So after 2.5 years it has finally happened to me-I have just had my account hacked and idk how...Just a few days prior I had run a full system scan with AVG, spybot, and HJT and came up clean. This is the only site I get my addons from, I use the curse client to install (which I now hear is not a good idea-is that true?) and I use trusted addons...so how did this happen? More importantly: What do I look for in my addons that would keylog me (cuz there is NO way they fished me)- .exe and .jpgs I hear are suspect...what else?

Help me make this post a solid resource for those that are/have experienced hacked accounts to warn others and solve issues surrounding these dillemas.

The hack is not in your addons. You most likely clicked a bad link some time in the past. Most hackers wait a while before they steal your account. Get the Blizzard Authenticator:

http://www.blizzard.com/store/search.xml?q=authenticator

$6.50 US best investment you can make

editted added content

If sold out many available at ebay. Cost a bit more.

Working in the IT security world for a few years now.

Here is some hint on 'how to get hacked'.

#1: use Internet Explorer (Even when applying security patch)

#2: Use FREE AV solution to protect your 2,000$ PC with 1,000$ of software installed.  While they aren't all bad choice, you doesn't always get the same level of protection

#3: Don't maintain your flash player (and other plugin) -> This will allow someone using flash ads on random website to use security exploit to install crap on your computer

#4: Give your email to that guy selling stuff ingame, and clicking the link you will receive saying your account is hacked and you need to log on a website looking like blizzard one but is in fact a way to steal your password.

#5: Use the same user/password than on forum, it's a good way to get hacked by one or other admin or hacked forum.  (keep in mind that most PHPBB and other forum aren't maintained and updated when security exploit are found...)

Good luck!

I was hacked last month, two days after I started using Curse client to install addons and leaving client running so it could upload data to Curse. Needless to say that was the only change I made prior to my account being compromised.

I no longer leave curse client running when I log into the game.

just to clarify some of the good points that Flisher made.

1. Using IE, by itself, is not going to get you hacked assuming that you have a good firewall / antivirus installed. I personally use Firefox and my AV pops up all the time with page warnings so IE or not you MUST browse cautiously. The problem with suggesting another browser is that most users will get the other browser and either not install the addons needed to keep you safe (Noscript for FF is one example) or they will disable all of the inbuilt features that keep you safe so they do not have to do any extra work while browsing. Basically with any browser you have to completely disable all of the features that make the internet more enjoyable to be safe such as javascript, Java, Flash, etc....

2. There are some free AVs that rank in the top 5 most effective AVs which include paid products. Now, most paid versions include better heuristic scanning, so do your homework and pick an AV that meets your requirements.

3. Flash, even updated, is a major security hole so again browse cautiously. Any scripting language opens holes in your browser so Java, javascript, Flash, etc.... all are security risks, updated or not.

4. This is the browse cautiously part again.

5. ...do you see a pattern here (browse cautiously) You have to treat every site like it is there to steal your information so never use the same password on different sites and do not give details to sites that do not carry some credibility.

I would like to add that no matter when your account has been hacked, the 'hacker', has had your information for a long time (months even) so change your password on a regular basis. Even though you have just installed 'AddonX' or 'ProgramY' in the last few days the possibility that the hack cane from that is slim to none so give up on blaming addons or the Curse client. Also, get the Blizzard Authenticator, it is so cheap and GUARANTEES that your account can not be hacked. What is it, less than the cost of a months subscription?

So if it was me, I suggest:

1. Get an AV (free or otherwise) that is well rated and keep it up to date. Even a crappy AV is better than no AV.

2. Get the Blizzard Authenticator. Just do it!

3. Browse the internet like you are walking through a mine field, since you really are, and click each link with caution.

4. Any browser plugins or addons are opening up yet another way for hackers to get into your system so if you can do without them, so without them.

5. Oh, and never share your session with anyone else. What I mean to say is that always log out of your computer before letting anyone else use it. They will NOT be as careful as you are. Do not share you WoW account either for the same reasons.