I'm making this thread for a source of information in case this ever happens to any of you guys... I never thought it would happen to me.

So I logged in last night for the first time since getting my Elder achievement Thursday night/Friday morning and what do I find?

My epic staff was replaced with some green piece of junk, ALL my PvE items that could be vendor'd were gone, all my mats were gone, and i only had about 300 G when I had ~5K when i logged out.

I go to my bank, only to find similiar results: almost all mats stored in my bank were gone.

that's when my GM told me that there were a couple of incharacteristic withdrawals of gold and mats from the guild bank made by me (I NEVER withdrawel money from the guild bank).

The actions i've taken:

immediately logged back out, changed my password, then logged back in and started a ticket. I waited ingame for a GM to respond (which never happened) until, being fed up, logged out, started an AVG and Malware scan on my laptop and went to bed.
this morning, i looked at the scan results and my computer came up clean for keyloggers. I received am email from Blizzard saying that my issue has been escalated.
After getting to work, I downloaded Spybot S&D, and scanned my work computer. I couldn't see anything about keyloggers there either, but fixed whatever Spybot suggested. I'll go home tonight and run Spyware on my laptop, just to be sure.

Again, I want to make this a "Source of Information" thread. If this has ever happened to anyone else, maybe they would like to provide a suggestion for what to do next, and what I should expect as far as timeframe goes, and what the final outcome or resolution will be. Please don't respond to this thread with "I'm sorry that happened, GL" type posts in order to keep this thread nice and clean and streamlined. If you would like to express any condolences for my predicament, please send me a PM, they would be more than welcome.

I will update as events unfold.

Do you use the same account name/pwd elsewhere online? Like a forum?

good question. I use the same account name, but not the same password. I never used my game password for any other passwords.

Do you have a Blizzard Authenticator? If the GM can restore your account, it might be worth getting one...

no, i don't have a Blizzard Authenticator, but I probably will at some point tomorrow.

Just got this email from Blizzard:

Greetings,

Thank you for contacting the World of Warcraft Game Master Department with your concerns regarding your account status.

Account Name:
Character Name: Skwidrific
Realm: Crushridge
Item(s) Restored: [1] Twilight Cultist Cowl - [1] Thick Spider's Silk - [3] Runecloth
[1] Commander's Boots - [1] Morning Glory Dew - [1] Codex: Prayer of Fortitude II
[1] Stockade Pauldrons - [1] Twilight Cultist Cowl - [1] Roasted Quail
[1] Shadow Silk - [1] White Spider Meat - [20] Frostweave Cloth
[20] Frostweave Cloth - [100] Dark Iron Residue - [100] Dark Iron Residue
[3] Breath of Wind - [10] Ichor of Undeath - [8] Turtle Scale
[5] Crystal Infused Leather - [4] Essence of Earth - [5] Essence of Water
[1] Bindings of Elements - [7] Solid Stone - [1] Fiery Core
[20] Fel Hide - [1] Cloak of Tormented Skies - [20] Talbuk Venison
[1] Primal Shadow - [20] Heavy Knothide Leather - [20] Jormungar Scale
[20] Jormungar Scale - [2] Primal Nether - [20] Worm Meat
[2] Nether Dragonscales - [1] Heart of Darkness - [20] Adamantite Weightstone
[20] Jormungar Scale - [20] Jormungar Scale - [20] Jormungar Scale
[20] Jormungar Scale - [1] Moroes' Lucky Pocket Watch - [1] Staff of Trickery
[4] Adamantite Weightstone - [1] Chilly Slobberknocker - [1] Scarab of Isanoth
[1] Aran's Soothing Sapphire - [1] Jagged Ice Band - [1] Necklace of Arcane Spheres
[1] Signet of Edward the Odd - [1] Adamantine Figurine - [1] Auslese's Light Channeler
[1] Idol of the Raven Goddess - [1] Stonebough Jerkin - [1] Kilt of the Forgotten One
[1] Enraged Feral Staff - [1] Skyguard's Drape - [1] Bracers of the Divine Elemental
[1] Headguard of Retaliation - [1] Battlemap Hide Helm - [1] Ring of Ancestral Protectors
[1] Emberspur Talisman - [1] Forest Wind Shoulderpads - [1] Drums of Battle
[1] Idol of the Emerald Queen - [1] Vengeance of the Illidari - [1] Cloak of the Gushing Wound
[1] Jade Ring of the Everliving - [1] Dragonfriend Bracers - [1] Kharmaa's Ring of Fate
[1] Crystal-Infused Tunic - [9] Vrykul Bones - [1] Rhino Meat
[1] Greaves of the Traitor - [13] Heavy Borean Leather - [6] Arctic Fur
[14] Borean Leather - [11] Frostweave Cloth - [5] Crystallized Water
[7] Crystallized Earth - [1] Drums of Panic - [17] Icy Dragonscale
[6] Worm Meat - [3] Jormungar Scale - [8] Nerubian Chitin
[114] Drakkari Offerings - [1] Cannoneer's Morale - [1] Mithril Band of the Unscarred
[1] Demon-Skull Orb

We have completed a preliminary investigation of the issue you reported. In order to enable you to resume normal play at this time, we have restored as many items as possible. We have also forwarded this issue to our Investigation team for further assessment. After a more in-depth review of the situation, a Character Specialist will contact you via email with the details of any possible further restoration.

Please be aware that such a compromise may result from a malicious software program, such as a keylogger, or sharing the account information and password with others. Regardless of the cause of this compromise, you are responsible for maintaining the confidentiality of your Password, and you will be responsible for all uses of your Password, whether or not authorized by you. Also, note that the security of the Account is your responsibility.

To prevent further account compromises, please refer to the links below:
Account Security: <http://us.blizzard.com/support/article/20572>
Computer Security: <http://us.blizzard.com/support/article/20569>
Password Security: <http://us.blizzard.com/support/article/20574>

To dispute any unauthorized name changes, please use the following link:
Unauthorized Character Name Change Dispute Form: < http://us.blizzard.com/support/article/21647>

Further contact will be provided as soon as possible by the Specialist staff. Thank you for your patience in the matter. We hope you continue to enjoy your experience in World of Warcraft!
For any game play questions, please refer to our site at http://www.blizzard.com/support/wowgm/

*** Please do not respond to this email – Further contact will be received from the Specialist assigned to your account***



Regards,
Jhuzea
Game Master
Blizzard Entertainment
www.worldofwarcraft.com


I have to say, that Blizzard was all over it once it was escalated. I heard nightmare stories last night from a guildy that had his account hacked, and his 3 70's transferred to 3 different servers, charging his credit card for each transfer, etc etc etc, and im grateful that i wasn't hit anywhere nearly as hard. There was no mention of me getting my gold back, so at this point, I'm just sitting here hoping...

One other thing I thought of -- and historically a big cause of account "hacks" even before all the keyloggers came along -- is sharing your account info.

Does/did anyone else have your account information? Even if they didn't knowingly share it with anyone, it's possible that there was a keylogger or malware on *their* PC, which captured your login info. In which case, you might want to warn anyone who has your account info to do a malware scan (or warn anyone whose account you may have logged into recently).

another good question, and the answer would definitely be NO. I've never given anyone my password or account information. I'm definitely going to get the authenticator though... i don't want this to ever happen again. From what i read on Blizzard's site, they make no effort to restore any lost items the second time your account has been used without authorization.

this happened to a guild just before Wrath came out.

we noticed a couple times 'he' came online and did not say anything, then logged and alt then a bank char etc but at the time we did not think anything of it :(

when he came online to tell us we were all gutted.

it took him a long long time and a lot of patience with Blizzard to get his items restored acorss 3 lvl 70's. he was phoning them regularly, seemed to get passed from one person to another at times. even got conflicting info from one blizzard person to the next.

he had to continually state no one else ever had his password details, assure them he regularly ran virus checkers etc

in the end he got most of his stuff back BUT no gold was restored.

from memory it took well over a week b4 he was back up and playing properly. i'll have a chat to him tonite and pass on anything else of relevance skw.

thanks, kheldar. I received a Customer satisfaction survey today, which leads me to believe that Blizzard has completed their investigation. I'm going to start another ticket tonight when i get home, but I don't really see me getting anywhere with it.

FYI, we had a senior member of our guild hacked about a month ago, which resulted in huge losses to the guild bank as well as that toons coffers.

It took almost a month for Blizzard to complete the investigation and restore the "non-BOP" items (obviously everything in guildbank)

So be patient. They are not quick, but they are pretty thurough. I know its frustrating, but they will replace your stuff eventually. Its tough if you were a regular raider though because its likely they won't replace your consumables/gold/BoE equipment, until the investigation is over. (Tough to raid without money, gear or consumables)

Ironically, that gentlemen is and always has been hard down on NO mods, because he was worried about hacks. And of course he's the one that gets a key logger.

yea, raiding with no consumables and not enough gold to buy them pretty much sucks... i bummed a couple elixirs off of a guildy until some of my skinning mats sell.

I tried to buy the Blizzard authenticator, but they're sold out until next week :(

I'm still trying to figure out how i got hacked. I remember hearing about the security hole in Internet Explorer, but i thought that was taken care of...

It happened to a friend of mine too.
He went to bed and one hour later he came on.
I tried to whisper him but no response.
Tried again... still no response -> very very weired.
Phoned him -> 2 mins later logged in -> wtf some mats where gone -> logged out -> changed PW.
This was a close one, cause not to much damage (maybe 500g mats).

Another friend has it account hacked to, but had to wait 2 weeks to get all restored :-(

I tried to buy the Blizzard authenticator, but they're sold out until next week :(

What is this and where do I get one and will it prevent hacks?

http://www.blizzard.com/store/details.xml?id=1100000182

It makes hijacking your account much more difficult. Downside is you need the token to log in, so if you lose it or don't have it with you, you won't be able to log in. (Blizzard can take it back off your account, but you have to call them and provide additional info.)

i just checked the blizzard store today, and it was available, so my order is now pending. I imagine i'll feel quite a bit better once i have more protection. I never thought this would happen to me, as i always considered myself a reasonably safe web user. This has been an eye-opener, to say the least.

Yeah, it is funny how I feel more worried about my wow account getting hacked than I worry about getting my machine getting hacked if I were browsing the Internet with an unpatched IE5.5 on Windows 98.

The blizzard token has made me sleep better at night.

i've got a token and it lives by the pc.

I'm relying on my good old system and PC-knowledge^^
But i haven't been hacked so far, so maybe it will change some day ;-D

got word again from Blizzard, and I'm getting my gold and the rest of my stuff back! whew!

Greetings!

Thank you for your patience and understanding while we investigated your reported account compromise.

Due to the high volume of compromised accounts, it is our intention to put players back in the game as quickly as possible, though not all items may have been restored. Our goal is to keep your characters in a playable condition. We want you to be able to successfully join groups, complete quests, and handle encounters in the world.

We have concluded our review of your account and have found it eligible for restoration. The details of the restoration are as follows:

Account:

Character Name: Skwidrific
Realm: Crushridge
Money Restored: 5254g 85s 62c
Item(s) Restored:
[1] Elune's Candle
[1] Pungent Seal Whey
[1] Rime-Covered Mace
[1] Icy Mail Armor
[1] Icy Mail Boots
[1] Demon-Skull Orb
[13] Blackened Dragonfin
[7] Icy Spinneret
[2] Poached Northern Sculpin
[3] Runic Healing Potion
[4] Flask of Endless Rage
[1] Fur-Lined Belt
[3] Runic Mana Potion
[5] Runic Healing Potion
[2] Lesser Flask of Toughness
[17] Icy Dragonscale
[11] Frostweave Cloth
[14] Borean Leather
[13] Heavy Borean Leather
[1] Greaves of the Traitor
[1] Rhino Meat
[1] Cloak of the Gushing Wound
[1] Intravenous Healing Potion
[19] Heavy Frostweave Bandage
[11] Succulent Orca Stew
[15] Honeymint Tea
[19] Wild Spineleaf
[1] Skinning Knife
[1] Magic Resistance Potion
[1] Brilliant Mana Oil
[16] Spicy Hot Talbuk
[20] Worm Meat
[5] Major Rejuvenation Potion
[20] Talbuk Venison
[5] Major Rejuvenation Potion
[5] Runic Mana Potion
[5] Major Rejuvenation Potion
[5] Super Mana Potion
[5] Super Healing Potion
[2] Thick Armor Kit
[8] Turtle Scale
[1] Bindings of Elements
[5] Frozen Orb
[20] Frostweave Cloth
[20] Frostweave Cloth
[1] Vicious Fang
[1] Stockade Pauldrons


Please be aware that your computer may contain a malicious software program, such as a keylogger, or the account information and password may have been shared with others. In either case, you are responsible for maintaining the confidentiality of your Password, and you will be responsible for all uses of your Password, whether or not authorized by you. Also, note that the security of the Account is your responsibility.

Please take a moment to review the World of Warcraft Terms of Use at http://www.worldofwarcraft.com/legal/termsofuse.html. Prior to using World of Warcraft, we highly recommend that you change your password and scan the computer system you are using to remove all viruses, Trojan files, and key loggers. For more computer/Internet safety and security tips, please visit (http://us.blizzard.com/support/article.xml?articleId=21131).

There are many virus scan options readily available on the internet which may be useful, some options are available here (http://us.blizzard.com/support/article.xml?articleId=21118)

For further security tips, please visit (http://us.blizzard.com/support/article.xml?articleId=20572)

If you have any questions regarding your compromise, investigation, or restoration, please feel free to send an email to wowcharhelp@blizzard.com. If you wish to provide feedback on any step of the process, you may do so by emailing wowgmfeedback-us@blizzard.com.

Thank you for contacting us. We hope you continue to enjoy your experience in World of Warcraft.

Regards,

Miruild
Specialist Game Master
Blizzard Entertainment
http://www.blizzard.com

wow they gave cash back !

never heard them do that !

Gratz skw :) a good outcome for you at a tough time.

No go smite some bosses and ally's :)

I received my account authenticator yesterday when i got home, attached it to my account this morning, easy-peazy... no more hacks!

:)

:)

Well now that I know how wealthy you are... >:)

Kidding. I'm happy that this situation has been resolved for you "Skid". Thank goodness!!! <3

My authenticator has it's own little hiding space...even I can't even hack my account. wewt!

hehe Des - he's probably spent it all by now !

Mmm...probably.

Do you think he spent it on flowers for Des?

Anyway /cheer!!! That all is back in order in Skwid-land!

maybe he bought you some Lichbloom or a Talindra's Rose ! :o

Mm at this point I'd even take a bouquet of Ebon Roses...hehehe

i'll have a look in the bank Des...sure i've got some Briathorn or Blindweed somewhere :tongue: