Disaster recovery

One of my friends in the Ravens had his account compromised in the small hours of Saturday night and Sunday morning, his characters stripped and his main toon used to mine ore in Wintergrasp. To make matters worse, he was an officer and so our guild bank got raided pretty heavily too.

I found this out late on Sunday Morning - I'd not planned on logging on until late on Sunday, but decided to check out a few things, only to discover this issue - and immediately locked down the guild bank (yes, closeing the door after the horse has bolted I know) and ejected the hacked guildees's characters (pending a GM investigation and general security check).

Both the targetted character and I raised tickets, which Blizzard eventually got in touch about (2 1/2 hours, though given it was a Sunday afternoon the delay was understandable) and are investigating, stating both the character and the GB may have the missing items reinstated.

I'm feeling pretty terrible about the whole thing - I'm the person responsible for the GB and who set our access levels. Incipient paranoia lead me to get an Authenticator for myself at the WWI, but I didn't fully consider the impact of others not having them.

 So, lessons from this:

1) Get an authenticator. No matter the security measures you have in place, there's always the possibility of a new and undetectable piece of malware. An authenticator gives some measure of protection against that.

2) Take a look at your GB settings? Are they such that a single hacked account can cause major losses? Can the access settings be tightened without making the GB unattractive? (The corollary of tight secutity is that is a GB that people can't use isn't going to be useful). Do you want to differentiate access for those with authenticators and those without?

3) Don't buy gold. Money isn't hard to raise in Wrath (or BC for that matter) so why encourage criminal activity by doing so? One of my few standing rules in the Ravens is "buy gold, and bye-bye" - I'll boot anyone who does so. 


So, as if this week wasn't stressfull enough (fun real-world issues), I'm not sitting waiting to see what the outcome of the blizzard investigation is. Some of the comments I've had within the guild aren't very encouraging; the targetted characters may be aided, but the guild may not. We'll have to see ...

1 Comment

A similar situation happened in our guild, except it was our GM who was hacked.
Within a week to ten days (I know it wasn't two full weeks) we had 95% of our guild bank back (the majority of what was still missing was the gold itself).
It took closer to a month for our guild leader to get his toons clothed, and to recover the gold from his account as well as the bank gold.
He now has an authenticator :)

Leave a comment

Recent Entries

  • We have Panda-sign

    So, the Mists of Pandaria is starting and yours truly has a beta invite (and played briefly this morning). Time to dust of the Witching...

  • All quiet on the Cataclysm front

    Nope, not dead or quit the game - just not been blogging. A lot of recent playing has either been dailies (having recently completed the...

  • Ding dong, the witch is dead

    [CC'd from Ravens guildspam]   It is with sad regret that Andromatche must announce her resignation of leadership of the Shuttered Rivens and her departure from...

  • A bit of Argybargy

    Last night saw the Ravens down Argolath in Baradin Hold. A number of guildees had killed him in Pugs (as well as some other bosses...

  • Rift: WOW clone or Wow Killer?

    It begins at the end of the world with your resurrection. The baddies have won the war, and in a last ditch effort to save...