thing because Blizzard detects my phone as being 'prepaid' and therefore won't allow it to be used.) I clicked a link to remove it and it told me it had just pinged my phone and I needed to enter the code it sent to do so. Which meant it actually pinged the hacker's phone and let him know I was trying to do something about what he'd done. So he came back and changed my password on me, kicking me out of my account.

In the meantime I'd changed my email account password to be safe (though if the hacker had access to my email account he should have been deleting the emails letting me know what was up) and ran some malware scans on my computer. Spybot and Malwarebytes both turned up nothing, so I'm not sure how they got my password.

Blizzard is set up such that you can't call support until 10am and can't use the website chat until 9am so I got to sit around bitter for 6 hours until the website opened up. I got in and talked to someone on the website who was pretty nice about the whole thing but ultimately couldn't do much except send me to someone who could do something. Which is fine, I've worked support on a game before and I understand that not everyone can do everything.

A couple hours later I got emails indicating that the character transfers I'd paid for had been reverted, but before they'd give me access to my account again I'd need to send in some ID to prove I am who I am. Fine, I actually have a scanner now thanks to my mother buying me a combo printer thingy so I scanned in my health card and attached it to a new ticket on the website. I ended up having to go to bed before they got back to me about it, though.

I woke up to find they'd unlocked my account (presumably thanks to my health card), reverted the character transfers, and given me back my gold. They did not remove the SMS number the hacker added to my account. So while I slept he took my account back over, bought character transfers for my characters again, and tried to take off with the newly restored cash. *sigh*

It's not clear exactly what happened because the transfers kept getting denied. He ended up buying 16 all told in 3 waves trying to get my characters off of my server. He even had the gall to submit some tickets of his own trying to get access to my account at one point. Of course while my tickets all explained what was going on his only stated:

'My god!!Where are the characters in  realm Vek'nilash?I just left out for  a little while!'

I'd like to think that wouldn't have worked on them, but in their support website it actually got a response from a person letting them know they'd been helped and that my gold had been restored. Pretty sure this is when he took the account back over via SMS and tried to run off with the gold again.

Anyway, as soon as I got up I sent off a new ticket of my own spelling out that they'd need to remove the SMS from my account and do another restoration. At 9am I again went to the website chat and talked to someone who was able to remove the SMS for me and reset my password. So I got my account back and was able to log in and see what was up. 5 of my characters were flat broke, the other 5 had the maximum amount allowed for a character transfer, and the guild bank was still empty. So I had the website chat person look into that and after showing them the guild bank cash log (by having them log into my character?!?) they just gave me the full amount removed from the guild bank. I suspect this is pretty close to the amount of money I should have since the first time around the hacker deposited ~230k of my own money into the guild bank, presumably because the rest of my wealth was able to be server transfered on 5 characters. So I probably had 130k on those character, 230k added to the guild bank, and 170k from the guild bank itself. I still have the 130k on the 5 characters so giving me 400k should let me get things back to where they should be. I don't actually know how much money I had. 360k sounds like it's probably in the right ballpark? 170k in the guild bank sounds low since it was at 268k when Stochastic got hacked. But maybe he didn't put it all back in? Or maybe repairs are expensive? Or maybe people have been slowly embezzling? Who knows? Who cares? I mostly just want things to be right because I like when things are right. It's not like we actually need the money.

It also turned out the hacker had screwed up all my keybindings. Because he's a jerk. Or probably because he wanted to be able to run using WASD and I've set those to be other things. And Blizzard stores keybindings online now, so him changing them on his end overwrote what I had on my end. Thankfully my sister showed me a trick with Windows Restore and I was able to revert my settings files to what I used in 2013, so that was fixed pretty easily.

He also deleted all my Battle.net friends. Because he's a jerk. Oddly he didn't delete all of them... He left Randy and Jeff. Everyone else was removed. I thought I could use StarCraftII and the Facebook integration to find all my friends again, but I can't. So if you want to be my friend on Battle.Net again, well, send me a friend request (ziggyny at gmail.com)!

No comments: