How would a gold farming company get my account and password?

ray023
  • How would a gold farming company get my account and password? ray023

    A couple of years ago, I got bored of wandering around aimlessly in WoW and cancelled my account.

    This morning, I got an e-mail saying my account had be been banned. Reason given:

    Exploitative Activity: Abuse of the Economy

    This was a surprise to me; especially when I discovered it was a legitimate email from Blizzard. I logged in to Battlenet (I haven't purchased Cataclysm) and it turns out that my account was active (e.g. trial) and also that it was indeed banned.

    Because of the reason I was banned, I have to assume it was one of those gold spammers that got into my account.

    I've got my account status resolved and my characters restored. But I have a couple of questions for the aftermath:

    1. I guard all of my account information very closely (even my less-important MMORPG info) and I don't fall for phishing e-mails. What is the most popular way these "companies" get my login info?
    2. Hacking into someone else's e-mail is a crime. Is hacking into someone's battlenet account a crime as well? If Blizzard coughed up the name of the company who stole my info, could I, in theory, go after them legally?

    I know question two is farfetched...but I'm just curious. After being on the net for over 18 years, I'm thankful that the first time I got hacked was over something innocuous, but it still stings.


    UPDATE

    I updated my support ticket asking for more information and this is the reply I received:

    Greetings!

    Thank you for taking the time to contact us regarding your account.

    After reading your petition and taking a further look at your account, it appears that the compromise issue first started on 9/10/2011. Someone unauthorized to access your account logged in and damaged it. Unfortunately, we are unable to provide any specific information relating to the party responsible for the compromise issue. While it may not be possible to know exactly how the compromise happened, I would however highly recommend using the information on our Account Security Checklist found here http://us.battle.net/security/checklist.html to address every possible source of entry in the future.

    Other than their Authenticator, that security checklist covers the basic stuff you'd see from any company explaining basic internet security. (something I'm very familiar with).

    IMHO, it is possible to discover how the compromise happened, but I doubt Blizzard wants to join me on my personal crusade :P

    I would like to believe that somehow their databases got hacked and/or some rogue employee at Blizzard sold e-mail addresses for cancelled accounts to a gold farm. But who knows?!?

    Regardless, I'm updating my passwords just to make sure accounts with more sensitive information are not compromised.

  • The most common methods these gold farming companies use to get account info are:

    • Phishing
      • Most of these attacks, as you mention, come through emails. Always check the domain of the link (the actual URL you will be directed to, and not what is displayed in the text of the link!) on any emails you get relating to WoW (or any other game... or emails in general!). Also check for misspellings. It is amazing how intricate these scams can be, yet simple spell-check is apparently too difficult. Phishing attacks don't always come through email, though. Some websites are designed to phish for WoW account information as well. Be wary of any site that asks you to log in.
    • Key Loggers

      • There are many malware apps and viruses out there that will install key loggers on your machine, which will then transmit your information to the farming companies. Keep your anti-virus definitions up to date, be wary of what sites you surf, and be careful of installing any suspicious WoW add-ons!.
    • Brute Force

      • This seems much less likely, but if you have a weak password it might be possible.

    The authenticator from Blizzard is supposed to be an excellent tool to protect your account.

    Regarding your second question, yes, it most likely is illegal (there have been a number of cases around the world of people being successfully prosecuted for virtual theft), however, the chances of you successfully pursuing such a case within the context of a WoW account theft are almost non-existent. Most of the primary gold farming companies are located in countries where the government either honestly doesn't care, or actively protects their citizens in these endeavors.

Related questions and answers
  • not reach the update manager at all). Creating a shortcut and launching it from there. If someone has any ideas it would be great. Thank to everyone who loss their time here! {: Edit: I waited...I was fixing another bug at baatle.net now it is done after a few days but this got at the foreground now -.- . So I start the battle.net application I enter my details and then the games tab stays on "Loading account information" for a very long time. Options are working nice, the other tab with the news is working smooth also, but this does not.. At the end of this 1-hour waiting I get

  • My Diablo 3 account was hacked, I didn't care until I wanted to play Starcraft II, I couldn't log in because the hacker changed my password and my e-mail, he even put an authenticator in place. I called Blizzard, and they recovered the account for me. When I started to play Diablo III I noticed that I have about 1.5 million in gold, and probably the best equipment in game. It seems to me like hacked equipment to be honest. For example: Masked Fame 274 Armor 42 Dex 72 Vit 27 Physical Resistance 5% Life Can I get in trouble if I play with that character? Like getting my account banned?

  • getting betrayals. I logged into my bungie account and also could not see anywhere on my profile where they would state any information regarding the ban or the time frame. It simply says "temporary...Neither my friend or I have ever been banned. We got the message on his console that both of our accounts, as well as the console, had been banned from earning credits. It pointed us to view.... I placed in bold the only reason they list that could have caused us to get banned. It is our fault, although definitely not malicious. We left the game in the matchmaking lobby and my friends

  • I log into the old account on my PC, it gives me no information about any devices being associated with that account, plus my wife and I deleted absolutely every trace that we could of Netflix from... live account for the first time, and have remained so for my last 5 logins so far. I think it's safe to say it's a fix. Has anyone else with this issue also found some resolution in the last update? .... They had suggested that some of the netflix servers were having issues, but I don't think this is the issue for a few reasons: When I do put my credentials in, it logs me in first time with no issue

  • , but would like to know ahead of time whether or not there will be any point to it. This is primarily because I have horrible saving habits (or, rather, a lack thereof) and so I do not have an easy way... mean certain doom for Joker and/or the Normandy. Besides this, players who have been paying attention won't want to over-exert him anyway due to his bone condition. So, during my first (and so far... point in doing anything with this time other than just completing the basic mission? Otherwise, it seems like the scene may as well have been done as just a non-interactive cut-scene. I understand

  • to take care of the other missions I had queued first. After I finally got to following up on the message, I logged into the system of interest only to find that it had security systems that were currently beyond my abilities to hack. So, I left and continued on completing missions until finally I stumbled across a bank account with over 1 million credits. After acquiring the finances, and buffing my Gateway to the max, I went to follow up on the e-mail. After the initial failure with the known account credentials, I went through the standard process of hacking the Admin account. I

  • Yesterday, I was in a party with a couple friends and I noticed I could go into my contacts and give them a call. I tried multiple times and each time...nothing happened. My friend never received the call and I never received theirs; the phone just kept ringing. Each time you call someone, it takes $10 from your bank account (for some reason). According to the GTA Online Guide - Your Phone... if any private chats or parties are created, but nothing happens! The phone just endlessly rings. Edit: (2 Days Later) Well it's been two days and I still have no idea what this feature does and, after

  • BioShock 1's hacking mini-game, which is tedious to me and stops the game while you hack. I find BioShock 1's hacking mini-game an exercise in frustration, since I have hacking OCD and have a habit of hacking every hackable item in sight in BioShock 2 - including security bots attacking me, turrets thrown by Big Daddies, etc. (I'm a master hacker in BioShock 2, in that I don't need a gene tonic to make hacking easier or even use plasmids on machines.)* So, is there a way to change/mod/reconfigure BioShock 1's hacking mini-game, to something less tedious? Note: I'm not looking for tips on how

  • extent, and have been doing so on our community's server for a couple of years now, and I'm familiar with the newer stuff since the switch from hlds to srcds, though I don't think the latter applies... -- more paranoia than a security issue, I'm aware. Nothing of mine is outside of my home directory though, so it shouldn't affect anything. Thanks in advance to anyone with any insight, and to anyone else... provides for some reason). Anyhow, it took around two minutes for me to get him banned, and I decided that I wanted sourcemod. I grabbed the newest metamod:source (mmsource-1.9.0-linux.tar.gz

Data information