Battle Net account merge is dangerous!

My advice, Vahrod, is to not spread false information.

Simply because you find a bunch of statements about something when you google it, doesn't make it true. It simply means that people either believe it to be true or are spreading misinformation that it is. I'm certain there are many out there would could name a large number of things that people believe that are true, that may not be.

Q u o t e:
so at the very least pls/pls/pls use a new and unique password.

I would agree with you there, it is a good idea to use an e-mail address that is secure.

I'd also recommend reviewing the following thread on computer and account security.

** Computer Security Recommendations **
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

Q u o t e:
I notice that the game is currently experiencing a "high volume of petitions". I wonder if you could shed some light on that as there have been no major patches or new releases recently?

Simply because there are a lot of people who require assistance, Vahrod, it does not require a patch or new release to have issues that cause a high volume of petitions. Brewfest and Hallow's End are two that generate a great many petitions.

Q u o t e:

I am deeply sorry that it troubles you so that a significant and suspicious pattern emerges: players who have been "safe' for years are compromised within 48 hours of getting their Battle.net account.

Sometimes a pattern is nothing more than a coincidence, Vahrod, but the more people that assume that it is true the more support the erroneous theory has.

Q u o t e:
I truly understand that this is inconvenient from a corporate point of view, and I am sorry for that as I love this game.

You are welcome to your point of view, Vahrod, I would ask that you do not post unsubstantiated rumours on these forums. Your post is titled not with a question or a theory but with a warning, Dangerous! Watch out! That is unproductive and only causes people who may google such subjects further "proof" that these rumours are true.

Q u o t e:

Try, if your demon heart allows, to focus less on your fear of veracity and more on your compassion for loyal players and paying members of your community.

I do not fear the truth, Vahrod, I relish the truth. What you posted was not truth though, it was a rumour based on shadows of half truths. I am focused on my compassion on our players. I can not sit ideally by and allow someone to post fallacious information that could cause people to panic.

Though I do appreciate your concern for your fellow players it is not necessary as if there were a danger with the Battle.net account creation and merger we would be the first to say something.

A compromised account may be an inconvenience to the person compromised but as you know our Game Masters, Character Specialist and Investigation Teams are there to help repair any damage that may have been caused to the account. This isn't a simple process, it is complicated and time consuming additional work for us, so how could anyone think that if there was a security issue with it, we wouldn't do something about it immediately? That is what makes no sense.

Q u o t e:
Sounds like you're saying that there is no defense against keyloggers other than to get lucky?

I recommend running at least one scanner aimed at virus/trojans and another for adware/spyware.

Scanners that are good at catching one are seldom as good at catching the other variety.

Also make sure all your other software, including your scanners are totally up to date. Your OS, Flash, Scanners - and any other software you may run.

We've seen folks that used Word, got an infected file and got entry that way.

Flash has patched several vulnerabilities in recent weeks.

A good firewall is also recommended.

Malware isn't the only way this can happen, social engineering is right up there. That would be responding to a phish mail, or a tell ingame to go to a site for 'free stuff', 'mounts', 'alpha or beta', or even something as generic as a 'surprise'.

Using the same Pass/ID used anywhere else is also very risky. If THAT app gets compromised this becomes a crime facilitated by a lucky guess. This is especially true if that pass/ID is used on websites. Websites get compromised all the time.

Emails can also become compromised. They don't need into your system any longer if they can dip straight into your inbox.

The very best protection you can get for your WoW account is an authenticator. It's not a replacement for good security habits, but it will keep someone else out of your WoW account.

Q u o t e:
My passwords are also kept in a "hidden" file on the computer so that they may be copied and then pasted into the login screens rather than typed out each time ( A little birdie told me that keyloggers detect and record keystrokes and not clipboards).

While this may have been true at one time in the distant past, it's not been true for a long time.

They can read anything on your clipboard.

Guys, this is a stressful situation, let's keep it civil please.

Guys, please - let's stop tossing around the word fault.

This happens, it even happens to those that are pretty tech savvy and something slips through.

It's not about fault, it's about responsibility. As much as we'd like to, we simply cannot do what is required on the player's end to keep their systems secure.

We do, however, try to educate - and help folks that find themselves in this situation.

The word fault just sets folks hackles on end and they stop reading right then and there. It's a pejorative word with connotations of having done something intentionally which in many cases isn't the case at all.

Q u o t e:


I know, but people should know it's not coming from your side (and by that I mean the hacking and everything) but seriously. I hate how people make these threads and blame Blizzard about them being hacked. (If that didn't make any sense then I'm sorry.)

Oh, I know. It is important for them to realize they need to find the breach.

It's not necessarily malware, it's not necessarily THEIR machine if they've used other systems or shared their information. That doesn't normally come to light here, but it is a common cause.

One of the very best reasons for sharing being against our rules is that once anyone else has your information - even to just log into these forums - it's out of your control and makes the process of tracking this down exponentially harder, if not downright impossible.

Q u o t e:


I'm sorry Orlyia, but that's what this thread seems to be about. Placing the blame on Blizzard.



Technically? Sure, you could.

Theorically, WoW could refuse to launch unless the computer has a Blizzard-tested virus scanner, firewall and anti-malware installed.

Or one could be bundled with WoW installed and downloads.

This would satisfy people's need for Blizzard to do more, but I don't think I need to point out the flaws in that.

We can't keep folks from sharing though, or getting tricked into handing out their information.

Malware is but one way this happens, with social engineering quickly pulling up neck and neck.

Education and the authenticator are our two best tools to combat this. The education part everyone can get in on :). Tell your guild, tell your friends, tell your family!

Q u o t e:
Not to quibble about wording, but in my view: if you don't take the "responsibility" to keep your system clean, visit suspicious websites or visit social websites without taking the proper precautions and you get hacked, it's your "fault" if you do get hacked. I'm sorry, but taking the kinder/gentler path sometimes isn't enough. Place blame where it belongs and make them TAKE responsibility for their actions.

Words have power, Olepi.

When the mission is to communicate, tossing out words that can virtually guarantee your reader stops reading is actually counter-productive.

Believe me, anyone that has ever had to go through this has suffered more than enough. This is something I wouldn't wish on anyone, it's a violation.

Repercussions are a natural consequence of this. Most do learn from the experience.