Last night, after updating the AuctioneerSuite for WoW with Curse on two of my computers, both computers with separate WoW accounts were hacked. The compromised accounts happened on two different computers, one a Mac (with Curse) the other a PC (with Curse). Each computer runs different WoW accounts and the account information for each computer is different. The only similarity between the two computers is that they were both running Curse with the AuctioneerSuite loaded. The fact that I've heard of other computers running Curse having hacked WoW accounts leads me to believe that this is more than coincidence, and that infact, the integrity of the Curse add-ons are compromised.

As a IT security specialist, here are the general reminder:

Hint: if you get hacked, it's NOT the last thing you done that infected you.

People wanting your user/pass will wait bunch of days to be sure you make false assumption everywhere but the right place.

Also note that most people doesn't patch their frigging browser,  flash and media player.  This is the main infection vector.

July, August and September where especially active in vulnerability/fix allowing remote code execution, from avi file, flash and IE flaw.  (yes, that mean getting p0wned just by browsing with 4 week outdated IE or  flash player, and yes, there are some for mac now, especially that most mac user don't run any anti-virus-like stuff).

Thank you Flisher.