Maczuga

No, Elysium stuff won't give it back. That's normal - too many cases, that would take too much time to restore anyone characters. The point of this thread is to get answers for some important questions about security, because if our passwords are not encrypted in database, then we might have huge security issues if we are using same authentication details on other services. So even with 2FA auth, we are not really safe, because if we use the same password elsewhere then this is huge security issue.

Good to know, yet I don't think this might be the case in my situation. I wasn't playing WoW on private servers for last 3-4 years, I came here from retail before start of 7.1.5. Let's wait for some statement from staff member.

So you are posting the same stuff under every thread about hacking? And you claim that if someone stores your password as plain text is ok? I didn't even ask about any account/character restore. I'm not asking wasting anyone time, just asking the right questions, that needs to be answered, because all of those account hacking seems to be easy. Also if hackers were guessing those passwords - tell me how lucky they were when they were guessing 12-char password mixed with characters and digits? It's highly unlikely, unless you have a solid source of all account passwords, because encryption of single account password would take days, because of hash that WoW is using for authentication (as I said - MD5(username:login)), yet we have a lot of accounts hacked. More of this - how does hacker know the account name? Trust me - Elysium stuff either have a huge leak in account database, or had a mole all the time. So it's not only a password issue. You have to guess BOTH account name AND password.

Hello, I've got my account hacked like 2-3 hours ago (last time i checked at 10 AM UTC it was just fine). It's partialy my fault - I didn't have the 2 factor auth, but I'll get my gear back. Yet something is fishy here. As you can see - accounts are beign hacked in waves, mostly at the same times. It takes some time for people to get users passwords. As far as I remember WoW is using this way to crypt passwords MD5(username:password), so bypassing by password really takes some time. Also passwords aren't case-sensitive in WoW which makes it easier, but still it should be hard to guess. 1. Why Elysium isn't locking the account/IP after X unsuccessful attempts? This would decrease the potential amount of hacked accounts if passwords are being guessed by hackers. 2. If you are storing our password as a plain text in database - please STOP! I bet this is the case, because the amount of hacked accounts DAILY is huge. Also you should really provide some proves, that you are keeping our passwords safe! PS: Even a simple notification on email after an unsuccessful attempt would be a great thing to protect our accounts!