Tuesday, October 6, 2009

Hacked: How could this happen to me?

I keep playing this over and over in my mind. How did this happen to me?

I don't truly know how this happened. My only guess is that I reused the same password too much. I have several strong passwords but once I switched over to battle.net, I could not longer use them. So I fell back on my more generic password I use for web stuff. And now that battle.net makes your account name your email address, all they need to figure out is the password.

This password is still strong, just not as strong as the others. It is unguessable and immune to dictionary attacks. To crack the actual password a computer would have to fall back on trying every combination possible. So someone had to grab the password. This leaves a website leak or keylogger.

If it was anyone else, I would say keylogger. That is why I do not share my account with people. I can trust myself not to fall for a keylogger, just not anyone else. I am a true computer person. I am usually the person people talk to that removes the really hard to get spyware. I teach people how to avoid it and what to watch for. My computers are clean of any spyware. The one time I thought I got infected ( I saw media player pop out of some pop ups and crash), I Just rebuild the computer.

This brings me back to other websites. I am not going to get into pointing at sites here, but there are 2 that come to mind. Places where I recently registered and in the last few day made some posts about making gold. I would expect one of those sites has a backdoor and is leaking information. I don't think the people running them would dare to do something like that.

It is also possible that my new visibility on those othe forums prompted someone to dig deeper into other sites I have registered with. One of those could easily be running out of date forum software that someone recently discovered a hack for.

The thing is I already had an authenticator in my pocket. I was not in any rush to set if up because I figured it would never happen to me. I figured wrong.

Update: I got thinking about what Blizzard would be looking at on my account. One thing would be account sharing. I don't do that, but logging in from ip addresses in different geolocations came to mind. And it just so happens that I was out of town a week ago. One night I used the computer of a relative that had so much spyware on it the computer that I wanted to pull my hair out waiting for it. So may toolbars in IE. I ended up installing firefox. I made a post on the guild website that I would miss the raid and I trolled the Blizzard forums a bit. Just as I am over confident that I do not have a key logger on my computers, I am over confident that my relative's computer has several of them.


  1. These days I use Firefox with two add-ons: noscript and adblocker. Noscript is particularly useful for two reasons- it blocks scripts until you allow them, and it shows you how many different sites you are connecting to when you visit a particular URL. I understand that some malware will install via infected ads that are pushed to sites, and being able to block scripts from third sites helps to avoid that risk.

    Adblock can deny access to entire ad frames, not just the images or animations within them, also cutting down the risk of infection from those sources. I don't like blocking all advertising from sites (some of them rely on that revenue to keep running) but there's just too much risk in allowing them to run scripts, especially since those scripts can run in the background without my knowledge.

  2. I was in the same boat when I got hacked. I'm usually the computer person, I keep my computer completely clean of any spyware, trojans, etc. To this date, I still don't know if it was a keylogger, an infected website, or whatever else that got my PW. I never found anything suspicious on my computer even after I got hacked, and I've never logged in from anywhere else or shared my acct info. I got an authenticator right after the incident, so I'm pretty sure it'll never happen again, but the whole thing still gives me chills sometimes.

  3. Noscript+Adblock work like a charm. Anyway, checking the "Remember account name" prevents you from writing your acc name and obviously from getting it keylogged.

    It's a shame that in a time where sites are moving from email address as login name (ie. Facebook), Blizz does the opposite with Bnet.

  4. Same here, same here.
    I also was stupid enough to use a password which I used on (too many) websites as well.
    I learned my lesson as my current WoW/Battle.net password is a total random one, which I use no where else.

    Ah well, luckily Blizzard is quite good with returning items after a compromised account nowadays. And good to read you got it all back (or at least as good as).