A couple of years ago, I got bored of wandering around aimlessly in WoW and cancelled my account.
This morning, I got an e-mail saying my account had be been banned. Reason given:
Exploitative Activity: Abuse of the Economy
This was a surprise to me; especially when I discovered it was a legitimate email from Blizzard. I logged in to Battlenet (I haven't purchased Cataclysm) and it turns out that my account was active (e.g. trial) and also that it was indeed banned.
Because of the reason I was banned, I have to assume it was one of those gold spammers that got into my account.
I've got my account status resolved and my characters restored. But I have a couple of questions for the aftermath:
- I guard all of my account information very closely (even my less-important MMORPG info) and I don't fall for phishing e-mails. What is the most popular way these "companies" get my login info?
- Hacking into someone else's e-mail is a crime. Is hacking into someone's battlenet account a crime as well? If Blizzard coughed up the name of the company who stole my info, could I, in theory, go after them legally?
I know question two is farfetched…but I'm just curious. After being on the net for over 18 years, I'm thankful that the first time I got hacked was over something innocuous, but it still stings.
UPDATE
I updated my support ticket asking for more information and this is the reply I received:
Greetings!
Thank you for taking the time to contact us regarding your account.
After reading your petition and taking a further look at your account,
it appears that the compromise issue first started on 9/10/2011.
Someone unauthorized to access your account logged in and damaged it.
Unfortunately, we are unable to provide any specific information
relating to the party responsible for the compromise issue. While it
may not be possible to know exactly how the compromise happened, I
would however highly recommend using the information on our Account
Security Checklist found here
http://us.battle.net/security/checklist.html to address every possible
source of entry in the future.
Other than their Authenticator, that security checklist covers the basic stuff you'd see from any company explaining basic internet security. (something I'm very familiar with).
IMHO, it is possible to discover how the compromise happened, but I doubt Blizzard wants to join me on my personal crusade 😛
I would like to believe that somehow their databases got hacked and/or some rogue employee at Blizzard sold e-mail addresses for cancelled accounts to a gold farm. But who knows?!?
Regardless, I'm updating my passwords just to make sure accounts with more sensitive information are not compromised.
Best Answer
The most common methods these gold farming companies use to get account info are:
Key Loggers
Brute Force
The authenticator from Blizzard is supposed to be an excellent tool to protect your account.
Regarding your second question, yes, it most likely is illegal (there have been a number of cases around the world of people being successfully prosecuted for virtual theft), however, the chances of you successfully pursuing such a case within the context of a WoW account theft are almost non-existent. Most of the primary gold farming companies are located in countries where the government either honestly doesn't care, or actively protects their citizens in these endeavors.