MMORPG Developers Warned of Security Risks

phantomfive writes "According to an article on ZDNet, hackers are now targeting players of MMORPGs (mainly WOW), stealing their passwords, then selling their gold/equipment for money in the real world. Microsoft security development engineer Dave Weinstein warned developers of the new dangers their titles face at the company's annual Gamefest event." From the article: "Online game accounts are already on sale in the black market next to stolen credit card accounts, fraudulent passports, fake work papers and other illegal items gathered by identity theft. In fact, some game accounts can be worth up to $10,000. 'For a lot of the customers out there, there is more store value on their MMO characters than there is on the credit card with which they pay for the account,' said Weinstein."

Good practices

[andrewman327]

As with all of these hacks, the key is vigilence. I know that Runescape has an optional banking PIN number that has to be selected by clicking on randomly positioned numbers. I know that screengrabbers can still read it, but it is a good step. Change your password often, especially if you game from public computers. Even reputable Internet cafes can have a malicious user who installed a small hardware keylogger a few hours ago to steal passwords.

I have read many tales on gaming forums of "I gave my password to person X for this reason and now 300 people have it." Do not give your password or other information to anyone for any reason. Report players who try to get it from you to the appropriate authority. Also avoid websites that offer training or any other gimmick that requires account info. I know that identity theft (real or virtual) is impossible to prevent 100% but common sense steps can make it much more difficult.

Re:That's a Lot of Cash

[PFI_Optix]

I can't imagine someone paying hundreds of thousands of dollars for a single item of sports memorabilia, but it has happened. Is it really so far-fetched to suggest that there exist at least a handful of people with too much money who are willing to spend that money on having more than anyone else does on WoW?

For that matter, given the current state of society, should we even act surprised? These are the same rich kids who spend thousands of dollars a year to have the fastest computer on the block, the latest iPod and accessories (even though four perfectly good iPods are sitting in a desk drawer somewhere), and whatever else they perceive as a must-have status symbol.

Re:Value is in the eye of the beholder

[ichigo+2.0]

If that was really true, MMO's would let users pay their monthly fees with virtual gold.

Read the quote you copied again. Some of the customers value their MMO characters more. If a customer values rocks more than dollars, does it mean Dell will sell him an laptop for rocks? Of course not. To a MMO customer virtual gold is a limited commodity, and involves grinding and work to create. To Blizzard virtual gold has no value, as they can create it in unlimited amounts with a press of a button.

PEBCAK

[spyrochaete]

I've played a few MMORPGs (WoW, Guild Wars, Anarchy Online) and I've only seen one kind of keylogger exploit - the kind you install yourself. People shout in-game "Visit www.guildcheats.com for Guild Wars god mode!" and the like. It's just a case of the greedy preying on the greedy. Circle of life. If your account is stolen it's 99.9% likely that it's your own fault.

Even so, in the case of Guild Wars, which has given me better support than any piece of software in my whole life, I go out of my way to report these instances with screenshots or URLs when I find supposed cheats in torrents. The sanctity of the game is at stake when unscrupulous parties try to hijack others' accounts and lewt.