Apparently gold farmers were using my "abandoned" account!

Matt Simis

Havent played WoW in 1.5years, on a whim thought Id login to it and check out the current content. Password wouldnt work, so 10 support tickets later (Blizz fast at responding, poor at reading) I logged in to a recovered and confirmed compromised account. All but one of my characters (including my characters from launch date 7 years ago) have been stripped down to nothing. All my gear, equipment, inventory, bank items, everything. I also had 3 new characters with gibberish names and no equipment.

My lvl 80 Paladin was geared and spec'ed (but inventory and alternate armor sets wiped) as a Gold Farmer. As this character had gold (6k, least the farmers left me with something!) and 12mths passed before I logged in, Blizzard said they will not be returning any gold or items.


Since my main's gear (lvl77) would be well outdated now anyway I cant feel too upset, but an interesting and mildly disturbing turn of events. Personally I suspect someone in Blizzard is watching for "abandoned" accounts and selling the credentials on to farmers as I would never send/save my login anywhere online, but who knows?

The server was Deathwing which is why I think they left the Characters some time ago, its mostly dead.

Lone Stone

my account got stolen a few weeks ago, hadnt used it since around last xmas, Got it back with in a few hours i wouldnt have even noticed becuse i hadnt played anything in months but went to play a game of starcraft which i hadnt used in ages to find i couldnt logg in to my battle net account, so i checked the armory and saw my druid had been farming low lvl dungeons :eek:

tom_ass19

Matt Simis wrote: »

Personally I suspect someone in Blizzard is watching for "abandoned" accounts and selling the credentials on to farmers as I would never send/save my login anywhere online, but who knows?

The reason why your account got hacked can be many different reasons, keylogger on your account, logging into your account from multiple locations and that computer having a virus on it. Another way is using the same credentials on any game related website, they access databases and use that information to login to your account.

With regards to your characters the reason why they can't return the gold and items because of the amount of time that's passed since you've been hacked. My guess is they can't search back that far to see where your items and gold went.

Hackers don't care if an account is abandoned or not. They'll use it for whatever reason they want, whether if it's for taking everything or using the account to farm instances for gold as Lone Stone mentioned above.


Cheers,
Tom

Matt Simis

tom_ass19 wrote: »

Hackers don't care if an account is abandoned or not. They'll use it for whatever reason they want, whether if it's for taking everything or using the account to farm instances for gold as Lone Stone mentioned above.

I never said hackers care if its abandoned..

jabberwock

Matt Simis wrote: »

Personally I suspect someone in Blizzard is watching for "abandoned" accounts and selling the credentials on to farmers as I would never send/save my login anywhere online, but who knows?

you honestly think that your "abandoned" account was actually worth anything?

more likely someone you know had your log in info, got keylogged/fell for phishing attempt and that is how they got it. That is assuming that you yourself were not caught unknowingly.

Matt Simis

jabberwock wrote: »

you honestly think that your "abandoned" account was actually worth anything?

more likely someone you know had your log in info, got keylogged/fell for phishing attempt and that is how they got it. That is assuming that you yourself were not caught unknowingly.

Dont think you are really understanding what Im saying. I dont think my abandoned account was worth anything uniquely. But such accounts allow potentially limitless uninterrupted gold farming with the background and history that on an account level, look legit. The alternative account types that farmers use tend to have gibberish names and plenty of tells.

Consider the idea of real world identity theft to avail of credit and services than transplant that idea into WoW.

DaZuluforte

I imagine the 12 months no gear thing is more of a they can't rather than they won't but ye it was 77, who cares.

As for your password.. ever had an account with Sony, SOE, Square Enix, Codemasters, Nintendo or all of the other companies that just got hacked by lulsec/anon but haven't admitted it yet or don't even know? You probably did and you probably used the same password, emails and login details too.

Matt Simis

DaZuluforte wrote: »

I imagine the 12 months no gear thing is more of a they can't rather than they won't but ye it was 77, who cares.

Yup prolly. I wasnt too pushed as the farmers left gold in one Char, which was handy in replacing the lost everything else.

DaZuluforte wrote: »

As for your password.. ever had an account with Sony, SOE, Square Enix, Codemasters, Nintendo or all of the other companies that just got hacked by lulsec/anon but haven't admitted it yet or don't even know? You probably did and you probably used the same password, emails and login details too.

Nope and I used a unique PW in WoW specifically for this reason.

Magaa

When i was hacked i got a free level 85 and around 12k gold

Berns

Maybe I shouldnt have invested in a Keyfob or deactivated it when sub ran out :rolleyes:

Comedian

I got hacked just after cata was released and the hackers leveled my druid, admittedly accidentally, through mining.
Account was out of action for about a week and I got all my gear back and bank full of ore, maxed mining and 2.5 lvls gained

Darkginger

Another person with an 'abandoned' (since April 2009) account which is now being played by a gold farmer. I have *never* shared my password, nor used it on another site, nor had a keylogger on this machine. I only know my character's being played because some friends saw 'me' online and let me know. I got in touch with Blizzard, who asked me to send them a scan of my passport or driving licence with a pic on it. No way. If they can't secure account info (and I repeat, there was NO breach of security at this end, I am certain of that) then they're not getting my real life identification, especially as I have no desire whatsoever to play WoW again. (They are unable to verify that I own the account despite me being able to give them the login name, email address I signed up from, real life name etc. - mainly because the account is pre-Battlenet, I believe, although how seeing my passport would change that escapes me).

The account in question is online most days, apparently, even though Blizzard have been told that the account has been compromised, and surely they can see that the IP of the player has changed to one from another country? It seems their policy is to give the current player the benefit of the doubt, which goes a way to explaining the prevalence of gold farmers in the game - one of the reasons I shan't be returning!

Drakar

Did you use the password in other places (eg other websites, forums, games etc)?

Was your password either easily guessable \ brute forceable (ie contained in a dictionary, or with simple number \ letter \ punctuation swaps)?

(These questions are rhetorical since users who have done this won't admit it)

The problem blizzard have with your situation in particular, is that gamers are allowed to move countries, and they don't want to disable accounts where another user might maliciously supply information (eg as a joke someone might know me on facebook and have my name, email address and date of birth, and feel it would be funny to prank me. similarly users who may not know me that well can get alot of this information from other social media\websites\google searches etc, and of course it can be available on lots of forums [eg if Im an admin or if the forum gets hacked]). Passports or other definitive id aren't as easy to bluff in that manner.

Darkginger

Nope, the password was unique to my WoW account, not used before, and never since, and I think it was pretty secure. In the past month or so (since I found out my account was being used) I've noticed a lot of other people reporting the same thing, on various gaming forums. Always the same story, and always old WoW accounts. I don't know where the 'hackers' (for want of a better term) are getting the information, but it seems to me there's a single source out there somewhere.

I'm sorry for people still playing WoW, as this can only mean more gold farmers around the place. Funnily enough, I haven't seen a single gold farmer in over a year of playing my current MMO of choice (not a small obscure one) - so it is possible to run a game in a way that more or less eliminates them. Hopefully Blizzard will find the answer one day.

Nody

Darkginger wrote: »

Hopefully Blizzard will find the answer one day.

They have, they offer a dongle for what, three years now?

Also getting access to unecrypted passwords is not exactly a "normal" helpdesk access function so if you want to imply central access for running reports, finding the data and sell it then it is someone in the audit team (ignores the reports run checking sensitive reports/data checks) in cooperation with someone in IS with DB access (gets the data) or similar set up and going on for years? Call me dubious on that one honestly.

Darkginger

If I were to use a dongle, how would that stop gold farmers polluting the game? Am I missing something? (I think I must have stopped playing before a dongle was offered - I don't remember that at all). Is it now possible to walk through Stormwind without seeing goldseller spam?

Nody

Darkginger wrote: »

If I were to use a dongle, how would that stop gold farmers polluting the game? Am I missing something? (I think I must have stopped playing before a dongle was offered - I don't remember that at all). Is it now possible to walk through Stormwind without seeing goldseller spam?

Sorry misunderstanding from my side of what you meant; I thought you were talking about account security (dongle and phone app available for a while now to be put in along with your password for game access etc.) and not gold sellers

Rev Hellfire

Nody wrote: »

Also getting access to unecrypted passwords is not exactly a "normal" helpdesk access function so if you want to imply central access for running reports, finding the data and sell it then it is someone in the audit team (ignores the reports run checking sensitive reports/data checks) in cooperation with someone in IS with DB access (gets the data) or similar set up and going on for years? Call me dubious on that one honestly.

I would be amazed if blizzard kept plaintext passwords on their system, no-one does that.

Dustaz

Darkginger wrote: »

Nope, the password was unique to my WoW account, not used before, and never since, and I think it was pretty secure.

Well, obviously not. You were hacked. This could have happened a multidude of ways but at the end of the day, however harsh it may sound, its "your fault". Either you were careless with the password, used it too much or it was too easy or in this case, you just didnt pay any attention to the account. None of these things are blizzards "fault". You can't blame them for wanting to verify your identity.

I'm sorry for people still playing WoW, as this can only mean more gold farmers around the place. Funnily enough, I haven't seen a single gold farmer in over a year of playing my current MMO of choice (not a small obscure one) - so it is possible to run a game in a way that more or less eliminates them. Hopefully Blizzard will find the answer one day.

There is gold sales in E V E R Y mmo. Lets just re-iterate that. EVERY MMO. Some are forward thinking enough to corner the market themselves (i think eve does this?) so 3rd parties dont come into it but in games where the company doesnt provide extra services for money, then theres going to be gold farmers. Just because you dont see them doesnt mean they exist. Apart from the end of vanilla wow, gold farmers never ever had any real impact on players since they tend to do it in out of the way and little used areas. I certainly havent come across one in the last 2 expansions. Which is longer than youve been playing your game of choice.



I'm interested though. If you have no intention of going back to wow... why do you care at all?

Darkginger

Dustaz wrote: »

I'm interested though. If you have no intention of going back to wow... why do you care at all?

That's a good question, and tbh, I'm, not sure! I played WoW for several years, and still remember the agony of searching for eggs to get my nether drake, and so on - it feels like a violation to have someone else using the account. I guess I'm emotionally attached to it in some way. Also, I hate to see cheats getting away with it. Gold farmers/sellers really push my buttons

There may well be 'hidden' gold farmers in the game I'm playing, but since I don't see them, and they don't interfere with my enjoyment of the game, they might as well not exist. In WoW, I saw them every.single.day. - and that annoyed me.

StinkyMunkey

Darkginger wrote: »

That's a good question, and tbh, I'm, not sure! I played WoW for several years, and still remember the agony of searching for eggs to get my nether drake, and so on - it feels like a violation to have someone else using the account. I guess I'm emotionally attached to it in some way. Also, I hate to see cheats getting away with it. Gold farmers/sellers really push my buttons

There may well be 'hidden' gold farmers in the game I'm playing, but since I don't see them, and they don't interfere with my enjoyment of the game, they might as well not exist. In WoW, I saw them every.single.day. - and that annoyed me.

Id prolly feel the same way tbh. It would make no odds if i was not going to play again, but i hate cheaters/gold farmers/hackers too.

Raphael

Just spotted this and checked my inactive account. Didn't get hacked. =(

Darkginger

Popped back to say - it's been kind of bugging me that no matter how much someone (me?) denies a breach or lack of security regarding passwords etc., in MMO circles it's always seen as somehow your own fault if you get hacked.

I was just checking my bank account online - and it occurred to me that THEY manage to keep my details secure, and if there's any question of a breach of security they don't automatically assume it's my fault. Why is that different when it's a game company?

I think it's part of MMO culture to blame the gamer/consumer - and in many cases it's inappropriate to do so. If I can create and use secure passwords for my financial affairs, why would anyone think I'm incapable of doing so for something as trivial as a gaming account? Indeed, the entire online commerce sector does nothing but try to assure us that we can deal securely with them - with the notable exception of online games, where any failure in the system is primarily assumed to be a fault of the consumer.

Why?

jabberwock

Darkginger wrote: »

Popped back to say - it's been kind of bugging me that no matter how much someone (me?) denies a breach or lack of security regarding passwords etc., in MMO circles it's always seen as somehow your own fault if you get hacked.

I was just checking my bank account online - and it occurred to me that THEY manage to keep my details secure, and if there's any question of a breach of security they don't automatically assume it's my fault. Why is that different when it's a game company?

I think it's part of MMO culture to blame the gamer/consumer - and in many cases it's inappropriate to do so. If I can create and use secure passwords for my financial affairs, why would anyone think I'm incapable of doing so for something as trivial as a gaming account? Indeed, the entire online commerce sector does nothing but try to assure us that we can deal securely with them - with the notable exception of online games, where any failure in the system is primarily assumed to be a fault of the consumer.

Why?

lets look at this a different way. You mentioned that you account was old. Before Battle.net by the sounds of it. That means they would simply need to know the name of the account to be able to start to get access to it. What about the email address used on that account. How hard do you think it is to get into one of them? Lets looks at the SQA on the old WoW accounts. How hard do you think it's going to be to piece together an answer from a question?

Give us the name of your character and lets see how much information we can get about you IRL.

Darkginger wrote:

(They are unable to verify that I own the account despite me being able to give them the login name, email address I signed up from, real life name etc. - mainly because the account is pre-Battlenet, I believe, although how seeing my passport would change that escapes me

All visible in the management pages. How the hell do they know that you are that person without id?

Mr. CooL ICE

Darkginger wrote: »

I have *never* shared my password, nor used it on another site, nor had a keylogger on this machine.

What makes you sure about this?

Darkginger wrote:

I got in touch with Blizzard, who asked me to send them a scan of my passport or driving licence with a pic on it. No way. If they can't secure account info (and I repeat, there was NO breach of security at this end, I am certain of that) then they're not getting my real life identification, especially as I have no desire whatsoever to play WoW again.

This is standard procedure if you have lost access to your account. I used to work in support for a different online game and if people forgot their password and security question and answer, how else could we verify they were the account owners?

Darkginger wrote: »

If I were to use a dongle, how would that stop gold farmers polluting the game? Am I missing something? (I think I must have stopped playing before a dongle was offered - I don't remember that at all). Is it now possible to walk through Stormwind without seeing goldseller spam?

It doesn't. It prevents your account from being compromised.

Darkginger wrote: »

Popped back to say - it's been kind of bugging me that no matter how much someone (me?) denies a breach or lack of security regarding passwords etc., in MMO circles it's always seen as somehow your own fault if you get hacked.

I was just checking my bank account online - and it occurred to me that THEY manage to keep my details secure, and if there's any question of a breach of security they don't automatically assume it's my fault. Why is that different when it's a game company?

I think it's part of MMO culture to blame the gamer/consumer - and in many cases it's inappropriate to do so. If I can create and use secure passwords for my financial affairs, why would anyone think I'm incapable of doing so for something as trivial as a gaming account? Indeed, the entire online commerce sector does nothing but try to assure us that we can deal securely with them - with the notable exception of online games, where any failure in the system is primarily assumed to be a fault of the consumer.

Why?

What exactly makes you think MMO game companies blame the customer?

Elrollo

Comedian wrote: »

I got hacked just after cata was released and the hackers leveled my druid, admittedly accidentally, through mining.
Account was out of action for about a week and I got all my gear back and bank full of ore, maxed mining and 2.5 lvls gained

same except the hackers maxed my herbalism! Should get hacked more often, really takes the stress out of levelling in WoW lol :cool:

munsternumber1

today i got an email about a wow account i havent used in months saying that it was band for chat abuse, im assuming someone is using my account but its not any friends or family

Dr Bob

munsternumber1 wrote: »

today i got an email about a wow account i havent used in months saying that it was band for chat abuse, im assuming someone is using my account but its not any friends or family

nnnngh


It's 'banned'
not 'band'

BANNED.

munsternumber1

sorry I didn't mean to offend the spelling police, if you have nothing to add why post at all

Elrollo

munsternumber1 wrote: »

if you have nothing to add why post at all

some people just want to watch the world burn man

DevilsBreath

Same happened to me.
Stopped playing for 6 months.
Reactivated my account to find all my stuff gone and my char naked with a mining pick. Got everything back but still it happened when i wasn't using the account.