My account was hacked and wiped along with my guild's bank this past weekend. As I patiently wait for the restoration to happen, I have been reading all of these forum posts about the same thing happening to many many others. I keep reading the same thing over and over. I have started WoW launcher and ran every scan under the sun to find what compromised my account. I have found nothing. I have ran every thing suggested on these forums as well as others suggested by friends. The same thing every scan "NOTHING FOUND". So either myself and whats seems like 100's others are just "unlucky" with these scans, or maybe there is an issue with the Blizzard security on their end. Maybe it's such a new logger that none of the scans pick it up yet. I really don't know, but to continually read these day after day really has me wondering. Has it always been like this and I just never read them because it hasn't happened to me or is this deluge the result of an open door somewhere that has yet to be found?? This is not to rip Bliz, just so many people cannot find what compromised them seems like these hackers have found a serious loophole somewhere.

---

Q u o t e:
I'm not saying that Bliz was hacked and they are covering it up. I'm just wondering if someone has not found a loophole that they are unaware of. And yes all my adobe flash and so forth are always updated. I run Kaspersky that is updated 2 and sometimes 3 times a day. I ran spybot and malwarebytes(all updated) as well as a few others that I don't remember and all found nothing. Everyone is quick to say it's on my end, until that is it happens to you. I keep all my cpu's updated regularly have never had an issue of any kind like this on my home network. Again, I'm not pointing fingers , just seems strange to me this many at a time. As you read these forums, and refresh your screen you will see additional people that have been hacked.

---

When something like this occurs, it's perfectly natural to look for answers and try to find some causality. That's actually not only reasonable, but by far the best and most preferable course of action. I'm delighted to hear that you make active use of well regarded malware scans, but I also feel compelled to remind you of a couple things.

The unfortunate truth is that it doesn't matter how effective your system security is if:

• You've ever provided your account information to another person.
  
• You fell prey to a phishing scam.
  
• You've ever logged in from a potentially unsecured or infected system.

There's more than one method of ingress for malicious account thieves, I'm afraid. Merely because you haven't found a keylogger, is not indicative of a security issue on our end.

As of this moment, I can confidently state that our systems remain secure. I would remind those reading that there is more at stake in our security measures than player accounts (though that information is crucially important). We also have all kinds of our own data and creative properties to protect, that are vital to the existence of Blizzard Entertainment.

Approaching the situation logically and bluntly: those who engage in these practices have a much easier time getting account information directly from our customers - ultimately a cheaper and better course of action for them. Where keyloggers and trojans fail, they fall back on social engineering and phishing. I'm sure that if those measures were no longer as effective, that they'd devise new ways to get at your accounts.

That's one of the reasons why we made the Blizzard Authenticator and Mobile Authenticator available, as well invested effort in helping to educate our players regarding account security:

Account Hacked? Security Issue? Look Here!
Account Hacked? Security Issue? Look Here!

Moving forward, and within the bounds of appropriate responsibility, we will continue to examine new and better methods to help protect and educate our players.

---

Q u o t e:


Thanks for the replay and the understanding that I'm out for answers not "blood" as some have posted here believe. The problem may very well be on my end; I just have not found it. I just find it funny when everyone assumes that the person hacked has been visiting gold sites or fallen for the e-mail tricks. Honestly I wish I had , then I would know why this all happened. And yes I ordered 2 authenticators the day this happened. And I'm worried about that as well because I read posts where those accounts are also being compromised. I'm not stupid, I surf safe I update things, and I was like many of you reading this right now, thinking "bah, he's been doing shady stuff, or just stupid.It will never happen to me." Well it did happen to me and I know how safe I have been, Just keep that in mind when your turn comes.

---

Thanks for understanding.

I should point out that no security measure is 100% effective. The man-in-the-middle attacks that resulted in the bypassing of several Authenticator protected accounts were not common to begin with, and have become less so. Overlapping security measures can each help promote the effectiveness of the others - thus, good anti-malware measures will help ensure that your Authenticator remains virtually impregnable. At any rate, an Authenticator can still provide a very substantial additional layer of security, and is one of the only measures I can think of that is also effective vs. phishing and the like.