My account was hacked a couple of months ago (they even hacked my email and changed my password on there). I had to call up Blizzard and someone helped me change my logon email. They sold all of my stuff and had my spells arranged really...weird. He even completely changed my talents. My fiance ended up ordering us authenticators and it has worked well (plus I got a cute little corehound pet out of it). I still don't know how they got my password and account name. I never logged onto any other website other then battle.net. I never visited links I received through email. As for the violation...yea...I know exactly what you mean.

Run through the SoP for account security.

1. Inspect and clean your system. Run Adaware, Spybot, and AntiVir to make sure your system is clean of any keyloggers. If any emails come in supposedly from blizzard, go to your battle.net account directly and not with the email link they provide (100-1 odds it's bogus) to check the account for any issues. The goal here is to find out the problem, isolate it, and eliminate it.

2. Change your password. Now that you have your account back, you need to resecure it. If you leave it alone, it will just be accessed again.

3. Get an authenticator. There is no excuse for it now. you can get a standalone device, get an app on a smartphone, or even use the new dial up authentication service if the other options aren't viable. Is it 100% secure? hell no, but it's a massive improvement.

(Ongoing) Monitor your habits and that of others in your household. The only way you can be hacked is if there was a security gap that someone utilized. Put simply, your system got compromised somehow, it wasn't a matter of someone getting lucky.

Hope this helps.

They didn't get my account, but someone got my e-mail address and managed to hack my Gmail account. I had 400+ messages of bounce back from accounts that were not active e-mails anymore.

Had a password that was a 10-character random collection of 5 letters and 5 numbers. I thought that pretty damn secure as that's 3,656,158,440,062,980 possible combinations.

Nope, the fuckers got in. As soon as I figured this out, I checked all my computers for key-loggers and other spy/mal ware and found nothing. They brute-forced me.

Next thing I did was changed ALL of my passwords to a new set. I have password generator program that comes up with some really secure passwords. I also have an app for my iPhone that stores my passwords for me. Now my e-mail is protected by a password that has 6,140,942,214,464,820,000,000 possible combinations.

Since the e-mails that were bouncing back to me looked like scam attempts at other WoW users I reset my WoW password as well. That one has 18,214,337,864,508,300,000,000 possible combinations AND since I have the iPhone, I got the free authenticator.

There is no excuse not to get it nowadays since it is available on a pretty good number of phones or the one-time $6 charge for the gizmo is well worth it in light of the fact that hacking WoW is a popular pasttime for people in Korea and other areas.

The funny thing? Gmail lets you know when and how you were last accessed. Korea and China were my two access points. The other thing that I found interesting was the fact that all this happened to me after I started getting nasty to all the people that were trying to fake me out into thinking that I was a naughty boy in game and that my account was going to be deleted if I didn't go to their magical website of scamming goodness.

I started replying to them in game and telling them to delete my account of they thought they had the stones to do so.

I guess while they couldn't get my account, they got the next best thing.

Now I tell them what they can go and do with themselves, what orifice they use, and the name of the website that can ship internationally the rather large Agave Cactus plant they could do it with.

This happened to me. Ironically enough, my account wasn't even active at the time. They used a (presumably stolen) credit card and reactivated my account just to hack it. Seriously...wtf? Restoration of my items was pretty quick though, plus they left me with a massive amount of ore/gems that I sold for gold. Plus, Blizzard didn't deactivate my account after it was restored, so I got a month of free play courtesy of the hackers :-P I still felt really outraged, and very confused. We are extremely careful with our computers and use virus scanners/spybot/etc. on a regular basis. And if I wasn't using my account, how could they use a keylogger on me? It was weird.

Um do you have a security program on your phone? That may be the weakness. not all apps are just apps, some of them are malicious. And most people don't think about being hacked via their phone and by programs(apps) they paid for.

Long frozen accounts are a prime target actually. They usually don't have an authenticator attached to them making them easy to hack, any guilds affiliated with them tend to remove them from the guild, they usually clear their friends list which makes them all but invisible, and the holder rarely, if ever checks the account which gives them loads of time to get in and do whatever they want with little to no repercussions.

If anything, a frozen account should be even more heavily protected, simply because it's free access to personal information that could be more problematic.

Bounces aren't a sure sign of a hacked email account. They're usually a sign of a spoofed return address. Very different critters. My work email gets a ton of bounces, but has never been used to actually send spam.

This.

Unless an app came from an absolutely trusted source, and the phone data was sent encrypted, it's just a huge security hole waiting to be exploited.

^-.-^

Actually my e-mail was hacked before I got the iPhone app for storing passwords.

The app that I have for my iPhone is one from a company that has been offering password management for PC's and MAC's long before the iPhone came out. This was just their latest offering. So it's trustworthy.

As for phone security, I have the MobiMe account and have the ability to GPS locate my phone and if needed, I can remote wipe the sucker. It doesn't get the phone back to me, but I can make sure that they aren't getting into my data.

That and the App has a pretty secure password attached to it as well as a failsafe. If three attempts fail, then it self-wipes and the only way to get the passwords back is to re-sync it to the backup in my computer and iTunes.

It's the same software that my brother-in-law uses on his iPhone and I trust him since he works in Network Security.

that's NOT what I'm talking about-your phone is for the most part a computer-do you have a virus/trojan/keylogger scanner to make sue the other apps you have are not tracking what's in the secure apps? in other words security program on phone=security program on computer.

Droid has "lookout mobile" security-scans all apps before installation for malicious code. Yes they write malware and slip it into phone apps-so without one of those, it's the same as going on the web with your computer and no anti-virus.

and that's from LAST YEAR.

Ihackintosh article on the subject

I am well aware that my iPhone isn't some mystical device that was pooped out by leprechauns. I do work in IT thenkyewvurrymuch. And as such am well aware of computer security.

Sadly there is no such software to that effect. However I am fairly confident that my iPhone was not the source of my getting hacked. For the following reasons.

First of all, the iPhone runs a modified MacOS which in of itself is a *nix based OS. So it's more secure in that area. Also it doesn't allow applications to run in the background (which is something both an anti-malware app and malware itself really needs in order to function. This is one of the reasons I went with iPhone over the other offerings in the smartphone family.

Secondly there is the fact that every app that gets to be installed on a non-jailbroken phone (such as mine) has to go through Apple approval before it gets to be added to the app store. So they've checked it first. Another reason for my choice in iPhone.

Thirdly, I'm not one of these people who install every nifty seeming application under the sun. I have a few useful applications and games from known and trusted sources...and that's it.

And lastly and most importantly, the attack against my gmail account happened the day after I made the decision to buy an iPhone. The order had been placed, but had not yet been shipped out when I got the 400+ bounceback messages from the scammers trying to flood some list of email addresses that play WoW.

So I rather doubt that the still unactivated and barebones iPhone was the source of my misery. They got me through some other means.

And I'd love to know how. The password was a 10-character mix of numbers and letters and was not a password that I used anywhere else. Certainly not the password that I used in setting up my WoW account or I think they'd have gotten their grubby protuberances on that as well.

Never underestimate the power of a brute force attack. Which is why I always include punctuation whenever allowed. That pulls me out of both low-hanging fruit (letters only, no capitalization, common words, etc) and still worth forcing (letters and numbers only, etc).

^-.-^

again I direct you to the ihackintosh article-which if you had read it is titled
"And you were told that only Jailbroken iPhones are in range of Malware"

Which is why my my new passwords are a mixture of upper and lower case letters, numbers and the list of select punctuation that is commonly permitted.

They are also no less than 14 characters long. This gives me passwords in the range of 100,613,197,241,792,000,000,000,000 possible combinations.

Fine. I shall pack my bags, schlep across Mordor past thousands of orcs and chuck the goddamned thing into the fires of Mount Doom and thus prevent Sauron from taking over Middle Earth.

Will that satisfy you?

Or is it enough that I am IT professional of 20 years and am bloody capable of doing my own risk assessment on my phone? I do not install software from just any fly-by-night software company. The applications that are on my phone came from Apple (bundled with the iOS), or came from companies that have been around for years.

You want a completely safe computing device? There is only one perfect way to own a computing device and not have it hacked. It is called the "Never install anything on it or even turn the bloody thing on" method.

But that is very self-defeating when you factor in the reasons we have them in the first place.

I am well aware of the risks to Mobile Smartphones and having looked at the pros and cons of each, I chose the iPhone. You chose your phone based on what you read and you weighed the pros and cons just as I did. You just came to a different conclusion than I did.

And that in theory should be fine.

You keep your phone secure in your own way and I'll keep my phone secure in mine.

How about you just admit that having a stock iPhone with apps only from the store isn't an absolute guarantee of safety like you seemed to be suggesting?

^-.-^