I got hacked and I have SMS security and Authenticator ON

[Triden]

i don't feel like it's a good idea to put your SMS protection and auth on the same device, it just makes no sense to me.

Well, the point of SMS is as a backup to the 2FA system. It's primarily used in situations like getting a new phone and forgetting to write down the serial number and restore code. You can fall back to getting a token via SMS to prevent yourself from getting locked out of your account and needing to jump through hoops with support to get access again. It's not really meant as an additional security step. As such, using the same device should be fine for that.

[skitzin]

Well in 2010 there was plenty of "man in the middle attacks".

The earliest one I remember was done by a keylogger that would record what you entered and cause the game to crash.

During this time the hackers would log in and gain control over the account. Then any subsequent login attempts by the real account owner would be blocked as the logger sent a different authentication number than what they entered to the Blizzard servers.

Given the way the system works this means they have access until they log out or are cut off by something (Blizzard, Server Maintenace, or the real user logging in).

So yes it possible to do this kind of thing. And in 2012 Blizzard admitted that even authenticators didn't stop people being hacked and that accounts with authenticators had been hacked.

However, in your case it seems strange since "gut and run" is the normal MO for account stealers.

[RoKPaNda]

Well in 2010 there was plenty of "man in the middle attacks".

The earliest one I remember was done by a keylogger that would record what you entered and cause the game to crash.

During this time the hackers would log in and gain control over the account. Then any subsequent login attempts by the real account owner would be blocked as the logger sent a different authentication number than what they entered to the Blizzard servers.

Given the way the system works this means they have access until they log out or are cut off by something (Blizzard, Server Maintenace, or the real user logging in).

So yes it possible to do this kind of thing. And in 2012 Blizzard admitted that even authenticators didn't stop people being hacked and that accounts with authenticators had been hacked.

However, in your case it seems strange since "gut and run" is the normal MO for account stealers.

"Plenty" - Blizzard confirmed it happened a small number of times. Other than that, you're right, it's not standard operating procedure of hackers to farm AP. Cut and run. Even then though it's not worth nearly the amount of effort on their part as it used to be. OP probably just forgot.

Or as someone else said he logged in somewhere else prior and someone logged in from there and wasn't asked for a new auth code.

[Echocho]

I login just now and there is a trinket and a helm in my bags that I know for 100% certain I didn't earn.

This is modern WoW, the whole game revolves around you getting showered with gear you didn't earn.

[Phantombeard]

I login just now and there is a trinket and a helm in my bags that I know for 100% certain I didn't earn. Along with AP tokens.

I wouldn't complain for free stuff but this could have been my gold. Im sitting near gold cap across 6 toons. I have some of the rarest pets around.

Really would like to know what the fkkk to do next.

I do not have a virus. I know this because for BfA I upgraded my SSD from 256 to a 1TB EVO. Quite the upgrade but it was on sale AND I had to do a clean install.

Nobody else has access to my info.. AT ALL. I am 10000000% sure of this.

-_-

Waiting on reply from Blizz

PLEASE, When you DO get a answer post it. About 8 months ago this very same thing happened to me, but its very strange. I raided one night until about 5am and had to get up and go to work the next day at 8am. That only leaves me about 2 hours of sleep and 1 hour to chug energy drinks. So I logged off of wow and low and behold after my 2 hours of sleep I got right back up and logged into WOW. I had about 100k more gold and a bunch of new items, Heroic and Mythic that no way could have all been got in the 2 hours I was logged off. I panic'ed and changed all my PWs and ordered a New authenticator (and yes I had a authenticator on my account already and for years) . I've never had it happen again. I came out on the deal but who knows what would have happened if they decided to be evil next time. Strange things these days..strange in deed.

[God Save The King]

@xcureanddisease A bit disconcerting, but you can generally get around those kinds of security measures if they don't always ask you to verify. I think Blizzard removed that option, if not, enable it.

Not to get overly technical, but you have an IP address. Think of your IP address like your Phone Number. Everytime you visit a website, you had it over so they can communicate with you. You can change IP addresses without an issue, and it works out, just like a phone number.

Anyway, the next important thing to know is that you can spoof IPs. IPs can be traced to a location (kind of like the area code of a phone number). If you shift around within your usual region, most places won't care. So, what would need to happen to get hacked? Well, access to somewhere that has your IP address. Like email. With that, you can look at the raw data, and extract the IP from the header. The next issue is your location. By your bio, you live in LA. Unfortunately loads of VPNs are set up there, so it'd be fairly trivial to mark yourself within the same geographical location. It'd be like getting a phone number with the same first 6 digits. At that point, Blizzard will just assume you switched devices, and received a new IP address. They'd be even less suspect if the hacker logged on at a normal time, and didn't try to adjust account information.

There are other steps necessary, but that's the jist. To avoid triggering location based security is fairly easy if you're dedicated.

Best steps? Different passwords, protect your emails like crazy. Try to establish an "account" email, where you attach all your important accounts to. Don't make it an easy email, like your first name/last name. Treat the address like a password, and give it out to only the most trusted websites. The fewer people have it, the better. Also don't send emails from it. They need a sent email to grab IP.

If that still isn't enough, feel free to ask and I can give you more (and increasingly weird) steps.


Also, as for motives, there are things called good hackers, white knight hackers, bug hunters, ethical hackers, etc. The idea is they compromise systems, help out whoever they compromised, and send the information to the company to help them. Big companies, like Google, Apple, Facebook, etc, pay out money for these hunters. They get an external force who has an interest in protecting them, and they are spared the humiliation from horrible attacks. You don't hear much about them, and that's for a reason. Both parties stay quiet, usually as part of the payment.

[Primemrip]

Have you been very very drunk recently.

Sometimes I wake up with no recollection of things either.

You probably auto looted a bunch of stuff from the mailbox without realizing. If you got gold cap on characters ur probably twerking the AH and it wouldnt be hard to accidently miss a few postmaster items.

[Exystredofar]

So my fiance and I sometimes switch computers, and we each have auth & sms protection. However, only rarely are either of us actually asked for the auth code even when we log out of out "main" pc and switch. I can log onto my account on his usual pc even if it's been a month since I input my auth code on it. Of course, for BRAND NEW pc/laptop it always ask.

My point being, are you logged in anywhere on another computer? Could a friend/relative have just sat down and opened your wow and played a bit?

There is actually a toggle option on battle.net to force it to ask for authenticator for every login, so turning that on would fix that.

[Fathr]

Threads and claims like what is in this thread are always funny.

OP thinks the only possible explanation for his issue, is that he got hacked.

AND

We got a bunch of security experts here.

Agreed. MFA can be hacked, but it requires more skill (getting the account login information and finding the number connected with it) and dedication than anyone would use to gain access to a wow account of all things rediculous. Unless off course OP gave away his information. This is Blizzard support, we are sorry, but we believe your account is beign hacked, but you'll recieve a sms just about now, would you please give me the information it states ? My money is on a person wanting his 5 minutes of attention, so congrats OP you got it!

[Kokolums]

Dont browse the web on the computer you play wow on.

[niil945]

I love all the people who are like, 'it can be hacked!' No, no it can't. You can be stupid and give away your login information. You can be stupid and put in your code in places you shouldn't. It can't be hacked.

[Aradur]

inb4 op remembers his "gf played with acc, lol" or "omg, i was drunk, lol" or some stupid things like that.

[Nussa]

It's also very possible that nothing related to security happened at all.

OP doesn't mention if his world position changed. And it is likely, happened to me once during MoP(I got a title I hand't earned while being logged in, afk. The achievement popped right as I was standing up from AFK), that something bugged out on the servers end and just rewarded him the items later when he was logged out of the game(but was still available in the game as an interactable character. Happens when you kill the process without exiting cleanly). Basically a delay, a bug on the servers end or not even a bug, just some lag between the loot system and the realm system.

I bet that is the real thing that happened. Security with an authenticator requires some sophisticated stuff to work around. The attacker needs to be either deep in the Blizzard servers(which is the most unlikely of these), have access to your authenticator or masquerade a middle-man between the server and you, more likely and at the same time has gained control of your password (this is a must basically, and since people with authenticators usually have them pretty bad too, it's not a surprise if they are crackable within hours/seconds, especially some ridiculous dictionary words).

PS. Use KeePass and just have all your passwords different across all your accounts in places. This is the best way to defend yourselves. Obviously use the master password only on the database and make it a good long one. Requires remembering only 1. With this, you don't even need an authenticator in most places. 150bit passwords are going to take like 2^20?-2^27 whatever time units, I think it was years, to crack. And that just isn't feasible with current security algorithms. This means, that even if the password database is stolen and the salts are also obtained(which are often stored seperately on the same server), then even if they gain access to the direct hash of the password, it would take them the amount of time I mentioned earlier to crack. Technically meaning that even if it is compromised, the 20 character randomly generated password with KeePass or KeePassX, is secure enough that you can continue using it. Although obviously, it is recommended to change it, since if the cracking algorithms improve, the time it takes to tear the cipher down would in cases, dramatically reduce to a level that it can actually get cracked.
The only inconvenient part is that you have keep a password database file somewhere safe and always accessible, lest you want to lose access to all you have. But that is relatively easy as it too is encrypted, so you can basically even use it on some unsafe cloud platforms for access from anywhere and any device.
That is what I use.

Oh and you're welcome.

[Frolk]

I login just now and there is a trinket and a helm in my bags that I know for 100% certain I didn't earn. Along with AP tokens.

I wouldn't complain for free stuff but this could have been my gold. Im sitting near gold cap across 6 toons. I have some of the rarest pets around.

Really would like to know what the fkkk to do next.

I do not have a virus. I know this because for BfA I upgraded my SSD from 256 to a 1TB EVO. Quite the upgrade but it was on sale AND I had to do a clean install.

Nobody else has access to my info.. AT ALL. I am 10000000% sure of this.

-_-

Waiting on reply from Blizz

Dont play when drunk/high or have some Chinese dude farm mounts with ur account and ull be fine.

[dirtyjokes]

Same thing happened to me, I had a skirmish win even though I never play skirmish lol
Changed every password but I feel like it's a bug

[Ealyssa]

i don't feel like it's a good idea to put your SMS protection and auth on the same device

SMS backup isn't tied to a device... that's the whole point of it being a backup. You can always get back a new sim card with the same number no matter what happen to your phone.

[Pandragon]

This is an instance where higher technology is bad. A mobile phone authenticator can easily be hacked. I got the physical one, and have never used the mobile one, never been hacked.

[Morae]

Authenticator should be pretty good security, if no one gets to your phone. Sure there are ways to get past all security, but it would be really big effort for... what? To collect a few AP and trinket? At worst your account would be cleaned and some gold seller somewhere would get slight ibt more gold. Not worth the effort while there are probably lots of accounts with no protection they could hack into.

Something doesnt add up. My guess is that you were drunk or something and just dont remember playing. Assuming there is really no one who has access to your phone.

[hulkgor]

Yea, a "hacker" logged in and did a couple of world quests for you or LFR wings for ya. Sure.

Weekend threads on mmo-c... always 'interesting'. *sigh*

[blackbigout]

Probably forgot tonlooot a few bosses in a dungeon got it all in the mail when u auto looted your mailbox which was probably full of gold from auctions they came with didn't notice till the next day