That's A Lot Of Paladins

Posted on May 27, 2010 by Scott Jennings| 14 Comments

Symantec: 44 million MMO accounts stolen

We recently analyzed a new sample submitted to Symantec and came across a server hosting the credentials of 44 million stolen gaming accounts. What was interesting about this threat wasn’t just the sheer number of stolen accounts, but that the accounts were being validated by a Trojan distributed to compromised computers. Symantec detects this threat as Trojan.Loginck.

This particular database server we uncovered seems very much to be the heart of the operation—part of a distributed password checker aimed at Chinese gaming websites. The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games. In both cases the accounts contained in the database have been obtained from other sources, most likely using malware with information-stealing capabilities, such as Infostealer.Gampass.

The article goes on to detail that while the vast majority of these accounts were targeting a Taiwanese MMO company, the researchers discovered 210,000 World of Warcraft accounts, 60,000 Aion accounts, and 2 million PlayNC accounts (which can be used to gain access to Guild Wars, Aion, Lineage 2 and City of Heroes).

The vast majority of RMT fraud I deal with in my day job originates from accounts that are stolen in this manner, usually from China.

(Side note to Symantec: account sales through sites like PlayerAuctions are a TOS/EULA violation for both World of Warcraft and Aion.)

This entry was posted in Aion, Crime, Hax0rz, WoW. Bookmark the permalink.
  • http://www.mobhunter.com Steve Danuser

    I’m really tired of liberal sites like this which only focus on the negative aspects of account theft and credit card fraud.

  • http://crythau.blogspot.com Crwth

    I’m disappointed that Steve Danuser didn’t provide any examples of the positive aspects of account theft and credit card fraud to back up his comment.

  • Ges

    I think you lost me there, Steve. Are you trying to say that credit card theft is a good thing? To me that wouldn’t make much sense.

  • Matt Mihaly

    @Steve :)

  • http://tobolds.blogspot.com/ Tobold

    I’d guess Steve means “sites which automatically connect RMT with the negative aspects of account theft and credit card fraud”. It isn’t account theft which has possible positive aspects, but RMT which does.

  • Scott Jennings

    I’d guess Steve was being funny.

    It’s a good guess!

  • http://stabbedup.blogspot.com/ Stabs

    I’d guess that what Steve wanted to say and what he actually typed are not quite the same thing.

  • http://geldonsgaming.blogspot.com geldonyetich

    You like gold our company?  Install software!  Become special customer!  Careful, friend!  If get email account hacked, be sure login and change password.

  • Aufero

    Sarcasm apparently requires closed captioning for the humor impaired when used on the internets.

  • Freakazoid

    No, it’s steve. His sarcasm need more work than an MMO made by funcom.

  • http://www.antipwn.com/blog IainC

    Hmm, Stevee’s comment seemed pretty obviously sarcastic to me.
    More seriously how is wayi.com not running a Geordie MMO?

  • Blackblade

    Oddly enough, my WoW account was stolen in a very suspicious way.
    1) I never have used any RMT, Powerleveling Service, or visited any WoW-related sites that I didn’t immediately know or heard from someone about.
    2) They stole my account, but used another CC number to pay for it.. Which wasn’t mine, and was likely stolen.
    3) They didn’t change anything or sell anything, on my account or characters. The only thing they did was change the spec on my characters, use some of my tokens from the Argent Tournament to buy crappy DPS weapons and mounts, and farmed Eternal Fires. How do I know that’s what they did? When I finally got my account back, I was standing over a dead creature with loot still in it, with about 100 eternal fires . The guy must have LITERALLY just been on when the Blizzard rep killed the account to reset the password.

    4) This is where it gets really, really weird. The account was stolen after it had gone inactive for a week. I let it go when I was moving to a new house, so I didn’t know anything about it until 2 weeks later when I got an e-mail from a friend.

    Needless to say, password changes and authenticator purchases ensued.
    And incidentally, I gotta give Blizzard support props. They handled the whole situation like pros – Had to fax in a copy of my drivers license to prove it was my account, and once everything was verified, the support staff was quick to address any issues. They even let me know that since the account was likely on a stolen credit card for that months service, I could expect a charge back when I put my own credit card back in.

  • http://Chrome.blogspot.com Chrome

    Who hasn’t had their CC or account stolen?

  • Ges

    *shrug* Sorry, I did not see sarcasm in the comment. Thankfully it was not just lost on me, but also others. Protip: Steve, next time write more than one sentence. It drives your point home better. ;)