Hello, I know this may not be for here but I don't have any other options. So today I woke up and entered to do my daily rhc and I saw my characters were lvl 1. Later I found out all of them got robbed and deleted, then recreated (some of them with wrong names and classes tho). I logged in warmane site and found out someone breached into my account and changed the password, my email and then after 2 hours changed the password again (probably to my previous one so I can see my characters being devoured). I changed my password but he can still take over my account simply because this account belongs to his email. So, of course I tried contacting a gm via the website but I could post a ticket only for ban appeal and wrote a ticket in the game 12h ago (still no response, that's why I decided to write here). I managed to restore my main character from warmane's character restoration option and when I entered everything was stolen/destroyed. My SM was missing, most of my pve items too. That guy stole from the guild bank and sold everything in AH for less than 50 gold. He sold primos, pots, flasks, BOE items from the SM chain. There are 2 characters which are suspicious buyers because one of them bought all of the primos and BOE items from the SM chain (lvl1 tauren warrior).
Answering some questions in advance:
-Why don't you use two factor authentication? - Because I've used ti before and every single day it asked me to enter a code and it was pretty annoying so I disabled it.
-Have you shared your account info? - No, never.
Have you used/downloaded any suspicious softwares? No, I haven't.
By the way I have another account and it's untouched.. yet.
I would be glad if things can go back to normal.
-
Member
Account scam
-
Forum Veteran
You won't get anything back. What happened is your fault. Best to start gearing up again.
-
Member
How is it my fault that someone breached into my account?
-
Forum Veteran
You did not enable 2fa because "it was pretty annoying". Compare that to how annoying it will be to get all your gear again.
-
Member
And how can you explain that somebody changed my password and email without even authenticating from my own email? This dude literally changed everything without having to authenticate anything. Isn't that also a problem in the security? It's a simple thing that is required everywhere. Yet I have gotten 0 emails and the person responsible for this deed did whatever he wanted. Also how do you explain account stealing when I've never shared my acc info and never downloaded malicious softwares?
-
Forum Veteran
You do not have 2fa on, why would he need to access your email? That's the point of 2fa, to require access to your email to log in. No 2fa, no email access requirement, easier to get hacked.
How did he get your password? I don't know.
-
Member
I think it's a simple pattern used everywhere: in order to change password or email you have to authenticate it via your OG email. But still the question stays. I also don't know how he/they got my account name and password. I've heard this is not the first time account theft like that is happening and I'm questioning warmane's security.
-
Member
You disabled one of the main security features that's designed to try and prevent what you just experienced from happening. Sounds like you problem.
Have fun gearing up again. Maybe now you understand why convenience isn't always the best security practice if you value your account.
-
Member
Okay. I agree it's my problem. But how do people get your account and password? Maybe you should try to understand my point which is that warmane's security is faulty and such things aren't acceptable too.
-
Forum Veteran
If you are suggesting that the web site was hacked, it is not unreasonable (and it happened before), but you should have started your thread with that.
-
Member
I'm searching for answers and solutions at the moment. My doubts about the security are because I can't think of any other ways of people getting my info. Are there any other alternatives known to you?
-
Forum Veteran
"How do people get your acc/pass?" - simple - poking at forum names is probably where one would start. Password can just be brute forced.
This kind of thing almost happened to me a while back. (2fa enabled) I began receiving authentication emails and when i checked the logs on warmane the IP was completely different and from another country(allegedly Turkey). I changed my password. S***BAG TRIED LOGGING MY ACCOUNT AGAIN - I get auth email. I changed the password again. Login attempts stopped, haven't had this happen ever since.
So, either you contact your ISP and sort out the dynamic IP issue(constant authentication required), or you just authenticate every time, or don't use 2fa and don't complain when s**t hits the fan.
-
Forum Veteran
I got cleaned out once too(same story, didn't have in-game 2fa since there is no info how it works). No idea how they got my info. Reply I got was "will pass this up the chain" and I'm still waiting for a reply or soemthing these last 2 years.
You can probably recover items you bought for coins, everything else is gone. SM - maybe they will restore it, maybe they will reset your quest, no idea.
-
Member
I understand your point just fine.
Passwords less than 8 characters are easily brute forced. More so because Blizzard logins on this client don't seem to accept special characters as part of the password.
Reusing passwords across different services could also mean your email + reused password is out on the internet in some data dump for others to use and try against different websites.
There's other ways your password could've been obtained / guessed but I digress.Edited: January 18, 2021
-
Member
Stop blaming the guy. Some dip**** lowlife doing that crap is the one to blame. Let's just try to get the GMs attention and help him out. Not that difficult. There are logs for everything-
