Account security in your raid
Ever since I took over as GM of Enveloping Shadows, I’ve been viewing just about every happenstance in the guild through the prism of “how does this affect the raid?”
My primary goal is and will remain keeping the raid viable, progressing, and upbeat, and if something conflicts or threatens one of those three things I become obsessed with it.
For example, immediately after I took over one of our dps warriors got hacked. Normally this wouldn’t be an issue, he’d file a ticket and get his account restored. Might have no even missed a raid if the hacking took place later in the week.
The twist however was that this warrior did not own his account. He had purchased it at some juncture and had been using it for some time. He didn’t have the account information and had absolutely no way of getting it back from support. The dps warrior who was always in the top ten on the charts, was kitted out in 264 gear, and even had a Shadow’s Edge, was kaput.
Thankfully he had a second account (his own) with an 80 paladin, and he switched that to his main and basically jumped right back in the saddle. So I guess there’s a happy ending to that. He’s even working on another Shadow’s Edge.
Fast forward to this week. On Wednesday one of the confirmed resto shamans (or, shamen?) didn’t show. I brought in another healer from standby and we went about our business. Towards the end of the night, the shaman hopped in vent and informed us his account was hacked. The hacker had deleted his characters and put an authenticator on it. And, moreover, he didn’t own the account so he might not be able to get it back.
Another one!
Though again, thankfully, we were blessed with a happy ending. Whoever was in charge of support that morning must have been feeling generous, because the shaman got the account back without supplying much (if any) information. So, I was not faced with having to replace him with a new healer in the roster and then gearing that new healer up. A very relieving turn of events.
Now, to get back to the point: both these unfortunate incidents obviously affect the victim, but they affect the raid as well. Losing a great dps with a great gear would be a pain in the butt. Losing a great healer would be more damaging. The raid suffers when people whom you depend on are forcibly removed from the raiding pool.
Of course, your raiders have a responsibility to the 24 folks that they adventure with. Moving forward (especially after two incidents in about a month) I’m strongly considering some kind of recourse, being it dkp bonuses for having an authenticator (as incentive), benching non-authenticator’d people more often, or just plan demanding everyone obtain one.
At the very least, if you don’t own your account (the root of the issue, this is pretty dumb, honestly), you should take steps to prevent your account from being hacked. Get an authenticator. It can’t prevent the original owner from taking back the account that he sold to you, but it can prevent some low-life on the other side of the world from destroying everything you’ve worked so hard on.
Armory Feed
WOW, 2 of your raiders didn’t own their accounts. That’s a pretty high number; it makes me wonder just how many of our “friends” we play with actually bought their accounts.
Funny thing happened to me on this topic in my last guild, in the early 3.2 days. One of our officers, who happened to be our Main Tank, bought a very large quanitity of gold to power-level jewelcrafting and get epic flight for his alts. Apparently it was a large enough quantity to attract Blizzard’s attention. The next night, as we were wiping on Heroic Northrend Beasts, he speaks up in Vent, “Uh guys? I just got a whisper from a GM. He says he needs me to log off right now to remove some property that was taken from a hacked account.”
Suffice to say, that ended the night’s raiding.
Zebb’s last blog ..Try Not, Do, or Do Not. There is no Try.
Ayup. We effectively lost an offtank due to the exact same thing- he got hacked *twice* before he got an authenticator. In the meantime he got so frustrated at having all his gear deleted each time that he switched to his priest instead.
LabRat’s last blog ..Dear LFD Healers
One of our officers got hacked last night… the hacker added an authenticator and ultimately changed his password. After reading this I’m praying he actually owns his account :P
All officers pretty much have unlimited access to the bank… so thats all gone.
What’s my main Again?’s last blog ..Stress and Relaxation?
@Rilgon
23 April 2010 at 2:37 pm #
Honestly, I think I would’ve ended up removing the people with purchased accounts, but that’s just me. *shrug*
Regardless, more people need to read my damned security post. Getting your account compromised is your fault, and you need to take actions to prevent it.
http://www.stabilizedeffortscope.com/?p=888
Rilgon Arcsinh’s last blog ..Jump to Warp Speed
We had a similar situation arise several months ago.
We had two different officers hacked within a couple of weeks from each other. The guild bank had been cleaned out each time (sans gold, as only the GM had gold withdrawal privileges) and a giant mess occurred. After this, the officers and the GM decided that all of us in leadership roles would be required to own an authenticator on their accounts in order to prevent both the bank issues, but also the loss of members, as it is our responsibility to make certain that we are able to be on and prepared for our raiders.
Five weeks later, the GM was hacked because they hadn’t gotten around to ordering their authenticator. The guild had been disbanded, the bank and the gold this time had been completely taken, and the characters had been deleted. As it had occurred multiple times recently, blizzard was very slow on restoring the items (Several weeks) in which the GM was completely out of it. This occurred two days before ICC was made live…
It was not a particularly fun time to both be playing disaster recovery, acting as the temporary GM, figuring out who all needed to be invited and then trying to dive into ICC…
@Rhidach
23 April 2010 at 3:44 pm #
Thankfully our officers are required to have authenticators (Core Hound Pups = verification, love them) to be officers. I have an authenticator as well. I’m not worried about officers getting hacked.
That’s rough about your guild Selyndia. If anyone in a guild has a duty to keep an authenticator on their account, it’s the GM. That’s beyond negligence that your GM allowed what befell your guild.
Well, in the end it worked itself out.
We’re pretty much at the same place in progression as you are (We JUST downed Sindragosa 25 this week; while you should have her down next; and I think both of our guilds dropped TLK 10 on the same week), and it was one of several contributing factors that ended up with the previous GM stepping down, and then I ended up at the helm (much to my own chagrin). At least now I know that the GM has an authenticator now…
@Rhidach
23 April 2010 at 4:01 pm #
Haha, welcome to the Unwilling GMs Club. :)
Glad to hear everything worked out, though.
@Anafielle
23 April 2010 at 5:22 pm #
I used to ascribe to the “People who get hacked are just idiots who don’t know how to run a virus scan, who don’t look at address bars when they click links, who buy gold, etc – I know computers and I’m immune” theory.
Then a friend of mine who I thought knew just as much as I did got his account hacked. Or compromised as Rilgon more correctly put it.
I got an authenticator and you know what? I love it.
I used to worry about losing it right before a raid. Well, not anymore – it’s attached to my car & house keys, and if I lose those I’m in a lot more trouble! :)
The core hound is cute.
And the security I have – even if I make a mistake, even if I get a virus my virusscan doesn’t catch in time, even if I get totally wasted one night and sign into http://www.thisisnotakeylogger.com with my account information…… no one can log into my account without my keychain. I like knowing that. :)
I’ve not paid for anything else in game like pets or mounts, but this $6 was worth it to me.
Hacked accounts can be severely damaging, as proven by your post and all the comments above. While I don’t have any horror stories about hacked guilds, I’m currently in the middle of dealing with retrieving my cousins account for him. He stopped playing about 6 months ago, and when he tried to return last week he found that his e-mail had been changed. While were not 100% sure yet, but it is almost certainly a hacking issue.
I got my authenticator a few months ago and love it. My only advice, as far as requiring every raider to have one, is that while its $6 for Americans, it is much more costly for everyone else. I only live in Canada, and while the authenticator was $6, the S&H was close to $20. $26 vs. $6 is a big difference, just something to consider, though to be honest I think it’s well worth the cost.
hey, belated grats on the GM role.
@iamapaladin
26 April 2010 at 5:28 am #
I have an authenticator, thank God! I haven’t heard about authenticators being made required for GMs/officers on my server though. I have been hearing about a lot of hacking incidents but no one seems to really seem too concerned about it. I guess because my current guild has so many members and thus, a deep reserve to draw upon.
@iamapaladin
26 April 2010 at 5:30 am #
On a side note, I recently signed up for CommentLuv, how do you get it to show your latest post after your comment? I don’t get it -.-
HP’s last blog ..Gamers Can Save the World
@Rhidach
26 April 2010 at 8:01 am #
@HP: It pulls it from your blog when you put your URL in. Works, I think, I can see your latest post: “Gamers can save the world.”
@Jong: Thanks man!
I woke up today to find that my account had been compromised. I am on a mac (I know that doesn’t make me bulletproof, but it does decrease my chances on the virus/keylogger front). My account is as of now, banned for manipulation of in-game economy. I can only imagine what happened to all my money and items :(. Luckily, Blizzard is being very nice and told me that my account will be reactivated within 24hrs and my stuff should be back soon.
The only thing I can think of, is that I usually access the armory through google instead of going directly to the link (kinda silly I know, but I go there pretty rarely) so I think I might have put my password into a fake WoW site. I am basically positive that I have no keylogger or virus on my comp, so this was probably how it happened. Interestingly, the hacker/thief put an authenticator on my own account, so I had to go through customer service in order to have it removed and to put up my own.
To quote ridach, and pretty much everyone else that has ever spoken about it: “Get an authenticator.” Even those on macs, cause you might be relatively safe from most viruses, but a fake armory or other WoW website when you aren’t paying attention can still get you good.
@Rhidach
26 April 2010 at 3:17 pm #
I’m sorry to hear about your harrowing experience Dan :(
I think the take-away lesson of what you just went through is this: no one is safe. Get an authenticator.
Horrible, man. I totally agree on the authenticator. I had trouble with mine recently, but would much prefer that to being hacked.
gravity’s last blog ..Authenticators are still ftw