LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

hushed up

hushed up

Posted Sep 26, 2011 22:16 UTC (Mon) by tialaramex (subscriber, #21167)
In reply to: MySQL.com Hacked to Serve Malware (PC World) by tialaramex
Parent article: MySQL.com Hacked to Serve Malware (PC World)

Oh, another great example of how different other communities are, at the risk of compromising some future work planned at my company...

The video game World of Warcraft has been very popular. Blizzard -- the company which owns it -- has enormous problems with "account theft" where third parties obtain a user's email address and password and log into the game. This is frustrating for the user, who may find their much loved characters stripped of their belongings, or deleted altogether, and it's bad for the economy of the wider game. So Blizzard spend a fortune trying to educate users to avoid the problem, and developing countermeasures.

There are a large number of third party web sites either providing a service related to the game, or providing news and discussion forums. As with most such sites on any topic, they have their own user database, with email addresses in it, but they don't reveal their users' addresses to the public.

I signed up for a LOT of these sites, including some of the most famous and well respected. Each time I used a unique and unlikely-looking email address, one which never receives spam etc. Typically within a few weeks, and never more than a month, these previously never contacted addresses begin receiving very carefully tailored phishing emails, targetting World of Warcraft login credentials.

Each time this happened, I used the "feedback" forms, and forums to explain what's happened, and ask for an explanation. I have never received even the courtesy of acknowledging my comment. Where the complaint itself is public, it is usually deleted.

Are all these sites being "broken into"? Or do their administrators cheerfully hand over contact details about users to criminal "businessmen" for a slice of the profit? I don't know. But either way, nobody wants to talk about it or have it be talked about.

(Log in to post comments)

hushed up

Posted Sep 27, 2011 17:01 UTC (Tue) by k8to (subscriber, #15413) [Link]

Yeah, same experience. Each time I report it to the site where it happened (no response), and to Blizzard (canned response), as well as the larger community. My stance to Blizzard has generally been "look, you cannot trust third party sites, and need to internalize most of these services around your game unless you want to keep deal with people being hacked.

Of course I used different credentials each time, so nothing protectable was compromised, but it is still disturbing.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds