[[ Account Compromise Info Center ]]

Due to an increase in concerns regarding compromised accounts, we’ve opted to consolidate as much information on the topic as possible into a single comprehensive thread.

You can make use of the following table of contents in most web browsers by typing Ctrl-F and then inputting the number of the section you wish to locate. You may also refer to the following guide directly:

What to do if Your Account Has Been Compromised
http://us.blizzard.com/support/article.xml?articleId=30796

X.X Introduction — Please Read


1.0 Securing Your Account

1.1 Keylogger, Trojan, and Spyware Removal
1.2 Validating and Updating Contact Information
1.3 Maintaining a Secure Account
1.4 Battle.net Authenticators


2.0 Recovering Access

2.1 Online Account Recovery
2.2 Assisted Account Recovery (Contacting Billing)


3.0 Account Retrieval

3.1 What All Account Retrievals Must Have
3.2 Helpful Submission Tips
3.3 Additional Points


4.0 Initiating an Investigation

4.1 Submit an In-Game Petition
4.2 Report Unauthorized Transfers, Name Changes, and Re-Customizations
4.3 Contact Account Administration


5.0 The Restoration Process

5.1 Account Restorations
5.2 Contacting Assigned Character Specialists


6.0 Additional Compromise Issues

6.1 My Account Was Banned!
6.2 My Account Was Merged Into a Battle.net Account!
6.3 An Authenticator Was Added to My Account!
6.4 I'm Not Getting Any Emails!

X.X Introduction - Please Read

World of Warcraft is first and foremost a community, and we applaud the efforts of those who have taken it upon themselves to submit a report when it appears that a friend or guild mate has been compromised. While we are unable to provide updates or information regarding an investigation initiated for an account registered to another player, this can be a great way to get the investigation process started on the behalf of a friend whose account security may be at risk. It’s still a good idea to refer those who have been compromised to this thread and the other excellent resources we’ve made available for all the information they need to get back into the game swiftly.

We also ask that affected players please keep in mind that, once a report of compromise has been filed, the restoration process can take some time. It's best to refrain from continuously submitting additional petitions or emails requesting updates. Should more than 3 weeks pass without a response, though, it may be appropriate to submit a petition to confirm that everything is proceeding as it should.

No restoration is ever guaranteed, but you can rest assured that once you've submitted a report that your account is in good hands. Our staff will happily do everything they can to help get our players back into the game and enjoying World of Warcraft as soon as they possibly can.

1.0 Securing Your Account

1.1 Keylogger, Trojan, and Spyware Removal


Should you believe your account compromised, the first—and often most important—step you should take is to remove any keyloggers, trojans, or spyware which may be present on your computer. To do so, we encourage players to scan their systems with antivirus and anti-spyware software.

We recommend using at least one antivirus and at least two anti-spyware programs to ensure a wide range of coverage and recognition. Some programs may not detect what another can. To learn which antivirus and/or anti-spyware programs may be best for you, please review our Computer Security Recommendations sticky, found here:


http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1


1.2 Validating and Updating Contact Information


Along with account names and passwords, email addresses may also be compromised. Because of this, we encourage you to update your Battle.net email address as quickly as possible to prevent repeat compromise.

The most direct way to increase the security of your registered email address following a compromise is to create a brand new email address for your Battle.net account. Make sure the username and password for this new address are unique; do not use a username and password that you've used online before.

Once registered, keep this email address as isolated as you can and do not associate it with any other service besides Battle.net. In addition to increasing the security of your account, this will also help reduce the reception of phishing emails.

Should you be unable to register this new address yourself, please contact our Billing & Account Services Department for assistance.


Billing and Account Services

Live Representatives Available 7 Days a Week, 8am to 8pm PST/PDT
For phone assistance please call: 1 (800) 592-5499 || 1 (800) 59-BLIZZARD

• Players in Australia should call 1-800-041-378
  
• Players in Singapore should call 800-2549-9273
  
• Players in Chile should call 1230-020-5554
  
• Players in Mexico should call 001-888-578-7628
  
• Players in Argentina should call 0800-333-0778
  
• All other international players should call: (949) 955-0283


If you do not wish to set up and register a new Battle.net email address, please check the filters and rules of your existing address to ensure that you can still receive emails message from Blizzard Entertainment, and that incoming emails are not being automatically forwarded to another unauthorized email address. This will help prevent your account from being compromised again by the same source. More information about email filters and rules may be found here (http://us.blizzard.com/support/article.xml?locale=en_US&articleId=28585).


1.3 Maintaining a Secure Account


Once your account is secure, it's good to establish habits which can help you keep it this way. While there are many methods by which to maintain the security of an account, here are some tips to get you started:


• Never willfully share your registered email address and password. Even friends, family, and significant others can place your account at risk.
  
• Monitor the availability of your email address and do not post it publicly.
  
• Complete operating system, web browser, and software (antivirus, anti-spyware, and Adobe) updates as they become available.
  
• Run antivirus and anti-spyware scans weekly with the World of Warcraft launcher open.
  
• Activate your browser's built-in phishing filter.
  
• If you use FireFox, install NoScript and Flashblock and run both extensions consistently while browsing.
  
• Select a secure password and change it periodically.
  http://us.blizzard.com/support/article.xml?articleId=20574
  
  
• Be aware of "phishing" emails and websites, and do not to respond to any invalid requests. Remember that a Blizzard Employee will never ask for your password.
  http://us.blizzard.com/support/article.xml?articleId=25133


Additional information can also be found here:


Account and Computer Security
http://us.blizzard.com/support/article.xml?articleId=30794


1.4 Blizzard Authenticators and Mobile Authenticators


The Battle.net Authenticator and Mobile Authenticator are two devices which offer an additional layer of account security. The Battle.net Authenticator is a physical "token," small enough to fit on a key ring, and the Mobile Authenticator is an application which can be downloaded (often for free) on many mobile phones.

These devices work by providing a secure authentication code upon command that will be unique to your Battle.net account. After an Authenticator is associated with your Battle.net account, the authentication code will be necessary for each client and Account Management log in, increasing your protection against standard compromise attacks.

Battle.netAuthenticators are presently available for purchase on our Blizzard Store (http://us.blizzard.com/store/search.xml?q=authenticator), and our Mobile Authenticator application can be downloaded here (http://mobile.blizzard.com/shared/blizzard_download.php?cont=401&id=2183). More information about these devices may also be found here (http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24986).


Please note that using a Battle.net Authenticator or the Mobile Authenticator application does not negate the importance of end-user system security. It is simply an added layer of protection and should complement (not replace) safe browsing habits and security practices.

2.0 Recovering Access

In many cases, when an account is compromised, access to the account may be restricted; this is most commonly due to passwords and registered email addresses being changed by unauthorized parties.

Before you are able to report a compromise to our in-game staff, it may be first necessary to recover access to the account and confirm your identity as the rightful owner. Fortunately, there are several methods to do so.

2.1 Online Account Recovery


One of the fastest methods to retrieve access to your account is via our online Login Support page:

https://us.battle.net/account/support/login-support.xml


2.2 Assisted Account Recovery (Contacting Billing)


If you are unable to regain access through Login Support—or should you possess any additional questions related to your registered billing information—then it is advised that you contact our Billing & Account Services personnel directly.

Billing and Account Services:
Email: [email protected]
Web form: http://us.blizzard.com/support/webform-us.xml?gameId=11

Live Representatives Available 7 Days a Week, 8am to 8pm PST/PDT
For phone assistance please call: 1 (800) 592-5499 || 1 (800) 59-BLIZZARD

• Players in Australia should call 1-800-041-378
  
• Players in Singapore should call 800-2549-9273
  
• Players in Chile should call 1230-020-5554
  
• Players in Mexico should call 001-888-578-7628
  
• Players in Argentina should call 0800-333-0778
  
• All other international players should call: (949) 955-0283
  
  

3.0 Account Retrieval

In order to protect our community, access to an account may be temporarily disabled, or locked. In some situations, we may request that the registered user provide a valid ID to unlock the account. This is done not only to ensure the account's safety, but the also the validity of the information associated with it.

We realize this may be a confusing and frustrating process and so have created a list of tips and suggestions to hopefully alleviate some concerns. Please bear in mind, however, that this information is subject to change.

Should you require a Notary, please confirm all information below by consulting your local Notary Public and PDF by Account Administration. Valid forms of identification may vary from location to location, as well as between retrieval types.

3.1 What All Retrievals Must Have


• (If required)Notarized Notary form, signed and sealed by a Notary Public (completed at your appointment)
  
• Retrieval Form (PDF included with an email sent by Account Administration or Billing & Account Services)
  
• Valid ID (cannot be expired)


Note: Many retrievals may be completed by either email or facsimile; please chose the method most accessible for you. Those retrievals completed by email must possess attachments for both the retrieval form and your valid ID; all attachments must be below 3mbs.


3.2 Helpful Submission Tips


For faxes:


• Make a black & white photocopy of your information, this way everything is already in gray scale
  
• Enlarge the ID by about 100% and up its brightness
  
• Ensure that the writing is legible; use block letting if necessary
  
• Have all pages go through in one submission; multiple, consecutive submissions will not count
  
• Fax a copy of your submission to yourself first to see how the pages will look once sent; adjust size, writing, and brightness accordingly
  
• If, after 48 hours, you haven’t heard back, email [email protected] and resend


For emails:


• Submit retrieval package from address listed within retrieval form
  
• Attach each document (retrieval form and ID) separately
  
• If scanner is unavailable, photograph documents with digital camera
  
• Re-size documents if too large (over 3mbs)
  
• If, after 48 hours, you haven’t heard back, resend


3.3 Additional Points


• Birth certificates can be used if you are under legal age; however, in certain provinces and countries, the “age of majority” varies. Make sure that you know what the age of majority is where you live, as it may be different than US law.
  
• All Notary retrievals must be mailed in. Fax submissions are no longer accepted for this particular request.
  
• If you're having trouble with the faxing process (that is, having it go through and appear legible), you're more than welcome to create a parcel with everything included and ship it off via normal postal service. This will take longer, but will ensure readability.

4.0 Initiating an Investigation

After you’ve recovered access to your account, your next step is to initiate an investigation. This investigation may be related to missing items and currency or needed to correct a penalty applied during your compromise.

We've many methods of reporting available, and we encourage you to use them to your fullest advantage.

4.1 Submit an In-Game Petition


Submitting an in-game petition is an effective and easy way of reporting an account compromise.

To submit an in-game petition, begin by clicking on the Help Request option. This option is located in the small navigation tray near the bottom of your screen and is symbolized by a red question mark.

Clicking on this option will bring up the In-Game Knowledge Base, a database full of support articles for your reference. Four options will also appear towards the bottom of the window:


• Talk to a GM
  
• Report a Problem
  
• Report Lag
  
• Character Stuck


Select either the "Talk to a GM" or "Report a Problem" option. Selecting "Talk to GM" will let us that you wish to be contacted in-game (if possible) regarding an immediate issue. Conversely, selecting "Report a Problem" will let us know that you do not wish to be contacted in-game and that the issue is not of immediate concern. You're welcome to select either option, but "Talk to a GM" would be more appropriate for the purpose of reporting an account compromise.

Click on the "Open a Ticket" or "Report a Problem" button after you've made your selection and then, within the text field, include details regarding your compromise:


• Approximately when your account was compromised
  
• Any character, item, or currency losses
  
• Any Guild Bank losses
  
• Any unauthorized Character Transfers, Name Changes, Re-customizations, Faction changes, or Race changes


Click "Submit" and you're done. This information will assist our in-game staff greatly in initiating your account's investigation and restoration processes.

(Alternatively, you may also email this information to [email protected] from your account's registered email address.)


4.2 Report Unauthorized Transfers, Name Changes, and Re-Customizations


You may find that, in the course of an account compromise, one or more of your characters was transferred, re-customized, provided with a paid name change, or had their faction or race changed. It is possible to dispute such changes to your character(s), though time is of the essence.

To dispute a character transfer, name change, or re-customization, please use one or all of the following web forms:


http://us.blizzard.com/support/chartransferwebform-us.xml
http://us.blizzard.com/support/charnamechangewebform-us.xml
http://us.blizzard.com/support/article.xml?tag=customizationform
http://us.blizzard.com/support/article.xml?tag=factionchangeform
http://us.blizzard.com/support/article/racechangeform


Note: The first form may be effective even in the case of Free Character Moves.

Regrettably, if a character was transferred, re-customized, provided with a name change, or had their faction or race changed a substantial amount of time ago, then it may not be possible to return them to their original status.


4.3 Contact Account Administration


Though it's unfortunate, accounts which are compromised are often used to exploit our in-game economy and game mechanics. If this occurs, there is indeed a chance that the account will be penalized.

Should your account have been penalized for actions taken while it was compromised, please contact Account Administration at your earliest convenience. Our representatives may be emailed at [email protected] or contacted via web form:

http://us.blizzard.com/support/webform-us.xml?gameId=11


Note: It is extremely important that you contact Account Administration exclusively from the email address that is registered to your account. We are unable to accept contact from any other source.

5.0 The Restoration Process

Waiting for a restoration is often the most frustrating part of an account compromise. This frustration usually derives from what is perceived as a long wait and, as well, from a certain amount of uncertainty about the process itself.

You may not understand how restorations are addressed or what level of participation is required of you. We hope these concerns can be alleviated by the following information.

5.1 Account Restorations

Once a report of compromise is received, all relevant information is forwarded onto our investigation queue. This queue is managed by Character Specialists with all reports within addressed in the order that they are received.

At this time, full restorations may require several days to complete, so if you have had a report forwarded, we encourage you to remain patient. Should any action be taken by our Character Specialist staff, you will be notified via email.


5.2 Contacting Assigned Character Specialists


Each report of compromise will be assigned a Character Specialist who will work diligently to verify and restore all that was lost. This Specialist, as noted, will also communicate to you any restoration provided.

Should you ever believe that further restoration is warranted, we encourage you to make an inquiry. You may do this by simply replying to any email sent by your assigned Specialist, or by emailing [email protected] directly.

Regrettably, though we are continuously happy to assist, restoration may not always be possible. For more information about our Restoration Policy, please review the following article:

http://us.blizzard.com/support/article.xml?articleId=20457

6.0 Additional Compromise Issues

There are a few unusual issues which affect compromised accounts with some frequency. Hopefully the information included herein will enable you to resolve such issues expediently should they happen to affect you, too.

6.1 My Account Was Banned!


Sometimes characters on a compromised account will be used for malicious activities. When this happens, the account to which these characters belong may be suspended, banned, or locked for exploitation.

If your account was penalized for actions which occurred while it was compromised, the appropriate recourse is to contact our Account Administration department as soon as possible. Our AA representatives may be reached by email or by web form.


Email: [email protected]
Web form: http://us.blizzard.com/support/webform-us.xml?gameId=11


Should you have any further questions or concerns why compromised accounts may be penalized, please see the following discussion:

http://forums.worldofwarcraft.com/thread.html?topicId=4071469304&pageNo=1&sid=1#3


6.2 My Account Was Merged Into a Battle.net Account!


On occasion, malicious parties will merge a World of Warcraft account onto a Battle.net account during an account compromise. It is necessary to contact our Billing and Account Services Department to retrieve access to the World of Warcraft account by disassociating it with the malicious Battle.net account. Our Billing Representatives can be reached via phone using one of the following numbers:


Billing and Account Services
Live Representatives Available Mon-Sun, 8am to 8pm PST
For phone assistance please call: 1 (800) 592-5499 || 1 (800) 59-BLIZZARD

• Players in Australia should call 1-800-041-378
  
• Players in Singapore should call 800-2549-9273
  
• Players in Chile should call 1230-020-5554
  
• Players in Mexico should call 001-888-578-7628
  
• Players in Argentina should call 0800-333-0778
  
• All other international players should call: (949) 955-0283




6.3 An Authenticator Was Added to My Account!


In some circumstances, malicious parties may add an Authenticator to an account to prevent access to anyone who does not possess the Authenticator. Please contact our Billing and Account Service Department to have the Authenticator removed from the account. Our Billing Representatives can be reached via phone using one of the following numbers:


Billing and Account Services
Live Representatives Available Mon-Sun, 8am to 8pm PST
For phone assistance please call: 1 (800) 592-5499 || 1 (800) 59-BLIZZARD

• Players in Australia should call 1-800-041-378
  
• Players in Singapore should call 800-2549-9273
  
• Players in Chile should call 1230-020-5554
  
• Players in Mexico should call 001-888-578-7628
  
• Players in Argentina should call 0800-333-0778
  
• All other international players should call: (949) 955-0283




6.4 I'm Not Getting Any Emails!


One of our Character Specialists, Game Masters, and Account Administration representatives primary methods of communication is email. In some cases, there may be issues with certain email clients which can make it seem as though you are not being contacted appropriately.

To ensure that you receive emails from us, please refer to the following Support article:

http://us.blizzard.com/support/article.xml?articleId=21485


Please also check your Spam and Junk mail folders, as correspondence from our departments may have been automatically redirected there.