WoW Account Hacked!

My WoW account was hacked early this morning.

The story:
After waking up this morning, I got on the gmail account associated with my WoW account and saw two very unsettling things:
1) A big red warning at the top of my inbox stating that my gmail account had been accessed from China the night previous, and
2) An email from Blizzard notifying me of a password change on my account.

I immediately attempted to log into my WoW account to no avail (wrong password). Whoever hacked the thing didn’t change the email address associated with the account, so I immediately changed my Battle.Net password and tried to log in again. This time, a box popped up requesting a six-digit number from the new authenticator keys Blizzard has released. Except I don’t own one of those; the perps associated one with my account to keep me from logging in while they were doing their thing. Very clever.

Apart from the 45 minute wait to speak with a Blizzard Rep, the resolution was more or less satisfactory: they’ll be restoring my account as best they can (they claimed 95-99%) as soon as they investigate the case, which takes 1 to 2 weeks.

Let me just say that I never participated in RMT, have never shared my account info with anyone, and have never succumbed to any phishing scheme. I did, however, briefly join a vanilla WoW private server using the same email address and password. I can only assume that this is where they got my account info… but who knows how they got my gmail password. Admittedly, it’s a personal email account – nothing important besides my WoW account info was transmitted to it – so the password wasn’t very secure.

Anyway, its a minor interlude that can only serve to remind researchers of a very important step when collecting information: BACK UP YOUR DATA!


