Tobold's Blog
Sunday, January 02, 2011
Locked out

Steam was just the beginning. Once I came back home from traveling, I found that both Blizzard and Facebook had blocked my accounts for "suspicious activity", caused by me having logged in from a different IP. Facebook was especially annoying, demanding I identify my "friends" from their photos to be allowed back in. Unfortunately I'm "friends" with 288 people I found via this blog, none of which I ever met in real life, and there are only a handful among them from which I know the face. On a second attempt Facebook then allowed me to identify myself via e-mail instead, otherwise I'd still be locked out. Both Facebook and Blizzard required that I change my password.

The Blizzard message that my account was blocked was displayed prominently when I tried to log into World of Warcraft. I had also received an e-mail notification, but my highly intelligent spam filter had promptly discarded that one into the spam folder, seeing how I get fake e-mails about "your WoW account has been locked" every day. Only this time it was for real. I get a lot less Facebook phishing mails, but I have already seen some of those too.

Between all those phishing e-mails and various companies immediately locking my account if I log on from a different location, I'm starting to think that online account theft must be a huge problem these days. I hadn't even realized somebody might be interested to steal my Facebook account, but given that it might contain virtual currency that can be sold, I understand now.

Of course criminal activity causes companies to react with safety measures, and those safety measures usually end up annoying regular customers more than they hinder thieves. I'm starting to wonder how I can travel in the future without getting locked out of various online accounts.
Set up a proxy server at your home?
I don't think people hacking Facebook accounts are primarily after virtual currency. More likely, they are after a way to attain a "trusted source" to contact other people in order to spread viruses to install trojans and keyloggers and get access to things of far more worth.

I took my laptop on holiday a few months back and logged into several things including a couple of MMOs. Nothing was queried or blocked. Had no problems. I also had no problems using my credit and debit cards in ATMs, something which had been causing sufficient problems for others to be featured several times on National news and current affairs broadcasts just before I went away.

I wonder what triggers the security alerts. Could it be more than just you not using your regular IP address, but actually something about the IP address you ARE using?
Had a similar experience when I came back to WoW recently following an extended period away. Since I access the internet through multiple sources in my area, I had to deal with it happening almost every time I tried to log in the first few days. If they didn't already have my $15 bucks I probably would have just thrown up my hands and never returned.
Blizzard does make it a lot easier now to unlock accounts via automated email and a weblink. Previously you had to call customer service and wait a couple of weeks.
One concern is that people are prone to using the same password for several accounts. So, by getting your facebook password, a criminal could then potentially have the same password you use for WoW, Steam, your bank ...

So it's prudent of a company to force a password reset when reinstating an account, which is why you're seeing that more often.
You don't say here whether you use an authenticator for WoW. Do you? It would be interesting to know if that has any bearing on Blizzard's actions.
Most companies will have some way of notifying them that you are going on vacation, and not to suspend your account due to foreign locations. I was in the U.S. Navy for six years, so I got used to having to do this.

When the Gawker breach happened in December, I was forced to change my PW because my email addy was in the pile-o-accounts that got compromised. I do have an authenticator so I imagine that answers that. They played it safe and I don't blame them a bit.
I have an authenticator, which is why I'm pretty sure that the "suspicious activity" Blizzard reported was caused by myself traveling, and not by me actually getting hacked.
It's designed to block account theft as well as account sharing. It's much harder to buy leveling services if you're restricted to one geographic location. Blizzard can prevent RMT and all the problems associated with account sharing (theft, hacking, etc.) with this simple policy. In their eyes I'm sure the risk of losing a few mobile subscribers is worth the benefit.
People steal Facebook passwords to impersonate them and then try to trick people on the compromised friends list into wiring them money. It happened to two friends of mine.
There are various reasons for some unsavory people interest in others accounts.

Apart from the always-annoying-"we want to hack your account" crowd, there are people who want access to other pages not related to FB/WoW/etc. Most people use the same email/password combination on many sites, and getting the email/password combo from one site (say, Facebook), increases the chances that you are using the same in another site.
VPN to your home. Simple as that :) Every windows workstaion and decent router can help you.
That is odd - I went away over the New Year and had no problems at all. I have an authenticator too. Where I went use a different ISP so it would definitely have picked up that the IP address had changed.
My account got hacked over the holidays as well. I started receiving emails saying that my account was compromised and, like you, assumed it was a phishing scam. When I got home my account was disabled. Maybe hackers use the holidays to hopefully control an account while the person is on vacation. I downloaded the authenticator app for the iPhone which I find brilliant, I can finally secure my account at no additional cost.
Post a Comment

<< Home
Newer›  ‹Older

  Powered by Blogger   Free Page Rank Tool