Page 1 of 1
Bugtracker Insecure?
Posted:
Tue Mar 15, 2016 11:37 pm
by Terboh
Hey guys, I've been playing for probably close to a year now, just put in my first bug ticket on your tracker about two weeks or so ago. Just today I noticed that my 60 warrior was naked as I was logging in to my alt. Went back and found that he had all of his equipment sold (Mostly pre-bis and the AV epics) and all of his gold (~150ish probably? it had been a while) was gone. The only thing I've done differently as of late is use the bug tracker, which Chrome showed was insecure before I went in. Seeing as that was the only way available to report bugs, I figured it would have to be safe, but it sure doesn't seem like it.
I don't really post anything related to this game anywhere, this is only my second post on these forums, and it was a somewhat complex password that would be hard to brute force, leading me to believe it's a vulnerability in your tracker.
I'm not looking for a handout or my gear back or anything, as I know you guys just don't have the time to handle these things on a case-by-case basis, but I feel like you should at least look into the security of the site used for the bugtracker.
Edit: In the event of any investigation, Character name is same as forum name (Terboh)
Re: Bugtracker Insecure?
Posted:
Wed Mar 16, 2016 1:33 am
by Dumptruçk
Post the realm you're on also.
If I had to guess it could possibly be malware on your computer or you used the same login information on other websites which led to your account being compromised.
Re: Bugtracker Insecure?
Posted:
Wed Mar 16, 2016 1:51 am
by SizzlMyNizzl
edited
Re: Bugtracker Insecure?
Posted:
Wed Mar 16, 2016 5:20 am
by Diametra
As a theory, that works well I'd think. Some were wondering about the type of person that has been targeted. People that have been around awhile. They've amassed lots of gold and gear. That's just the kind of person that would use the tracker. Someone with a vested interest. Hmmmm, it's interesting for sure.
I'd also have to say, I might be inclined to use one of my toon names there to keep things relative. However, when i got the warning that it was insecure, I picked a name and pasword that had no connection to anything.
Re: Bugtracker Insecure?
Posted:
Wed Mar 16, 2016 8:55 pm
by Terboh
Dumptruçk wrote:Post the realm you're on also.
If I had to guess it could possibly be malware on your computer or you used the same login information on other websites which led to your account being compromised.
This is on the PvP Realm. I doubt it's a form of malware seeing as the current large group of people all had it happen around the same time. I've been using the same (Nost approved) mods pretty much since I started on here, and I can't imagine getting a keylogger specific to Nost from somewhere unrelated. Either way I run several antivirus programs once a week on a schedule.
Re: Bugtracker Insecure?
Posted:
Wed Mar 16, 2016 9:16 pm
by Dumptruçk
Terboh wrote:Dumptruçk wrote:Post the realm you're on also.
If I had to guess it could possibly be malware on your computer or you used the same login information on other websites which led to your account being compromised.
This is on the PvP Realm. I doubt it's a form of malware seeing as the current large group of people all had it happen around the same time. I've been using the same (Nost approved) mods pretty much since I started on here, and I can't imagine getting a keylogger specific to Nost from somewhere unrelated. Either way I run several antivirus programs once a week on a schedule.
Anit-viruses only scan for signatures that they have in their database meaning that if it's custom malware that is new it might not be in the database yet. I'd be careful what you download.
Re: Bugtracker Insecure?
Posted:
Thu Mar 17, 2016 3:06 am
by Terboh
Oh I'm definitely careful about it, I only use addons from Nost's official database. What I was getting at is that I don't see a way to get a virus where someone would be going for my Nost account on something unrelated to this server. Pretty much the only sites I go to related to this server are here, the subreddit, and db.vanillagaming, where I have never logged in.
Re: Bugtracker Insecure?
Posted:
Sat Mar 19, 2016 2:36 am
by Terboh
Aaaand now I'm banned. Guess I might be back when TBC opens, but it's not worth it to start over. Thanks for the fun while it lasted guys.