40 replies to this topic

[HawkMan]

capitals doesn't necessarily make your password safer.

[Xilo]

HawkMan, on 12 November 2012 - 14:49, said:

Was it actually hacked or did you get a mail saying it had been hacked.

It was hacked. I have 2 WoW accounts. One had gotten banned for botting/gold selling.

[shakey]

HawkMan, on 12 November 2012 - 16:51, said:

capitals doesn't necessarily make your password safer.

Sure it does. It adds an extra layer of protection. You could have horseapplestaplebattery, or you could have HorseaPPlestaPLEbatterY, which would make it even more complex. It doesn't make sense to leave an option out that only helps strengthen something.

[Zinomian]

Not sure the lawsuit makes sense, unless the guy wants restitution for the $4 or so it costs to get the authenticator. For those almighty people here saying that the hacking is "Your fault!" not Blizzards, you may want to research the issue and see how many people with and without authenticators have been hacked. I myself was hacked, and had a very very good password for the account as well as an authenticator; now, before you say "well, it had to be your computer!", i give you some info about my pc and me. I am an IT manager who has worked for companies such as Symantec IT internal department, MessageLabs IT internal department and now a private Chemical plant, again internal IT deparment....so with all that in mind, i have made sure that my PC IS as secure and clean as possible, not only for a stupid game, but also to make sure information on my pc is not compromised.

I also ran wow clean, without addons etc, and any updates were all downloaded using the client....so when my account got hacked, i made sure to do before calling blizzard a full forensic analysis of my machine, including firewall logs, av scans, spyware scans, etc, etc, etc......what i found was that my computer was clean, and my account was hacked either directly from Blizzard or my isp had some issues with man in the middle attacks, and blizzards traffic encryption had or has been compromised (do not know which).

So, going back to the suit.....smart? maybe, depends what the person wants, if he wants restitution for the authenticator then sure, have blizzard refund his $4 or so...anything else is a joke, although having blizzard change some of their warnings or making them give out warnings when something does happen like getting hacked would be nice.

[dead.cell]

While many times it's the user's fault for being hacked, there are times when they truly did nothing wrong.

I have 2 WoW accounts for example, both with strong unique passwords not used anywhere else. My main one has an authenticator on it, and was never hacked. My old one however, despite not being in use anymore, didn't have an authenticator. 2 years of having not logged into that account, I receive an email that the account has been suspended. Not exactly sure what the hell they did to break into the account, as my password was strong, unique, and hadn't even been used for 2 years...

Same thing happened to a friend of mine with his Guild Wars account.

So yeah, I'm quite under the belief that if you don't have an authenticator, you will likely be hacked eventually. Doesn't matter if hasn't happened thus far, it's still possible, even if your account isn't in use.

---

Anyway, I'm definitely no fan of Blizzard these days. Still, I think this case is just straight baloney.

[Lord Method Man]

dead.cell, on 12 November 2012 - 17:15, said:

While many times it's the user's fault for being hacked, there are times when they truly did nothing wrong.

I have 2 WoW accounts for example, both with strong unique passwords not used anywhere else. My main one has an authenticator on it, and was never hacked. My old one however, despite not being in use anymore, didn't have an authenticator. 2 years of having not logged into that account, I receive an email that the account has been suspended. Not exactly sure what the hell they did to break into the account, as my password was strong, unique, and hadn't even been used for 2 years...

Same thing happened to a friend of mine with his Guild Wars account.

So yeah, I'm quite under the belief that if you don't have an authenticator, you will likely be hacked eventually. Doesn't matter if hasn't happened thus far, it's still possible, even if your account isn't in use.

---

Anyway, I'm definitely no fan of Blizzard these days. Still, I think this case is just straight baloney.

Are you sure those weren't phishing emails like the ones every gets regardless of if they even play the game?

[dead.cell]

Lord Method Man, on 12 November 2012 - 17:17, said:

Are you sure those weren't phishing emails like the ones every gets regardless of if they even play the game?

No, but I do get those as well. I never open them, and they're properly placed in the spam section of Gmail. I worked with Blizzard to have the account restored, simply for the fact that it was my account and I didn't want anyone using it for whatever malicious purposes. Also slapped the iOS authenticator on it for (free) added safety.

[HawkMan]

shakey, on 12 November 2012 - 17:03, said:

Sure it does. It adds an extra layer of protection. You could have horseapplestaplebattery, or you could have HorseaPPlestaPLEbatterY, which would make it even more complex. It doesn't make sense to leave an option out that only helps strengthen something.

But it only makes it more complex to remember.

[Xilo]

Lord Method Man, on 12 November 2012 - 17:17, said:

Are you sure those weren't phishing emails like the ones every gets regardless of if they even play the game?

I know in my case it wasn't. I know which ones are real/fake but even then, for ANY link dealing with accounts, I always check to see if the link is actually valid. I've never had anything hacked before.

This is pretty common with WoW. Lots of people I've known that practice good computer security stopped playing WoW and then had their accounts hacked (they didn't have authenticators). Authenticators are pretty much a requirement now or you're guaranteed to get hacked...

[shakey]

HawkMan, on 12 November 2012 - 17:23, said:

But it only makes it more complex to remember.

Not by much. And the added security can only help.

[HawkMan]

shakey, on 12 November 2012 - 17:42, said:

Not by much. And the added security can only help.

Not really, there's a level where security peaks and there's not really a point in adding further security anyway, and it does make it significantly harder to remember when random stuff in the password is upper cased.

Personally my password isn't technically nearly as complex as the base password there. but in reality it's more secure and shorter and doesn't rely on any special cases, and I don't get hacked.