Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Account Hacked After Forming B-Net Account

Forum Avatar
Rastlin
#0 - Oct. 19, 2009, 5:15 a.m.
Blizzard Post
Dear Blizzard and the WoW Gaming Community:

My account has been hacked and I wish to inform and warn all parties interested in how it happened. First, some background. I play World of Warcraft on my home computer that I use strictly for that purpose. It is a gaming computer and I do not visit non warcraft related sites, except perhaps for CNN for some news now and again. I have NEVER shared account information with anyone. Never. I also have taken great care for computer security using Norton Antivirus, Spybot, Spy-sweeper and Ad Aware to help keep my computer safe. In terms of add ons, I have used Grid for months and months with no problems and no recent updates. I also use ora3 and dbm, again, with no problems and no recent updates.

As required, I merged my account into a battlenet account. Shortly after this event-a day or two tops-my account was hacked. I have lost everything-gold, items and, to add insult to injury, have seen my characters transfered off realm. I will, of course, contact customer service in the morning to try to start the process of getting a restoration but this has been a dreadful experience. I am very likely going to leave the game because of it. (After replacing guild bank items that were looted, I cannot leave the game prior to doing that.) I play this game for fun and I have lost that feeling of fun. I can find stress and misery at work, I don't need it when I am not at work.

I inform Customer Service and warm the gaming community of the following. I have had my computer carefully checked for keyloggers, trojans and worms and none have been found. In addition, as I mentioned, I have excellent security features on my computer. As I do not visit other web sites and this hacking occurred right after forming my battle net account logic suggests that this must have been the source of the problem. It just had to be somehow related to my forming of the battlenet account. I cannot accept that an account that never had any problems was immediately hacked after I formed the bnet account. Was I phised somehow? Has Blizzard's site been compromised? I do not know. But it is clear to me that the forming of a battlenet account led directly to the hacking, looting and destruction of my account.

I play this game for fun and I especially love to raid. I also have met a lot of friends through the WoW community. But this hacking has shaken me deeply and I will likely leave the game. But this post is not a QQ post for sympathy. It is a warning.

Be very careful and Blizzard, please, check your battlenet account security. The formation of this account is the only thing I can find that led to my account being hacked. I really loved this game and it has been a great ride but this experience has really done me in. I hope others do not see this same thing happen with the formation of their bnet account.

Be warned.


Best Regards,
Rastlin


edit 10/19/9, 9:45 PM EST

I noticed one more thing and I thought I would add this to my post. Prior to account merger I had a username. Of course, with the account merger that was changed to my email address. Now, I have only one account and play only one game. But since my account was hacked (I was able to get the password changed and can now access the account) a drop down screen shows up when I am logging in and it lists two accounts. One account is my old account name, the other is an account called (account name). I have never heard of this person or account and I suppose this is the hacker's account somehow linked to my bnet account. When I click on this account, btw, I get a message the account is not active.

I have a couple of questions/comments:

1) How do I get this account removed from my battlenet account?

2) If this account is linked to my account could the hacker once again get access even though I have now changed my WoW password?

I am sure this is linked to the hacker for as I said I have only my one old account. It is not clear to me how important this additional information is, but I thought I would add it. I really, really want to get this <removed> account removed. I am sure it is trouble. Thanks in advance for any help.


Best Regards,
Rastlin
Forum Avatar
Orlyia
#2 - Oct. 19, 2009, 8:33 p.m.
Blizzard Post
I am very sorry to hear this, Rastlin. No one should ever have to go through this.

Battle.net didn't do this. Someone else got ahold of your password and ID. Given the looks of this, it was foreign and malicious and your account was used for malicious activity while compromised.

I'd look more closely at possible malware. Some of them are VERY hard to find. Another possibility is that you responded to a phish or 'free offer' ingame - or visited such a website that injected malware onto your system. Given that's the nature of what this was used for afterwards, that's actually fairly likely.

Is any other system ever used to log into Account Management or this website? If so, that system could be the issue as well.

Don't discount the security of your email either. If they can compromise that, they don't need into a system directly, they just dip into your inbox.

We do our best to help players recover from this, you will want to make absolutely sure your system and email are secure.


You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will keep anyone else out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator for Battle.net accounts
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109

I do wish you all the very best on a speedy recovery.
Forum Avatar
Orlyia
#10 - Oct. 19, 2009, 1:23 p.m.
Blizzard Post
Q u o t e:


lol, i remember statistics/psych/sociology all beating into my head "correlation does not equal causation.

i think hackers are just being smart. they know bnet merging is becoming mandatory, so they are waiting until people merge to hack accounts.

most likely people are infected with a keylogger, and hackers are "biding their time" until they get send information about the accounts being merged.


When it happens after a merge, it is almost a certainty there was a pre-existing vulnerability and the merge sent off a nice tidy packet of information in a chunk. Now, where that vulnerability is, is what needs to be ascertained.
Forum Avatar
Orlyia
#18 - Oct. 19, 2009, 2:35 p.m.
Blizzard Post
You have every good reason to be worried about other information they may have obtained from your system, Rastlin - but it wouldn't be because of WoW. They can easily lift just about anything they want off of a system if they manage to get access to it.

Any information we have on you is secure, you cannot even see that yourself logging into your own account and neither can anyone else, even if they manage to get into it.