Friday, June 26, 2009

World of Warcraft Account Hacked

My wife's World of Warcraft account was hacked a few days ago. The hacker change the password and email address so you could not login to the account. They took everything from all her toons and transferred 2 level 80 characters to another server. She contacted Blizzard and they were able unlock her account and she is waiting for a GM specialist to try to recover the characters and stolen items. What is bothering me is that this was a brute forced attack. My wife's account was known to no one including me. As a bit of a Grey-hat hacker this sort of stuff is interesting to me. My guess is that they used the Armory to find a target; that's what I would do. My wife had good gear and special items. Somehow they we able to find the userid or email and brute force a password from either the WoW client or the WoW account web page. Since hacking the web has been around for a while there are more safeguards around the WoW web site. The client does not disable your account if you attempt to many unsuccessful logons, so my guess is that they used a program that brute forced the password from the client. The hard part was getting the userID. I will have to investigate a little further to find out how they did it.

No comments: