account compromised?

[Aligatr]

Have you guys ever had issues with someone downloading your product and then their account being hacked? Shortly after i downloaded and subscribed to your newsletter, before i downloaded the plus version, my account was hacked, password stolen, and all my chars stripped.
I'm not accusing anyone of anything, im just asking if you guys have ever had the issue before.

[Yhor]

Seems very unlikely. Do you have any spyware removal software that you could detect a keylogger? Without you having actually given out your password/username, a keylogger program would be your most likely culprit.

I've alerted someone to this post to hopefully help find your problem and put your mind at ease.

In the 4+ years I've used this site, I've never had an issue in terms of security.

[spiel2001]

Yes... let me be very quick to jump on this, as well...

1. It is *not* possible for any WoW add-on to keylog your password or otherwise compromise your computer's security unless it contains an executable program that runs *outside* of WoW.
2. Add-ons are not loaded until AFTER you have logged in to WoW and add-ons cannot communicate with the outside world. Therefore, it is *impossible* for any proper add-on to "hack" your WoW account. Period.
3. I know that Cairenn, Dolby and crew are meticulous about screening their add-ons. The odds of you having downloaded anything from this web site that compromised your account are somewhere between zero and none.

Things I would look for...

1. Do you use WoWMatrix? If so, it has been implicated in the past in similar things (though *never* proven).
2. Do you run an anti-virus program and a firewall?
3. Do you have a secure password? (as in a password that could not be guessed if someone knew your user name and/or knew you in real life?
4. Do you use the same user name and password for web sites you join as you do for you WoW account and things like that? (something you should *never* do).

[Aligatr]

Originally Posted by Yhor Seems very unlikely. Do you have any spyware removal software that you could detect a keylogger? Without you having actually given out your password/username, a keylogger program would be your most likely culprit. I've alerted someone to this post to hopefully help find your problem and put your mind at ease. In the 4+ years I've used this site, I've never had an issue in terms of security.

Thank you for the reply. No, i havent run any spyware removal software, but i was told that a virus scan could detect a keylogger also, and that didn't find anything.
I'll admit i was a little nervous that it may have been the interface, just because i've heard third-party interfaces can sometimes give someone access to your account like that. But, i'll take your word for it.
I have informed blizzard of what happened and they are in the process of investigating the situation. There's just no telling how long it could take them. ; /

[neuralassassin]

Originally Posted by Aligatr Thank you for the reply. No, i havent run any spyware removal software, but i was told that a virus scan could detect a keylogger also, and that didn't find anything. I'll admit i was a little nervous that it may have been the interface, just because i've heard third-party interfaces can sometimes give someone access to your account like that. But, i'll take your word for it. I have informed blizzard of what happened and they are in the process of investigating the situation. There's just no telling how long it could take them. ; /

Depends on the virus scanner in my experience with anything serious malwarebytes anti-malware is a very good program and its free run it through a couple times and should clean you up pretty nicely you may also wanna check out CCcleaner also free and will clean up all the loose garbage on your computer

Never heard of an interface that could hack your account as far as I know it's impossible I've been running nUI for a year or so with no issues so hope those things can help you out

[Seerah]

Your account information most likely would have been gathered about 3-6 months before your account was hacked. Always be wary of any computers you use of which you cannot personally vouch for their safety. Public computers (at libraries, schools, cafes, etc) especially.

[Petrah]

Originally Posted by spiel2001 Yes... let me be very quick to jump on this, as well... It is *not* possible for any WoW add-on to keylog your password or otherwise compromise your computer's security unless it contains an executable program that runs *outside* of WoW. Add-ons are not loaded until AFTER you have logged in to WoW and add-ons cannot communicate with the outside world. Therefore, it is *impossible* for any proper add-on to "hack" your WoW account. Period. I know that Cairenn, Dolby and crew are meticulous about screening their add-ons. The odds of you having downloaded anything from this web site that compromised your account are somewhere between zero and none. Things I would look for... Do you use WoWMatrix? If so, it has been implicated in the past in similar things (though *never* proven). Do you run an anti-virus program and a firewall? Do you have a secure password? (as in a password that could not be guessed if someone knew your user name and/or knew you in real life? Do you use the same user name and password for web sites you join as you do for you WoW account and things like that? (something you should *never* do).

To add what Scott said above... a keylogger will sit on your computer for quite some time before your account actually gets hacked into.

[Vis]

Typically the only thing you can do is follow the so called "Best Practices" of Internet security. Good AV, Firewall (for Inbound AND Outbound traffic, and good Anti spyware software.

Common sense goes a very long way to preventing viruses and spyware infections

And if you are really concerned about future protection of your WoW account, I would recommend investing in the Blizzard Authenticator. Handle little key fob

[Vyper]

Originally Posted by Aligatr but i was told that a virus scan could detect a keylogger also, and that didn't find anything.

While many virus scanners (Avast, McAfee, Norton, ect) and spyware scanners (ad-aware, spybot) will detect KNOWN keyloggers, there is no program that will detect ALL keyloggers. Even if your scan came back clean, that doesn't always mean that you aren't compromised. That said, your account being hacked does not necessarily mean that the information came from your computer either. There are millions of brute-force (guess a login-name/password and hope it works) attacks against the Blizzard servers every day. You may have just been unlucky (a weak password is usually associated with a brute force attack, if your password appears in the dictionary, or is a l33tized version of a dictionary word, it's weak).

Don't feel you have to take our word on why addons cannot steal your password, feel free to research around, there is plenty of information available on how addons work. I'll start you here:
http://www.wowwiki.com/AddOn_loading_process

Addon code is executed after the player selects a character.

In other words, our code doesn't get to run until well after you have logged in.

There are two reasons people commonly think addons are associated with a hacked account.
One is what you experienced. "I just installed this addons, and my account got hacked, it must be the addon" (Yes I recognize you aren't saying that but you get my drift). The problem with this logic is that with 10 million players, some will get their account hacked shortly after installing an addons. A few post, and there you have it.

The second is a bit more devious. I spent some time working on QuestHelper. During the time I was working on it, we started seeing sites out there claiming to host QuestHelper. When users downloaded these files, they'd find executables, which of course the sites would tell them to run (usually claiming it was an installer, which QH has never had). They were indeed installers, but not for QH (though the more clever ones installed it as well). Naturally, these people, never realizing they have been duped, then blame QH for installing keyloggers on their system. Many of the more popular addons have had a problem with this, the most common being recount.

All in all your best bet is too download addons only from this site. The WoWI team is extremely dedicated to keeping the content here safe, and they do an excellent job. Somewhere around here is a description of exactly what testing new submissions go through before they are allowed on the site, but I'm afraid I don't have that link for you. Suffice it to say it's quite rigorous.

Wall of text FTW!

[spiritwulf]

Yes, as someone who has uploaded addons to this site, trust me, they are very thorough.
At times when i first started i thought i'd never get the dang thing aproved hehehe

Nothin but love Cairenn, and thanks for your patience

[Cairenn]

It just protects everyone. Users, against getting infected. Authors, against being accused of releasing malicious code. Us, against being accused of allowing malicious code on the site and users getting infected.

[Aligatr]

Originally Posted by spiel2001 Yes... let me be very quick to jump on this, as well... It is *not* possible for any WoW add-on to keylog your password or otherwise compromise your computer's security unless it contains an executable program that runs *outside* of WoW. Add-ons are not loaded until AFTER you have logged in to WoW and add-ons cannot communicate with the outside world. Therefore, it is *impossible* for any proper add-on to "hack" your WoW account. Period. I know that Cairenn, Dolby and crew are meticulous about screening their add-ons. The odds of you having downloaded anything from this web site that compromised your account are somewhere between zero and none. Things I would look for... Do you use WoWMatrix? If so, it has been implicated in the past in similar things (though *never* proven). Do you run an anti-virus program and a firewall? Do you have a secure password? (as in a password that could not be guessed if someone knew your user name and/or knew you in real life? Do you use the same user name and password for web sites you join as you do for you WoW account and things like that? (something you should *never* do).

I've never used wowmatrix, though i was thinking about getting it soon after i read someone mentioning it for keeping mods updated. No one could ever guess my password whether they knew me personally or not, but i do use the same password for everything, and relatively the same username for most everything. Also, i don't run an anti-virus program at this time, but i do have a firewall up. I do virus scans periodically and nothing has been caught yet.

[Aligatr]

Originally Posted by neuralassassin Depends on the virus scanner in my experience with anything serious malwarebytes anti-malware is a very good program and its free run it through a couple times and should clean you up pretty nicely you may also wanna check out CCcleaner also free and will clean up all the loose garbage on your computer Never heard of an interface that could hack your account as far as I know it's impossible I've been running nUI for a year or so with no issues so hope those things can help you out

Ok, well thats good to hear. I'm glad you guys have nothing but good things to say about this site, because i love this interface. Haha, and i would be very sad to part with it. But i'll try those programs you mentioned, thank you.

[Aligatr]

Originally Posted by Seerah Your account information most likely would have been gathered about 3-6 months before your account was hacked. Always be wary of any computers you use of which you cannot personally vouch for their safety. Public computers (at libraries, schools, cafes, etc) especially.

Hm, thats interesting. i cant think of one time i've ever played anywhere but on my own computer on my own connection. I don't know of anytime someone could have gotten me info. ; /

[Aligatr]

Originally Posted by Silenia To add what Scott said above... a keylogger will sit on your computer for quite some time before your account actually gets hacked into.

Can any virus scanner, such as mcaffee, detect a keylogger? Even after a hack has been done?

[Seerah]

Originally Posted by Aligatr Hm, thats interesting. i cant think of one time i've ever played anywhere but on my own computer on my own connection. I don't know of anytime someone could have gotten me info. ; /

You didn't necessarily have to play. It could have been logging into the forums.

[Vyper]

Originally Posted by Aligatr Can any virus scanner, such as mcaffee, detect a keylogger? Even after a hack has been done?

McAfee will detect KNOWN keyloggers running on your system, yes. There is nothing out there that can detect every keylogger. Many scanners, such as McAfee use heuristics to guess if a process is malicous, but a straight keylogger is unlikely to be picked up in this manner.

Even assuming you are correct, and your password is not susceptible to variations on dictionary attacks, that still leaves keyloggers (as has been discussed), brute-force attacks, and man in the middle attacks (both with WoW and any forums which you use the same credentials).

Speaking of which, Cairenn, I haven't noticed, does WoWI use SSL for logins?

[Aligatr]

Originally Posted by Vis Typically the only thing you can do is follow the so called "Best Practices" of Internet security. Good AV, Firewall (for Inbound AND Outbound traffic, and good Anti spyware software. Common sense goes a very long way to preventing viruses and spyware infections And if you are really concerned about future protection of your WoW account, I would recommend investing in the Blizzard Authenticator. Handle little key fob

Yea, its not too great that i dont have anti-virus protection. I've been meaning to get that re-subscribed but its just so damn expensive. ; / And whats the blizzard authenticator? i've never heard of it...

[spiel2001]

It's a physical device that gives you a secure password on each login. Makes your account pretty much hack-proof.

[Aligatr]

Originally Posted by Vyper While many virus scanners (Avast, McAfee, Norton, ect) and spyware scanners (ad-aware, spybot) will detect KNOWN keyloggers, there is no program that will detect ALL keyloggers. Even if your scan came back clean, that doesn't always mean that you aren't compromised. That said, your account being hacked does not necessarily mean that the information came from your computer either. There are millions of brute-force (guess a login-name/password and hope it works) attacks against the Blizzard servers every day. You may have just been unlucky (a weak password is usually associated with a brute force attack, if your password appears in the dictionary, or is a l33tized version of a dictionary word, it's weak). Don't feel you have to take our word on why addons cannot steal your password, feel free to research around, there is plenty of information available on how addons work. I'll start you here: http://www.wowwiki.com/AddOn_loading_process In other words, our code doesn't get to run until well after you have logged in. There are two reasons people commonly think addons are associated with a hacked account. One is what you experienced. "I just installed this addons, and my account got hacked, it must be the addon" (Yes I recognize you aren't saying that but you get my drift). The problem with this logic is that with 10 million players, some will get their account hacked shortly after installing an addons. A few post, and there you have it. The second is a bit more devious. I spent some time working on QuestHelper. During the time I was working on it, we started seeing sites out there claiming to host QuestHelper. When users downloaded these files, they'd find executables, which of course the sites would tell them to run (usually claiming it was an installer, which QH has never had). They were indeed installers, but not for QH (though the more clever ones installed it as well). Naturally, these people, never realizing they have been duped, then blame QH for installing keyloggers on their system. Many of the more popular addons have had a problem with this, the most common being recount. All in all your best bet is too download addons only from this site. The WoWI team is extremely dedicated to keeping the content here safe, and they do an excellent job. Somewhere around here is a description of exactly what testing new submissions go through before they are allowed on the site, but I'm afraid I don't have that link for you. Suffice it to say it's quite rigorous. Wall of text FTW!

Lol, well thank you for all the info. I know for sure, that my password is unguessable. No matter how well you know me, so im not worried about that.

The only reason i thought that it might have been the interface is just because when i informed blizzard about the situation they sent me a few quotes from their TOU and one mentioned non-authenticated third-party interfaces possibly compromising your account security. i just paired that up with the fact that just recently i downloaded the NUI interface. But, it was just an idea. Which is why i came here to ask you guys.

And as far as the executables you mentioned in some of the addons, i have quite a few, questhelper being one of them. Should i go ahead and clean all that off, and re-download from this site? Just to be safe?