Stop Thief!

This last week, one of my officers had their account hacked. Twice.

He lost everything, and the guild bank was drained of epic patterns, potions...and fish scales. Not only were most of his characters deleted, the best geared one was transfered off server (note: Not account transfered, as if sold, but server transfered).

My other officers reacted quickly and called both me, to lock down the bank, and the officer, to lock down his account. I removed all access, except deposits, from all ranks. I changed the gmotd to let people know what had happened, and submitted a ticket.

A GM contacted me within about 10 minutes, and I told him what I knew. At the same time, my officer was submitting a ticket of his own. The GM told me that he would start a report, but they wouldn't be able to do anything until they got the ticket from my officer. I asked if I needed to provide them with a list of items or anything, considering my guild would like it's stuff back. He told me no, that the officer hacked could just mention the guild bank in his ticket, and everything would be restored, including the guild bank stuff.

So, I made sure the officer knew what I'd been told, he submitted his ticket, changed his password, and we thought we were shifting into "cleanup" mode.

The deleted characters were restored, and with them a few of the lower level bank items, and all the fish scales. (whew, I wasn't sure how we'd live without those!) No progress with the server transfered character, but at least now he had some of his stuff back, some of his gold, and a character to raid with in the meantime. All the while he's watching his email for word from Blizzard, and scanning his computer for the entry point. An email comes through, where the thief attempted to change the password...to regain access to the account. This is reported.

The next day...the account is hacked again. The second highest character is server transfered. The rest of the characters are once again cleaned out and deleted.

Now, I don't mean to tell Blizzard how to do their job...but if an account has been reported as hacked, and you're in the middle of addressing that issue, wouldn't it be wise to flag the account preventing all server transfers, password changes, and maybe even character deletion? Just my two copper...

So, now we're still waiting. My officer is stuck without two of his characters, feeling pretty low, seeing as how this is something he's invested a lot of time and effort into. He's reformatted to hopefully rid himself of whatever hole the hacker crawled in, but they still got away...and a week later, the characters are still sitting on another server.

Word to the wise: Scan your computer. Still have the same password you picked out on launch day, nearly 4 years ago? Perhaps now is a good time to think of a new, safer one.

Guild leaders, preventing an account hack is not something you can really control, but there are still ways to keep your banks a little safer. Put withdrawal limits on every tab. Don't invite member alts without first making them request the invite from their main character (this prevents the pretenders from breaking in) and setup a trail membership period, with very limited (if any) access to the bank, for a reasonable period, so new members can't make off with your stuff.