The Hacking of WildStar

So this is one of those more embarrasing posts to make public, but if it serves as a PSA for anyone else I hope it can help others.

Yesterday my account was hacked.

I was cooking dinner and letting Feya craft a bunch of things to print more money for my account. I came back and had a “you were logged off because of another client logging into this account”. I’m use to seeing “Network Connection” gray-screens and I chalked this up to just being a glitch with that system. I logged into Feya and everything seemed fine. Still, I was concerned and put a 2-form-authenticator back on my account.

Why had I taken this extra level of security off? I dropped my phone about a month ago and was planning on replacing it due to a cracked screen.

It wasn’t until later in the evening that I logged into my main character on Rowsdower, Scree, that I realized something was amiss. First off, my character wasn’t where I’d normally go. I was in the middle of a camp in Grimvault. Then I noticed my gold read out looked weird. Instead of 4 currencies, I only had 3. All of my plat on Scree was gone. I had about 5. Not a huge loss I suppose in the scope of things. Then I opened my inventory. All of my bags were empty.

Thankfully whoever compromised my account didn’t delete my primary healing set.

That was nice of them.

All of my gathered materials were sold off; I found one or two mails from the commodity broker still containing money, but it wasn’t significant.

The most damning part of the experience, however, was the fact they spent my Elder Gems; 120 or about a weeks worth. Guess what they spent it on?

Scree is both a miner and a survivalist. They bought the expert version of these tools. Probably to help them bot off of my character. Awesome.

So the actual damage to my account was minimal. The moron who hacked into it didn’t bother to look at my level 17 alt…. who by the way… had over 80 plat in her inventory. I laughed at my good fortune because losing my nest egg would have been too much to bear.  They also ignored the 2 Credd in my inventory which could have easily been sold for a further 5-10 plat on the Credd market instantly. Basically this was a botched job right from the get go.

The point of this adventure down oh shit lane is to highlight that even someone like myself who doesn’t visit illegitimate websites can still be hacked. I have a feeling they targeted me right after my last post (which is funny because I name the character in the title thats making the money…). Regardless you can be assured that 2 form factor authentication is now securely installed on both my google accounts and WildStar.

Do not think you are safe. I know I always did. It nearly cost me two months worth of work.

On a side note; I submitted a ticket reporting a bot about a month ago and just got a resolved email yesterday. I am not holding my breath in terms of having my account restored. While its a minor set back in the scope of things for me, I’d still like to know someone got caught from this experience. I’ll update this as I get more feedback from Carbine.

#wildstar #hacked

9 thoughts on “The Hacking of WildStar

  1. wow.. that kinda sucks but could have been a lot worse.

    Idon’t know if I’ve been lucky or not but it’s never happened to me as yet and I rarely use authenticators and pretty much the same password for every game. Only recently started changing it around although, my memories poor and that involves me changing passwords for certain places every couple of weeks.

  2. Ugh! Really sorry to hear that this happened! :(

    Don’t feel bad — I actually had my Diablo III account hacked in the same way. Luckily, my characters weren’t very high leveled, there wasn’t much to steal, and they didn’t touch my low level alt, who was carrying most of my cool stuff like a good mule.

    I was stunned — it was a “I never thought it would happen to me” thing. Blizz rolled my account back but gave me a red mark because I wasn’t using an authenticator. It was likely because my Blizz account was really, really old, and still using a password that I used on old Diablo II forums or something.

    I learned a lesson from that and my bruised pride. If there’s a second layer of protection in a game, like you said, use it. I always have ever since then.

  3. Ouch. I had that happen in world of warcraft and it was not fun. I really hate the two-factor authentication in wildstar because it requires a phone and my phone is unreliable. I wish they had a physical authenticator option (like I have for wow and swtor).

  4. It’s usually brute force in these situations. I’ve had to start using a “password book” so I can actually remember which passwords I use for which accounts. So much hassle but hacking is such a very real threat and happens to the best of us you can never be too careful.

  5. Ouch… I’m thankful I have a decent password and 2-step authenticator never leaves my account. As much as I hate this particular authentication system due to its’ fiddliness, at the very least I feel comfortable with the added security it brings with the randomised numbers that you have to click, not type. Here’s to hoping they don’t find a way past it, and your ticket is seen to quickly. Thank god they didn’t find your nest egg!

    • The worst part is the not knowing how you got compromised. Did they install something on my PC? I’m pretty tech savvy and know how to avoid that. I’m curious if this was just a brute-force password attack on the login server with my email address. I just don’t know.

      As a result I’m more paranoid about every account I have for every service. Its just too much to worry about in this digital age.

Leave a Reply

Your email address will not be published. Required fields are marked *