My dads world of warcraft account was hacked this morning/last night. I download all his add ons for him and the only place i get them is here. He doesnt visit any of the stupid wow forums so its not from there. maybe curse should check there **** before they host it on there website.

Or maybe your dad should start clearing his com for Mal-/Spy-ware !

Curious... did you download the addons manually or did you use the Curse Client?  A former guildmate had a similar situation where his account was compromised, did not go to bogus sites/didn't buy gold/etc... but he did use the Client to install his add ons.  His 3 level 70, Naxx-geared characters were stripped of their items and gold.  Two were server transferred after they had been used to raid our guild bank.

I will give Blizzard this, they were awesome about helping him get his characters restored and were able to put back much of what had been taken from the guild.

Best suggestion I can make, $6.50 to buy the Blizzard Authenticator.  Practically everyone in our guild ordered one as soon as they became available after that initial out-of-stock.

And since this is in the Aion forum, here's hoping NCSoft follows suit some day given the sheer volume of junk sites that are spammed almost non-stop in the chat channels.

Pretty much exactly the same scenario here. Account was compromised, toons stripped and moved. Only thing running on this machine were Curse Client and MMO Minion. ONLY websites visited are World of Raids (possible bad site) Elitist Jerks, and Tankspot. It's a Mac running programs like Little Snitch and MacScan with no malware found before or after, no alerts of unexpected port usage, etc. I'm of the mind it pretty much HAS to be one of the clients.

Mobile Authenticator is in use now.

From Blizzard:

  Quote:

DOWNLOADING ADDONS, HACKS/CHEATS, & EXECUTABLES

Viruses, 'trojan' applications, and key-logging software can all steal your World of Warcraft information, in addition to anything else on your computer once it has been compromised. These sorts of threats are typically brought into the system and installed by "executable" programs.

An "executable" program is something you download and then you run it as its own program - as opposed to opening a file or a folder. You can tell if a program is an executable if its file name ends in EXE. You can also right-click the file and choose "Properties." If the "File Type" says "Application," then that file is an executable.

Hackers and account thieves like to put their viruses, keyloggers, etc into executable files and then make those files very appealing to our World of Warcraft fan base, to trick users into downloading and running their programs.

Which, by the way, the Curse Client does not interact with WoW.exe or Launcher.exe (the main executables for the game) in any way, shape, or fashion. All the Client does is provide a way to easily download and install addons.

Addons are not executable programs. They are simple text files that the game loads AFTER you enter your user name and password; furthermore, addons have no access to the internet or to your computer other than through the World of Warcraft game. And if the game can't surf the net for bad sites, then neither can addons.

The other thing to remember is that the people who got your account did so weeks, if not months ago, and sat on the info, lulling you into a false sense of security, making you blame the most recent thing you did instead of that nasty popup you clicked without thinking last May.

One other thing: Curse.com and affiliate sites WowAce.com and CurseForge.com are Official Blizzard Fan Sites, the Client has been vetted by Blizzard as safe and secure (you would have heard in-game by Blizzard if it were otherwise) and nothing we do here will be anything other than involve your best interests in having a happy experience playing the game.

http://us.blizzard.com/support/article.xml?locale=en_US&articleId=20572&pageNumber=1&searchQuery=keylogger

I do all the installs manually. He runs a virus scan everyday so ive got no clue where he could of got the virus from. My dads not one to go to the WoW realm forums or fall for the "you just won a free mount" crap either. Good news though blizz has all ready restored his account. I reformatted his HD today so all is good. For all i know the logger could of been on the pc for sometime i bought the computer used from a friend hard telling what he had done to it or had put on it. I read the quote from blizzard makes sense sorry for accusing curse.com for having keyloggers on there site.

No worries, mate. I know it is the knee-jerk response to the "OMG I've been hacked!" thought, so it is understandable. At least you know now, and better informed is better protected.

I don't believed in any key loggers.. maybe your dad visited Gold selling sites that's why his account has been hacked.. That's a usual complaints nowadays.. Play hard and don't support any power leveling sites....

i can assure you my dad doesnt buy gold or pay people to lvl his toons hes able to do that him self. 

so he buys and sells gold himself to other players?

Locking this thread, as flaming other people is not good.