PSA: Don’t leave Payment Info permanently linked to WG Account

I know it's super convenient to leave your PayPal attached to your WG Account to purchase stuff from them. But as the last weeks and months showed a surge in hacked accounts with payments done through them can be seen.

I'm a DataScientist and recently thought to myself: How can this happen? Why are accounts again and again hacked and the payment data is just too easily misused and found a few points. Please add if you disagree or know more.

1) Not changing your passwords ever. Database breaches can happen to any company. Sometimes E-Mail Adresses and passwords can be leaked by hackers and sold on the black market. This is unfortunate and hard to prevent by Security Engineers. Regularly changing your password is annoying but can ensure that a leaked Password that was sold in the Dark Net is suddenly not usable anymore

2) Clicking on dubious links. Here I first have to give props to WG. Links in Personal Texts are disabled, and a small notification is in every chat window telling you not to click on dubious links. And yet I read here on the subreddit and know from Clanmates that they copied a link like wotreplays .ru/something into the URL of their browser. What happens then is standard. It asks for a login and after that nothing. Congratulations you just gave away your login Data. ASAP go and change your password should any of this ever occur.

3) Insecure Modpacks. I tested through the Pack of Aslain and WoTs themself and couldn't find any however there were modpacks even on the official Hub that contained keyboard copy bots that just copy everything you have and send it away to a different Server. Solution: Either do not use mods or have a good Computer Protection System in place to keep you as safe as possible.

4) The big last thing in the list and this goes to WG themselves. I did a little research on the Password Policy of WG and its not good. This is the official statement:

"When coming up with a password yourself, remember: a password containing uppercase and lowercase letters and numbers, and is made of at least 8 characters, is much more difficult to crack than a simple one."

Some readers might have already noticed something missing: Special Characters. Why is this relevant?

Well the password 1Wargaming41 is gonna take 2 days by a Computer to be cracked with Bruteforce.
1WaRgAmInG41 already takes 7 months
But !WaRgAmInG$! is gonna take 5 years and !Wargaming$! takes at least 20 days (these aren't my passwords)
As you can see with just 3 special characters the time it takes to crack a password that's still super simple is drastically improved. Also I tried Bruteforcing my passwords. I stopped after 1h but the bruteforce was not being interrupted by the game blocking me out and I didn't get an Email that someone tried to log into my account.

Would be awesome of WG to fix this.

In general please don't leave your PayPal or Creditcard behind every you go in the internet. It's convenient to pay with them but once it's linked it's also convenient for anyone who cracked the account.

Take care. Cyberspace is way more dangerous than most of us think.

Source: https://www.reddit.com/r/WorldofTanks/comments/xdcuko/psa_dont_leave_payment_info_permanently_linked_to/

leave a comment

Your email address will not be published. Required fields are marked *