The worst possible thing to happen to a MMO player is getting their account hacked. All the work that you put in to your account can be gone and the process of getting your character and items back is a painful and long process. Companies of course take steps to protect customers like Blizzard’s Authenticator for World of Warcraft but recent events show that even these aren’t fool proof.
The Authenticator for WoW has a reputation for being hack proof and because of that a lot of people own one. Basically what it does is it gives you a set of random digits that you put in with your original password. So every time you log in to your WoW account you get an extra random password that only the owner of the Authenticator can know.
From what I know there hasn’t been a case of an account that used an Authenticator getting hacked but that changed today. There is a virus going around that can hack the World of Warfcraft Authenticator. The virus intercepts the Authenticator code when you log into WoW and sends Blizzard a wrong one (which is why you can’t log in since you will get a “Wrong info” error) and then the people behind the virus have a few minutes to log into your account with the real Authenticator code. A Blizzard employee said this about the recently hacked WoW accounts that used Authenticators.
So the Authenticator is not a fail safe way to keep accounts safe but it is still a very good investment. If you want to check to see if you have the virus just search for the file “emcor.dll” on your computer. If you have it then your account most likely has already been hacked.
Tools like the Authenticator can only do so much. It is really unfortunate that people are getting hacked even with this security measure but it all comes down to the user. Safe browsing habits, a good anti-virus, common sense (against phishers) and things like an Authenticator can make your account virtually hack proof.
All the comments I’ve seen have the same issue! My self also haves the same issue with the Authenticator code on my account, which I never bought or had bought one before! The first thing you need to do is contact Blizzard (US) or Blizzard (EU), it will take up to three weeks for them to fix it…
I went to log in to play wow today and it asked me for an authenticator code and I’ve never purchased an authenticator. I went to wowheroes.com and all of my toons have been cleaned out. I refuse to start over and may again play WOW when Blizzard finds a way to outsmart these hackers.
I’m just gonna quit playing WOW. What’s the point of starting all over and having this happen again. What am I gonna do with all my free time?
I agree….same with my account. All of a sudden an authenticator shows up on the account. The account password or e-mail not changed, because those can be tracked to an IP address. Something wrong with the authenticators imho.
this is the 3rd time my account has been hacked!!blizzard makes some much money, i dont understand why our wow account is so easily hacked..they need to out smart these hackers
There is more to this than Blizzard is admitting. My account was apparently hacked — I got banned for sending spam email to people which I know I didn’t do. I run a clean machine, every patch up to date on 64-bit Vista (which is a lot tougher to infect than 32 bit if you leave all the administrator controls on). But just to be sure I hadn’t somehow slipped up in my old age, I ran multiple anti-virus product scans, spyware tools, and even root-kit detectors like GMER. I scanned everything. Multiple times. The machine is perfectly clean.
I didn’t visit any phishing sites, or use my email to log in to any other WoW site other than Blizzard’s own BattleNET forums and their WoW Armory. Still, I got hacked.
So you tell me — how did someone get my password? Methinks it’s about time they started looking at their own forum security because I am not the only person making this claim. Even the so-called “Authenticator” you can buy from them for $6.50 has now been hacked. The problem is completely out of control (customer service is so backed up you can’t even get through anymore) and they just keep blaming it on the users. And most of you keep buying their story and blaming it on user error. That’s the oldest developer trick in the book — it’s uh…user error…yeah.
Want to do some investigative journalism here at MMO Crunch? I suggest you set up 20 new accounts on crystal clean machines and keep them in a controlled environment. Log onto the Official Forums, the game and Armory daily, but don’t do anything else with those boxes. I bet you at least one of the accounts gets hacked within two weeks.
Then perhaps you will start to believe us.
Not only did I have an authenticaor put on my account and my shit all gone but the keylogger gave me a virus that ate my whole operating system….. wow hackers are becoming worse….
I started a new account on Wendnesday and I have been hacked already. I only have a lvl 14 priest on the account! I’m required to input an authenticator code which I didn’t even knew existed before this… It’s been literally 3 days and it’s been hacked!! I’m glad it happened so soon and I didn’t invest too much money/time into this account. No more WoW for me… maybe I’ll try a private server…
I WUZ HACKED IT IZ BLIZ FAULT
Grow up you damn children… they’re on your side.
“They should be able to outsmart them”
You know what, that’s stupid. It’s been years and they can’t even stop music piracy, you think there’s a magic bullet for this? Invent it, sell it to them.
Fact of the matter is that they’re some creative fucks, and the auth was blizz’s counter to the general phishing bullshit that people fall for. I wouldn’t doubt that they’ll counter this in some way if it becomes common.
But the general whining feeling of entitlement that I’m seeing from you butt-hurt children is disgusting and you should be ashamed. yeah, you got hacked, but Blizz didn’t hack your shit and give out your password… some douchebag gold-farmer did. Direct your little pissy fit toward the problem, not the people who are trying to help.
Fucking modern culture… ‘baw, something went wrong so I should be treated special’
I agree with dig on his comment. I also want to add that if your account has been hacked and you have the authenticator then most likely you gave out your authenticator to someone else. I’ve been playing a very long time and honestly out of all the times I’ve used my authenticator (which is on my iPhone) I have not once had a problem. For those who complain about authenticator codes newly on thier accounts I sympathize but also recommend getting an authenticator to avoid that from happening. Lastly a lot of emails have been sent to account emails about being banned for spamming and other suck nonsense. They’re fake even though they look real. The most obvious sign is bad spelling or sentences that sound unproffesional. I guarantee you go on your account and play you will notice there is no problems. They’re trying to get info from you by asking for account information. I cannot express enough times that blizzard does not need your password. I have recieved these emails as well.
Well I just got hacked. after 5years of playing this game. I was a little shocked. All my money was taken. any items that could be sold for money sold. I changed the password on my account after it was changed.. I know my system is clean. Im a little shocked that it happen. I am and always have been maticulous in browseing websites. Not sure how or why it happened but. Oh wells I was just waiting for my prepaid account time to expire before stopping for good. However since my wow password is the same as my battle.net password its an issue since I would like to play Sc2 and other games that are tied into that account. its sad that the authenticator which i was thinking of getting to place on my battle.net to make it safe now is reported as being crackable. Some
I returned from Lisbon and had a message regarding my account being suspended for three hours due to unauthorized activity. Needless to say, this wasn’t me so I tried to log on to see what happened. But I can’t because it wants an Authenticator code, and I never applied for one. I emailed WoW and got a response that they would get back to me but that it might take several days. This is it for me for WoW, time to try Red Dead Redemption.
the exact same thing just happened to me Brooklyn Bar Man! I’ve never used an authenticator, also run a clean machine, and have been playing wow since it was first released without ever being hacked before. This is simply ridiculous.
Same thing happened to me. I was asked to enter an authenticator code which I never applied to my account. THink I got hacked using a fake wow armory website. Sent an email yesterday to Blizzard, of coure I haven’t got a reply yet. If Blizzard was a Bank or a credit card company their security service would be a running gag.
Maybe I’ll be able to play again before Christmas.
Funny how the authenticator has become hacker’s best friend.
Anyone knows how long it takes to Blizzard to remove the hacker installed authenticator?
I keep getting emails saying i’ve done something wrong in WoW but thing is i havent been on since school was let out i dont have the file on my computer or say ive searched but my computer has a virus that causes many issues like it wont even turn on or it will crash with even the slightest movement really annoying (this is my 3rd attempt to write this using my computer)
Oh and another thing why do these hackers want to hack us so badly if they keep it up they wont have any people to sell their farmed gold to since everyone will most likely quit
Rikki, you don’t know what you’re talking about did you even read what people say when you said “i recomend everyone gets authenticator” why i would waste my money on getting one (i don’t have iphone) when people just reported it’s crackable. 2) No, the emails we got were not spam, it’s for real, we been banned for 3 days and our stuff was stolen.
And Dig, are you an idiot? How can you compare music piracy to hacking account? Nobody can stop you from making a copy of a music, but preventing hackers from stealing your account that should a be job done by a company that earns 165 million dollars every month (11 million users x 15 bucks a month) Next time your real bank account gets hacked, i’ll see what tune you’re going to sing next.
this article or what it would be called is not for u who is hacked WITHOUT the authenticator… it is easly done when u do not have an authenticator… i was hacked and my dad said that i should have an authenticator and i have never been hacked since… all u got to do to not getting hacked is:get an authenticator(buhu 6$ buhu… comeon) and:only read mails that ends on @blizzard.com
and dont download anything like wowkeygen or wowhack or anything like that it is all virus… virus, virus and again it is just pure virus.
A good idea would be download some good virus software. I deal with these problems all the time and the ones we use at my shop are, Avast, Malwarebytes and Spywaredoctor. Also Ccleaner is a good idea for keeping your computer running. These are almost all freeware except for spyware doctor which you can easily find a cracked version for. Please start using some protection people.
I got hacked and some one put a code onto my account and i dont know how to get the code so if u could tell me what to do i will be very greatfull
Well i’ve recently been hacked luckily I got my account back but only with 2 accounts… My main and another account so i’m still grateful I have my main but they deleted all the others and then they made around 33 taurens 1 human and 1 orc to spam 3rd party services….. The reason it happened was because my friend got key logged and I played at his house and my other friend got hacked and put an authenticator on his account but I was lucky they didn’t put one on mine. $6 is totally worth it for the authenticator or download an app on the iphone/itouch GET THE AUTHENTICATOR!
hi yeah this is the 2nd time mines been hacked and its really anoying as soon as i make another account that one has bee nhacked to and i keep having to repay the boxes so they should do something about that like a code that can only be used for that computer instead of binded to your account :S
see i got this problem solved once .. all you have to do is call blizzard .. ” u can call them for FREE using skype” waiting time is actually long .. took me about 1 hour 20 minutes
costumer support will help remove it directly when u give them the answer to your secret question and Classic wow CD key
might be something else .. but it’s just general info :)
———————–
but then i applied my OWN authenticator again logged in was doing icc 25 … all of a sudden i got Dced then i tried logging back again using my authenticator code and password .. it didn’t work :s and i dont even have the encor.dll thing .. anyone had this happening?
The clean machine test has been tried, and failed (or succeeded depending on your viewpoint). They got hacked. It’s a problem with Blizzard’s own security. There are people who have disabled their accounts and haven’t logged in or typed their passwords for 8 or 9 months that have gotten hacked recently.
which isn’t to say run wild giving away your password and downloading viruses. you can still get hacked the old fashion way by being an idiot. but for those of you feeling like you’ve done everything right… you probably did. Sorry :/
buy a mac. problem solved. i have been running on my osx for 2 years now, not a single virus ( and i visit some sites that would give a vista system a virus guaranteed ;)) i have been playing wow on this laptop for two years now and ive never had this problem. i have been sent e-mails from some blizzard impersonators before requesting that i “change my account information” or i have “violated the terms of use, and urgent action is required”, along with these messages would be a link for me to click, for example, a link like : http://www.usa.battle.net (pulled that out of my head) would be attatched. i did enter those sites, and my opperating system always told me ( on three occasions ) “that the website you are trying to view has been flagged as a PHISHING website, a report has been sent” and it would navigate me back to my e-mail where i would delete the messages. all im trying to say is, don’t fall for these tricks, and unless you running a mac (or a windows with government type security) don’t look at… well…. you know… those kinds of websites. trust me, i used to have a windows with norton security, it was loaded with trojans and keyloggers in a matter of months.
I haven’t played WoW in months. I use a Mac. I’ve used only Google Chrome since it came out, with all the alerts in place for suspicious sites. I played WoW for five years without ever getting hacked. No viruses or trojans, always behind a firewall on a network protected with an absurdly secure password — I can’t even memorize it, we have to keep it written down and hidden in a locked drawer. The password on my account is very strong.
Today, I got e-mails from Blizz saying my password had been changed. I was dubious so I didn’t click anything and manually opened my browser and went to the account page myself. Yup, hacked… but how in the world?
I don’t know if it’s Blizz’s security itself that’s bad because I haven’t posted to the WoW forums in years; if it is Blizz, that means that the leak is not as clearcut as posting on the forums. I am skeptical that it is Blizz’s security, though; I’d like to hear more about the test Kim mentioned before I’m convinced. It would certainly make me feel like less of a fuck up to know it’s Blizz.
What I do wonder, however, is if some old WoW forum or website got hacked. Why? Because back when I started playing, your account name was not the same as your e-mail — it was just a word/name you made up. When I registered for WoW websites I didn’t think much of using my usual e-mail/password combo because it wouldn’t be connected to my account in any way. But after the Battle.net change, your e-mail address became your account handle, which suddenly makes the registration info I put into websites years ago a way to hack into my account. Plus, if that’s the case, it wouldn’t matter that I hadn’t played for months; the info is still lying dormant stored in those old website databases. I wouldn’t had to type it in months.
That, to me, seems more likely than Blizz not keeping their account info secure enough.
Granted, using the same e-mail/password combo for many sites is sloppy and I take responsibility for that — I’m not trying to blame anyone, but that is the weak point (at least for me) and where I would start looking to find the source of the hacking. I have a very strong password that no one could ever *guess* and that gave me a false sense of security — but if someone got access to a whole database of e-mails and passwords, it doesn’t matter how hard the passwords are to guess because they don’t *have* to guess. The passwords are just right there — maybe encrypted, not that it matters too much at that point. I’m sure some other people might be in the same boat: super-vigilant about websites and trojans, never signed up for a website with what was their WoW account info *at the time,* always made sure their password was really strong… but are a bit lax about using the same e-mail/password log-in for everything.
So, what sites could be the source of this? I don’t want to alarm anyone or point fingers, but we should share what sites we’ve registered for. Since it’s been so long since I looked at WoW stuff, the only two things I can come up with are:
Curse
Elitist Jerks
And maybe wowinterface.com; I can’t recall if I ever registered, but it seems plausible. I can say with some confidence I’ve never registered for any of the other popular off-site WoW forums or blogs.
Anyone else want to help me see if we can narrow it down? Note that you don’t necessarily have to use your e-mail to log-in to a site, you just have to give them the e-mail at some point in the registration process, and then have used the same password you used for your WoW account.
for the authenticator…. use a soft keyboard… yes thats right a keyboard that you have to click and it scrambles the numbers every time you click… like on maple story
only reason why the hackers are getting your authenticator is because you’re typing it out.
When the window pops up for the auth. it triggers the virus or “key logger” as some would like to say it records your key strokes and sends them back to the originator of the virus and gives you the error message.
so, use the soft keyboard Microsoft gives you while running wow in windowed mode for that short amt. of time until blizz gets smart and puts their own soft keyboard in the wow program
i have a authenticator and now it is not working and i cant log on
can you help me
Hacked… on a completely virus free computer…
Can’t believe it took a hacking to realize I should finally give up on WoW.
I’m not spending money on getting a new account and all those upgrades again.
its your f**king addons u cant trust most of them out there ive been hacked twice and all i did was download the explorer addon it could not be detected by virus scans but i found it by my self in the addon
well, my wow account was dead for about a month now and when i try to log in to add a time card, my battle net asks me for an authenticator which i did not but. my computer is completely clean too…
My character is hacked at this moment. I was suspended for 72 hours and they sent me a faq’s on blizzards website about antigold. this is the 2nd time I was hacked,, the first time was a gold seller, and the second time is probably.. a gold seller. So how did I get hacked?
1/ I have an auth – this auth NEVER leaves my house – I have no children – I do not account share. I’m not retarded enough to “give” someone my auth serial number.. or even codes.
2/ I have maybe, 5 websites I visit on a daily basis.. and if someone sends me a link.. im not going to go “OMG LINK! -click-!”
3/ I have never received a phishing email or any emails from “blizzard” telling me to visit their website, other then when I registered, and now telling me A) my password was changed and B) now im suspended.
4/ I do not have a file named emcore or emcor.dll on my machine
5/ Ran multiple scans with multiple AV’s and Spyware, nothing came back.
6/ My character was already logged in…I got kicked off, then my password was changed.
So what’s the deal?
Yeah i just got hacked a few minutes ago too, everything coincides with what cynthia said. I was kicked off and password changed as i was levelling druid
Ya so sure enough my account was hacked today. I have played for 5 years. I get stupid emails but never even open them. I have an authenticator. I run a clean machine. How does it happen?
/still on hold with blizzard atm
/sigh
If Blizz REALLY wanted to fix this problem without cost to the player, they could always add a VIRTUAL KEYBOARD on the login screen. Easy fix.. hook line, sinker.. DONE. A virtual keyboard with a password requirement of at least 2 caps, 2 numeric, 2 special characters and many other characters is nearly a foolproof line of defense against hackers.. I was hacked with a SQUEEKY clean machine. I ran spybot s&d, hitman pro, avg, norton, malwarebytes, stopzilla, TM security suite.. among others. No threats identified. Period. I run those every three days or EVERY single time I download ANY mod or update. No exceptions! I quit wow shortly before ICC came out. I was a hardcore raider, having Ulda on farm and many of the bosses down HM. Anyhow, I did not touch my account since that time. 3 months later, it was hacked. It took blizz 4 months to repair the issue.. the hacker did a back-charge to retrieve his/her money spent durring the hacked time. Blizz footed me the bill for 6 accounts being hacked for 7 months at $15 a peice. I ended up paying to get my accounts returned and re-secured in case I desired to come back durring cata. A couple months later, the entire process repeated it’s self and blizz is footing me another bill!
Long story short, here is an EXAMPLE of my email and pw (After the first time entered, my PW was placed on a word doccument along with the email addy.. to log in, they were copied and pasted into the login info tabs)
EXAMPLE EMAIL:
B!gS(urRyd3wd931@whatevea.com
EXAMPLE PW:
H3!!oJeLl031ILike
I think it has something to do with blizz’s security.. I haven’t logged into the account since quitting EXCEPT to re-secure it.. and I resecured it on a BRAND NEW out of the box laptop from ibuypower. Only items i installed were the antivirus and spyware protectors and registry cleaners for future use.. all were dl’ed at cnet.
This issue has been getting worse since the battle.net has been out and everyone having to use it for their account info. I’m not taking blame for viruses, spyware, addons, etc. This is a blizzard problem and not 100% player. They really need to get their crap together. As of next month when my game time runs out I’m quitting for good unless they start to get a handle on this situation.
I think the authenticator is worth every penny… my friend irl said that if you have an advanced keylogger and you have logged in 50 times with the authentiacator it would be cracked thats only if you have an advanced keylogger now i have been hacked 4 times 3 of those times were keylogged and i learned my lesson 1 of those times were just random. every time i got hacked i called blizz (1-800-592-5499) and i got my account back but im sure if u have the authenticator its a 99.9% chance that you wont get hacked and it’s a .1% chance that you will.
my acct was hacked after 4 years. Thing is we caugt it within 2 weeks of them doing it. 23 minutes on hold with bliz, a username and password change, mail sent to in game gms authenticaor they put on removed AND Me being allowed to retrieve all my stuff…. Priceless. Blizz is there and will help. Yes it’s a pain in the butt to be on hold and have to wait but seriously..it only took like an hour before the guild crap was restored apology letters were out and my acct fully restored. See my acct had been frozen in jan 2010 and they just got it on sept 4th. I hadn’t used it in months nor had I used any sites. Thankfully a RL frend called n told me my toons were online and getting achievements and well to the hacker thx for the core hound pup and the gold you helped me make. Hope you enjoy a dead authenticator. :)
there are 2 ways you get hacked, either by malware (virus/keylogger) or by brute forcing your password.
the latter is easy to avoid with an authenticator, seeing as even the best passwords can be guessed given enough time.
the former is easy to avoid if even a little care is taken while browsing. don’t go to sites you don’t know anything about, if you are suspicious (and you should be most of the time) google it and see if its a malicious site.
and don’t go to a single site you ever see posted in-game. 99% it will be a keylogger
anyone with half a brain doesn’t get hacked. end of
even if you do get hacked it takes a week at most to get your stuff back, no big deal
With everyone claiming a clean computer perhaps the issue is a server along the way? Perhaps your computer is clean, is your ISP?
lets see , if u have an authenticator then the only way for u to get hacked is by a mate going on ur acc and disabling ur authenticator probs ?
but everyone that complains about getting hacked etc. ive been hacked twice . both times i got everything back because i reported it to bliz with full evidence that its my account etc .
the only way for hackers to get ur username or email is if u bought wow gold or plvl or something like that .
easiest way to prevent it is get an authenticator . keep it with u at all times , dont let anyone else go onto ur account , DONT buy wow gold ! , play clean and follow bliz rules and u wont get hacked again .
Maybe i’m missing something. That isn’t exactly an authenticator failure, that’s a failure of WoW-players to secure their machines. In truth, a lot of people don’t bother themselves to secure their machines.
That last poster is also correct, buying gold is stupid and gives away your security. As well, this trend of everyone having each others password is baby-crap too, don’t give out your info to anyone ever, and it wont happen. Their is only ONE time I was ever hacked and that was the first week I had ever played WoW; I gave someone I trusted my info, and what I ended up with was a hacked account.
The majority of all people who get their accounts stolen are because of key loggers. A virus scanner is no guarantee that you are protected. They can even slip through firewalls. No guarantee’s that anti-spyware will catch them either. These little buggers can be hid in very good places.
Key loggers can read anything you copy to clip board example (Ctrl + C), they can take screen shots, track your mouse clicks, access your web-cams. Some can even record sounds too. Virtual key boards can also be tracked. Just need to take a screen shot every time the mouse is clicked.
For people blaming blizzard. If wow servers were being hacked, they would want to fix that fast. Don’t you think that blizzard wants to protect their multimillion dolor investments? They probably use just as much protection as government servers.
A cool little add on for Firefox is called WOT. Get it! People have rated most web pages and will even leave comments. Avoid all the pages that have red circles next to them.
Check this one out:
So things in my life had got a little bumpy, and I decided to let my world of warcraft account expire. In February my account fully expired, and the game was turned off.
For 4 full months my account sat dormant without problems.
Then one day in June I received a call from a friend that still played and he was asking when I gotten back into the game?
I told him I hadn’t, and that I had no plans till the new expansion came out. I explained to him I was busy with my real life at the moment.
At that point he informed me that my character was running around the bank right in front of them.
I thought about it for a sec and got kind of happy. I knew I could just access my old account kick the hacker and regain control over my account for free.
I logged into wow got a bad password message than logged in to my account through the website and changed the password and downloaded the authenticator.
Next I logged back into WOW checked out the guild bank and my personal back and started chatting with old friends!!!!
Awesome, free games are more fun than paid for ones!
I Started thinking about the series of events that just occurred, and was relishing in the thought that I was now able to play WOW for free on some hackers dime!
But the party was short lived. The more I thought about it the more it didn’t make sense.
One of two things had to have happened for someone to get my account info and reinstate it the way they did.
Either someone had hacked my account long before that day, and never acted on it. Or someone inside Blizzard was reinstating old accounts for personal gain.
I figured the latter reason was pretty farfetched but not impossible.
The story gets stranger.
Next, Blizzard started sending me e-mails, and lots of them.
So many, that I started getting suspicious about whether they were real.
These emails where absolutely real looking.
There was no difference between them, and the ones that where a direct responses that I have received in the past from Blizzard.
Mostly these e-mails where asking me to take a quality survey, inquiries about account activity etc.
Well I never responded to them, but it didn’t take long for Blizzard to turn off my account.
I guess they figured out what the hackers had done, realized that I didn’t pay them for the time on the account, or perhaps even someone used a scroll of resurrection “Bring an old player back” offer to open the account.
Either way, the account was off again and that’s where I left it for several months.
So flash forward 3 months to now.
I recently read that the expansion will be coming out this Christmas, and I am in place in my life where I have the time to play again.
I go to log into my account again and cant.
Wrong information it says.
I contacted Blizzard and waited the traditional 45 minutes to talk to a rep.
The guy there listens to my little story and he says “no problem” will get you patched up.
“Use this temp link to reactivate your account and have a nice day”. That was painless minus the 45 minutes on hold.
Used the link, changed the password and waaaala! you have entered the wrong information.
OK maybe I did it wrong. Changed the password again, plugged in the authenticator code and still nothing.
At this point I have tried everything.
I have changed my password numerous times, contacted customer support several times, only to be told that there is nothing on their end stopping me from logging into my account.
I am at my wits end now.
I am starting to feel like maybe I am not supposed to play WOW anymore.
If anyone has any suggestions on what I could possibly try to fix this I would appreciate it.
After talking to the Blizzard representative I am pretty discouraged.
He pretty much told me that Blizzard has lost the battle in controlling the email situation.
He said the hackers can emulate anything they do and I quote “Don’t trust any E-mail period”.
He told me that the best thing I can do is just call them to deal with the problem.
Now I think I understand why they call it WOW!
Have you guys not realized Blizzard does it for the money.
i bet you the hackers are them.
forcing you to buy that stupid little authenticator.
quick 5$ profit to their name, at 12million users that a shit load of cash :)
what they need to do is remove the desire to hack instead of focusing on making the actual process harder.
Disallowing prepaid visas would be a good start, this would keep hackers from easily being able to transfer your toons from server to server to pawn off your things while you sleep and be untraceable. Because this is what they are doing when they get into your account. Make this impossible and a lot of it will stop. The amount of people being hacked SKY rocketed when those type of prepaid gift cards were introduced to store shelves, dont bleave me? do the research it is proven, and not just for wow for lots of online games with similar capabilities.
The Most determined could still use stolen creditcards but then the FBI gets invloved and they face serious jailtime above and beyond what they are contending with using the prepaid card method.
It would immediatly reduce the number of hacked accounts, because the risk wouldnt be worth it to as many hackers out there/
ALSO worldofwarcraft.com COULD sell gold to users! this im sure will never happen but it would imediatly wipe out the gold farming comunitiy.
Get a mac.