Brian “Psychochild” Green has run afoul of the WoW pirates. Thing is, he’s pretty careful about this sort of thing:
I can’t believe it happened to me…
I consider this a cautionary tale, one worth noticing, as Brian isn’t exactly a noob when it comes to the internet, MMOs or even security. It looks like this story has a mostly happy ending, but it’s best not to even start this sort of thing. Congrats on the recovery, Brian, and good luck with the future.
(And yes, I do like the delicious irony of the cancellation timing. I’m also suspicious as to whether the pirates knew about that somehow, and hoped to take advantage of someone who planned on leaving…)
Advertisements
I was shocked, it was really very easy to “hack” the accounts of my friends, even that of a former guildmate that I hardly know. He basically told me his preferences, and well, they contained the answer to his “secret question”.
I alread posted on Psychochild’s page what awful complicated process you have to go through just to change your secret question.
Blizzard themselves offers NO option like “ask your own secret question”, only very generic and easy to find out questions. It is not really complicated to find out the maiden name of someone’s mother or the favorite movie or something like that.
I hope they change this till Diablo 3, when even more people will merge/create a Battle.net account.
Aye, the Battle.net merger has me considerably wary; putting that many eggs into one basket not only makes it easier for pirates to cause trouble, but it’s also easier for Blizzard to put users over a barrel. There are good reasons that monopolies are dangerous.
As for the “mother’s maiden name” thing, I’ve taken to using whichever question they give me, and coming up with some random, maybe tangential answer. Why do they even offer such easily researched questions? Lame.
Thanks for the congrats. I’m not sure if they knew I was leaving, but I did cancel my account right after the last time I renewed it. If there is a possibility of an insider grabbing info, that’s a possibility. Another person I talked to, also an MMO developer, said that the second time he was hacked was right before his account went dormant and he didn’t notice.
Tesh wrote:
Why do they even offer such easily researched questions? Lame.
As I wrote, all security is a tradeoff, usually with ease of use. Almost nobody uses unique passwords for each site they have an account at, so asking the same lame question with a common answer isn’t necessarily a bad thing. The problem comes when people make a concerted effort to get your account. Getting access to someone’s online dating service account may be good for a laugh, but if you can wipe out a WoW account and sell the money later, theres a serious financial incentive to break in.
The question is: how much should Blizzard do in order to keep customers happy? Where is the trade off between security and ease-of-use for them that keeps people the happiest? Unfortunately, it looks like this answer has been changing over time.
More thougths.
The way I’ve solved this problem is to take one of those common questions and answer something that isn’t really the answer, but that I can easily remember is the right wrong answer =)
Heh, I’ve settled on the same tactic. If I ever answer one of those Facebook question lists, I’ll do the same thing. (Since I see those as shopping lists for password answers.)
Blizzard Authenticator!
But seriously … my buddy had the same thing happen to an account he had ready to cancel. Actually I think it canceled and then he got an official email from Blizz asking him to call them about the account. Someone apparently tried to hack it after it was already canceled, so nothing happened, but they wanted to tell him.
Pretty sad state of affairs, but it’s nothing new really. I play on my Mac and have never been hacked in my history of WoW.
I’ve actually never been hacked in my history of MMOs, but I guess the piracy methods are becoming more and more advanced nowadays.
My password is a combination of letters and numbers, making it more secure than the “average” password, but…note that I said password? As in singular, not plural. Yes, like most folks, I tend to use the same password for most sites, so if someone did figure out my slightly-more-secure-than-average password, I’d still be screwed.
My 8 y/old son knew my WoW password so he could log in and play WoW w/o waking me up on a Saturday morning. Then one day when we were at the In-laws the FIL went down to the garage (communal garage shared by their apartment complex) and when he came up he knocked to be let in.
My son ran to the door and called out “Password!”
You can probably imagine my shock when the FIL responded with my WoW password.
My son wasn’t too happy the next Saturday morning when he tried to log into WoW and couldn’t, because I’d changed the password. But it was a great opportunity to educate him about the security of passwords, and how you shouldn’t give them out to anyone, not even grandpa.
I was never hacked, but whenever I mistyped my WoW password (which I did on more than one occasion) it always freaked me out when I got the incorrect password message. I’d slowly and carefully retype my password, then breathe a huge sigh of relief when it was accepted the second time.
Aye, I’ve been paranoid for years about using the same password. I try to use unique passwords, but I’ve forgotten them more than once. *sigh*