|
Like pretty much everyone else we know, we've had our fair share of account compromises and guild bank thefts. It can be a very wrenching experience, especially for the person whose character is suddenly cast naked into the streets of Dalaran to hawk a suspicious number of Abyss Crystals in /trade.
The single most common source of account compromise occurs when players share account information, either with a friend or with a leveling/gold selling service. Unfortunately, somehow this has developed into the perception that this is the only way accounts are compromised. This belief lets us all feel complacent about our account security, or assume that it was some egregious failure on the part of a person which led to the character being hacked. This is often far from the case.
To dispel some of these misconceptions, we've rounded up a number of resources on account security which we hope will help us all be a little more conscious of this problem.
Earlier this month, Blizzard addressed some of these issues in an extensive discussion of account security. In particular, they published a Security Checklist with tips you can follow to help increase your account's security. Some of these will be familiar to you:
- Update your browser to the latest version.
- Activate your browser's phishing filter.
- Make sure your registered email address is secure and up-to-date.
- Make sure your computer operating system is up-to-date.
- Make sure your browser plug-ins and other commonly used applications are up-to-date.
- Install anti-virus software.
- Learn to identify common types of account theft.
- Keep in mind the list of safe, official Blizzard Entertainment domains.
The page also has links to more detailed instructions on these various steps, and a link to instructions on what to do if you have been hacked.
The whole page is worth a read, but remember that increased security is not fool-proof security. As some of our members have discovered, there's always someone working to get past even the most extremely cautious browsing habits. Your account is only as secure as the weakest link, whether that be a browser or an email address.
Wow.com also recently ran an interesting article from a former Blizzard employee. He dispelled several common myths about the current rash of account hackings, from the fairly innocuous to the downright paranoid. The series is worth a quick read. You may also be interested in reading their information on Blizzard's account restoration policies.
The damage and tumult that account hackers can cause is a risk that, unfortunately, is shared equally across the guild. That's why we strongly recommend that everyone get an authenticator to help ensure your account is safe. It may seem like an inconvenience, but it's nothing to the time and effort involved in recovering a hacked character and guild bank. If you would like an authenticator and can't afford one, please contact a Steward. Several of our members have received free authenticators at various events, and I believe many are still unclaimed. Or you can buy one now!
Update: March 1, 2010
MMO-Champion has information on a Trojan which can hack an authenticated account. Read about how to protect yourself here. Wow.com notes that there are multiple websites which are mirroring the virus, many of which have names similar to common WoW sites like Curse.com. Be careful and double-check the URL of any sites you visit!
The official forums also has information on mobile authenticator vulnerabilities, mostly due to PC backups of your mobile devices. If we find any information on how to protect yourself with these versions, we'll post it here.
edit: Here's the blue description of the man-in-the-middle vulnerability. |
