Posted by Daeity On Saturday, July 10, 2010
I received some really good feedback from the Reddit community from my post there. Here were the strongest arguments available and I'll go through each of them:
- There is no increase in hacking of WoW accounts. Here's your tinfoil hat.
- Blizzard is required by federal and state law to notify everyone of any such breach. Since there has been no notifications, no breaches have occurred.
- Blizzard's systems are foolproof, it's impossible to compromise their database. They have layers and layers of security.
- Blizzard does not employ fraud specialists or fraud managers: "I see a blog hosted on a free site with one post that seems to be trying to make some kind of conspiracy theory about Blizzard recently having a job listing up for a "fraud manager".
Argument #1: There is no increase in hacking.
I haven't been able to find any official and clear announcements that confirm that there is no increase in hacking incidents. (Not that there ever will be any official statements from Blizzard.)
However, there are a lot of users claiming that Blizzard has confirmed multiple times that there has been no increase. (See "Blizzard indoctrination".)
There are plenty of blue posts that redirect the issue however - e.g. "We take these matters seriously. Please check your own PC. etc. etc." All of the responses are in accordance with their internal company policy (ie, kept as ambiguous as possible so as not to confirm or deny anything.) For example, they're not saying for a fact your computer is infected with keyloggers, but you should check your security anyways. =]
Just like any good business, Blizzard maintains internal records of ongoing investigations and issues. There are internal statistics that would show hacking/fraud trends, but this information will never be released by Blizzard - it's private and confidential. Why would they release this information and hurt their reputation and business?
Fortunately, there are other methods of obtaining data and trends. Consider this, what's the first thing an average user does when their account has been hacked?
They probably call Blizzard, post on their forums, but definitely do a Google search for available solutions.
Blizzard support lines are down due to severe load and WoW Forum posts do indicate an upwards trend (and questioning of this trend) of account hacking over the past few months.
But let's see what the pinnacle of human-behavior-tracking (Google) has to say:
That's some spike in the number WoW accounts being hacked.. and coincidentally, all within the same timeframe as mentioned by users on the forums. Google Trends/Insight can provide a great wealth of information, and in this case, has shown significant growth (an explosion if you will) of compromised accounts within the past few months.
What could possibly account for this quantity of accounts being compromised simultaneously, when there has been increased education and security of user's PCs/accounts and yet no changes in account hacking trends?
To also show that the increase in hacked WoW accounts is not directly related to growth in subscription counts (ie, user base), here's a chart that shows total WoW subscriptions from 2004 to June 2010:
(Sources: IB Times, MMOGChart, WoW Trends)
As you can see, WoW hacking incidents have increased while subscription levels have actually decreased or remained steady.
Does this not confirm that there is actually an upwards trend in hacking activities?
- Total number of players is decreasing.
- Increased education of users (security, scams, etc.)
- Increased security measures and new detection tools.
- Total number of hacking incidents is increasing.
Note the frequency of Blizzard's announcements regarding their customer base. They used to make an announcement quite regularly with each surge, but it's completely stopped for over a year now.
Although the authenticator is not flawless (man-in-middle attacks), I would recommend that everyone get one. An added layer of authentication is highly valuable, and significantly increases the security of your account.
I received a comment from Ty (****email@example.com) who writes:
"My account was recently hacked for the first time, as well as a friend that had not played in months. When I called Blizz support, they did indicate that it may take some time to restore due to an increase in the volume of hacked accounts, recently."
So, there's another: Blizzard Support also states that there has been an increase in volume of hacked accounts.
In the original Reddit post, a user named "nattylife" even claimed that they worked for Blizzard and yet the individual has never heard of any security breaches within Blizzard. Really? There have been many breaches that have occurred in the past. These are just the ones that made it public and some news items Blizzard has issued C&D's for. And yet they've been completely oblivious to all of this? Does that mean that most Customer Support staff have no insight into Blizzard's internal security issues? It seems so, and I have also confirmed this from other sources.
Keep in mind, too, that a LOT of Blizzard's customer support is outsourced to call centers where information of his nature is unavailable.
Some of the feedback I received on Reddit (as you can see yourself) was a little disappointing. Unfortunately, this is a VERY COMMON issue on Reddit, where most users simply read the subject line and the first paragraph, and then say "WRONG!" without ever providing supporting evidence or research.