Account hacked and PayPal used... How?

(Locked)

90 Pandaren Monk
10555
At 11:23pm last night I received a text saying that SMS protect had been disabled on my account.
At 12:18 this morning I received an email from PayPal saying 2 transactions had been processed from my Blizzard account.
At 12:25am I received 3 emails stating that 3 character transfers and a faction change went through

I inspected my account this morning and it appears that all of my characters have been looted and then transferred off server. I had quite a few items on my characters and also had officer access to a guild so it's possible the guild bank was also affected.

I did not authorize any of these changes, let alone paying through my PayPal. How were the safeguards bypassed is my main question?

I took the appropriate steps after my account being hacked such as changing the password, adding the authenticator per your instructions, and so forth. But as I said I am an IT professional and keep my computer secure. I verified each location I access the computer from was malware/spyware free as well as free of keyloggers. Additionally, I highly doubt that complex enough malware to accomplish this has been developed for Windows 8 so far, as I have yet to come across anything both from my customer's computers as well as my own in my own browsing.

I am also not convinced an authenticator will prevent this from happening again. In the past friends have had their accounts hacked with an authenticator and had changes made without their consent on their accounts. Their computers were also free of malware and spyware and evidence would indicate that accounts are being changed on the back end rather than through the official website.

Not to mention that yet another safeguard (implemented by Blizzard) such as accessing an account from an unfamiliar IP immediately locks the account and requires SMS protect authorization and/or a password reset, neither of which occurred.

How did this happen? What is especially concerning as I said was that my PayPal was used... And my PayPal and battle.net accounts have separate passwords.

EDIT: Here are the precautions taken:
Here are the scanners used:
MalwareBytes
HitmanPro
HijackThis
Kaspersky TDSS Killer
Spybot S&D
ESET

--------

I don't use PayPal hardly ever. The last time I logged into Paypal was ages ago, I use it for very few transactions. Not to mention the passwords are extremely, extremely different.

---------

Also had it confirmed that PayPal does not require secondary authentication and will literally just extract funds from your account if your Battle.net account is hacked.
Edited by Thaydra on 11/11/2013 8:59 AM PST
90 Pandaren Monk
10555
For the record, paypal was never accessed on my WoW computer and I did double check for keyloggers. The only paypal transactions to take place were to pay for character transfers
6 Undead Warrior
0
This shouldn't be in General... you should post this in customer support.
100 Blood Elf Paladin
13955
I hope you filed a ticket also.

If you had no malware or keyloggers, then is it possible someone you know knows what your passwords are?
90 Human Warrior
FoE
4360
How did this happen? What is especially concerning as I said was that my PayPal was used... And my PayPal and battle.net accounts have separate passwords.


Are you sure someone in your household isnt having a bit of fun at your expense. The thing about character xfers is if they can access your bnet they prob dont need to access your pay pal if its listed in your bnet account as a payment type. Idk I dont use paypal,but yeah you need to be in CS forum and on the phone to blizzard
90 Pandaren Shaman
4360
Didnt blizzard get hacked or something a year or 2 ago? did you play then, and if so did you make sure your password ect was changed?
90 Goblin Mage
8050
if paypal was tied to your account (which it obviously was) then all they had to do was have your email address and the rest is simple hacking tools. no authenticator = account WILL get hacked the moment someone finds out your battlenet username (which is your email address). the only people immune to this are people who have an email that is not signed up for anything on the internet and is only used for battlenet (easier to get an authenticator). not sure why people think someone needs a keylogger to hack you, they ONLY need your user name, passwords are beyond easy to hack and have nothing to do with keylogging or other viruses.
90 Night Elf Rogue
5370
Also, another way these things happen, and I hope this is not a possibility for you, but:

Have you purchased gold or in-game items for cash? OR sold them for cash?
How about power-leveling services?
Botting software?

These also can get your account stolen:
Entered your info into a form that you were sent to by someone (either e-mail or in-game) that said you needed to verify your account?
Uploaded addons from a random site and not one of Blizzard's partners or another community-trusted source?
Edited by Avanna on 11/11/2013 8:21 AM PST
90 Pandaren Monk
10555
Here are the scanners used:
MalwareBytes
HitmanPro
HijackThis
Kaspersky TDSS Killer
Spybot S&D
ESET

--------

I don't use PayPal hardly ever. The last time I logged into Paypal was ages ago, I use it for very few transactions. Not to mention the passwords are extremely, extremely different.
90 Night Elf Rogue
5370
Did you run those utilities with the WoW client open and with dummy data in the imput fields?

Some keyloggers that are specific for WoW are only active when the WoW client is open and you start typing.
90 Pandaren Monk
10555
And yes, my passwords are actually changed on a regular basis. I changed my password probably 5x in the last couple months due to accessing WoW on different IP addresses. PayPal password was also changed approximately 6 months ago, on a completely different computer that was also Malware/Spyware free.
100 Tauren Druid
19725
I don't use PayPal hardly ever. The last time I logged into Paypal was ages ago, I use it for very few transactions. Not to mention the passwords are extremely, extremely different.


If your paypal is registered to your blizz account though then transactions will automatically go through it if you have it as a possible payment source.

Why you never had an authenticator to begin with, for an IT pro, is highly unprofessional. You know how easy it is for people to break usernames and passwords... or you should anyway. You should know 0 day exploits exist, and that even being paranoid doesn't always work.
90 Pandaren Monk
10555
I did not consider that, that's a good idea Avanna I will give that a whirl when I get home from work.

The addons I loaded are through Curse, but with a different email and password than my battle.net account
90 Pandaren Monk
12155
Authenticator - it is or would be hard very hard like someone you KNOW has access to your stuff, to be able to disable this without it.
Edited by Ehonda on 11/11/2013 8:26 AM PST
90 Human Warrior
FoE
4360
And yes, my passwords are actually changed on a regular basis. I changed my password probably 5x in the last couple months due to accessing WoW on different IP addresses. PayPal password was also changed approximately 6 months ago, on a completely different computer that was also Malware/Spyware free.


Are you accessing from public places, I think its someone you know though, esp if you have all that protection.
90 Troll Warlock
9210
Authenticator - it is or would be hard very hard like someone you KNOW has access to your stuff, to be able to disable this without it.


Two-Step is basically the future.
90 Pandaren Monk
10555
Not from public places, my IP addressed changed because of Comcast, and moving my computer (laptop) to different locations. It's no one I know because they don't know the passwords either.
The authenticator will protect you from keyloggers and dictionary attacks as well as various other methods used to attack your password.

However, the authenticator will not protect you from "man in the middle" attacks and social engineering attacks.
90 Pandaren Monk
12155
Paypal also has a confirmation, for purchases by sending you a code to your phone, and would would get alerted if someone tried to log in ect.
100 Night Elf Druid
15980
Didnt blizzard get hacked or something a year or 2 ago? did you play then, and if so did you make sure your password ect was changed?


That breach didn't give out enough personal information to log in with.

Hacks are and always have been a client side issue.

http://us.blizzard.com/en-us/securityupdate.html

At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.
Edited by Amyiss on 11/11/2013 8:29 AM PST
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]