Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Blizz Authenticator Used to Hack Accounts

Forum Avatar
Snaks
#0 - Nov. 7, 2009, 6:27 p.m.
Blizzard Post
So my account got hacked... and how did they do it?

Once they got my password they setup the blizzard authenticator to my account thereby making it impossible to log in to my account or account management page (not even sure how this happened since I have been playing the game since 2005 and never got hacked before - although its curious that I got hacked 2 weeks after merging with battle.net)

And here is the worse part, they did it on a friday night knowing that blizzard is not open on saturday or sunday and that's is the only way to remove the authenticator (you can't access your account manager page without the mobile authenticator number),

So blizzard, why didn't you just require the last 6 digits of the cd key to activate the authenticator to a wow account? if you have done this there wouldn't be hackers locking people out of there accounts (and I did a search for this problem and it is widespread)
Forum Avatar
Syndri
#65 - Nov. 8, 2009, 12:15 a.m.
Blizzard Post
Q u o t e:
Blizz Authenticator Used to Hack Accounts


This statement is a gross exaggeration, Snaks, if not a complete fallacy. Our Blizzard Authenticator system is not responsible for the compromise of any account. Can accounts which are compromised then have an Authenticator associated with them without permission? Yes. They can. But do Authenticators pose any risk to accounts or can these devices be used to compromise an account? No. They cannot.

Blizzard Authenticators and our Mobile Authenticator application are two features by which players may increase the security of their WoW and Battle.net accounts. Please do not attempt to spread misinformation about these devices.

Q u o t e:
although its curious that I got hacked 2 weeks after merging with battle.net


It's neither curious nor "hinkey" in any way.

In order for an account to be compromised, its login information must be learned by an unauthorized party. This can happen in multiple ways. That a compromise followed shortly after your account was merged with our Battle.net system suggests 1) that a computer you've logged in from since merging possesses a latent infection; 2) that you've responded to a phishing email or visited a malicious website; and/or 3) that the email address you used to set up your Battle.net account was or has been compromised. Please know that your account was not compromised through or due to our Battle.net system.

I know it's much simpler to point the finger at Blizzard Entertainment; however, it does truly not benefit you to do so. If you deny responsibility, you may neglect to take key steps which can bolster the security of your account. As unsettling—and, perhaps, as humbling—as it may be, accepting that compromises occur client-side is the first and most important step to bolstering an account's security.

Please know that this assertion is not the blanket assignment of blame. To say that those who are compromised are always to blame for their account compromise is to insinuate, semantically, that each and every affected owner willfully contributed to the dissemination of the account's log in and password. Neither you nor I believe this is the case for all account compromises. Some, yes. All, no.

I am simply asking you to realize that an account owner's network of security may be imperfect. As the old adage goes, "There's more than one way to skin a cat," and, regrettably, this sentiment also holds true in the case of compromise.

Now, with that said, please know that we will be happy to help you reclaim your account (if necessary) and recoup any losses your characters may have suffered as a result. All that we ask in return is that you focus on securing your computer, account, and registered email address to help prevent repeat compromise. Some great step-by-step suggestions may be found here:




Also, if you have any questions about the recovery process, please don't hesitate to check out the following sticky. It will walk you through recovering your account, reporting any losses, and what to expect from the restoration process.

To begin, though, you'll will want to contact our Billing & Account Services department directly to have the unauthorized Authenticator removed. You may do so by phone or by web form.

Billing and Account Services
    Live Representatives Available Mon-Fri, 8am to 8pm PST
    For phone assistance please call: 1 (800) 592-5499 || 1 (800) 59-BLIZZARD
    • Players in Australia should call 1-800-041-378
    • Players in Singapore should call 800-2549-9273
    • Players in Chile should call 1230-020-5554
    • Players in Mexico should call 001-888-578-7628
    • Players in Argentina should call 0800-333-0778
    • All other international players should call: (949) 955-0283



Web form: http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26361


You can send the web form off today if you are able; however, our Billing representatives will be unable to process it until offices open for the week. Just make sure that you complete all relevant sections and circle the "Deactivate Authenticator" option towards the top of the document. :)


Q u o t e:
So blizzard, why didn't you just require the last 6 digits of the cd key to activate the authenticator to a wow account? if you have done this there wouldn't be hackers locking people out of there accounts (and I did a search for this problem and it is widespread)


If you believe the process by which Authenticators are applied to an account is best amended, please do not hesitate to post within our Suggestions Forum.