Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Blizzard Authenticator Hacked My Account!

Forum Avatar
Axist
#0 - Nov. 23, 2009, 5:07 a.m.
Blizzard Post
I am amazed that I was even able to log onto these forums...

My friend called and notified me that there was someone logging onto my characters back-and-forth while I was at work. I had no idea what could be happening since I had logged out about 4 hours earlier, but as soon as I got home I tried to login to my account.

To my amazement, I was asked for my Authenticator code. I HAVE NO AUTHENTICATOR, nor have I ever purchased one.

I immediately go to Battle.net and try to login and change my password, knowing I somehow got hacked. Again, it asks for my authenticator key. I HAVE NO AUTHENTICATOR.

I attempt to login to my Account Management to request a password change, but I was again prompted to enter my Authenticator code... I finally navigate through the completely unorganized "Account Security" section of WoW.com, and get an e-mail sent to my address prompting me to change the password. Whew, I figure that I got it changed quickly enough and prevented my account from being stolen.

Wrong. I check my character on the Armory only to find that it was in all my PvP gear (Instead of my PvE gear) with many pieces missing (notably ones that were unable to be sold). Also, even when I enter the new password I created to login, I am still prompted to enter an Authenticator code. I DO NOT HAVE AN AUTHENTICATOR.

So here I am, unable to access ANYTHING regarding my account all because some punk hacked my account and attached a BLIZZARD AUTHENTICATOR to it. I am the original owner with access to the e-mail address attached to the account, and the knowledge of my "Secret Question", and have NEVER EVER shared any of my account information with anyone, yet I am hopelessly unable to do anything.

SO BLIZZARD:
1> Why can someone hack my account and attach an Authenticator to it WITHOUT having to confirm it via the e-mail attached to the account OR the so called "Secret Question"?
2> Is the $6.50 you made more important to you than the security of my account?
3> Am I powerless in regards to getting EVERYTHING that I'm sure this hacker sold or stolen back into my rightful hands?


After all this Authenticator garbage I am amazed that I can login to my account to bring up this issue on the forums, yet cannot access ANYTHING in regards to getting my account back. Thank you Blizzard for selling a product that actively contributed to the hacking of my account.

Apparently this can happen to anyone, so if you read this please keep this post visible so that this garbage cannot continue to affect other players who pay each month to enjoy the game legally. Let's let Blizzard know that an ill-conceived plan to make $6.50 should not contribute to the loss and damage of players' accounts.

Best Regards,
Axist
Forum Avatar
Vrakthris
#8 - Nov. 23, 2009, 5:39 a.m.
Blizzard Post
Q u o t e:
SO BLIZZARD:
1> Why can someone hack my account and attach an Authenticator to it WITHOUT having to confirm it via the e-mail attached to the account OR the so called "Secret Question"?


Simply, Axist, because your account name and password should be secure. If someone has that what makes your e-mail address any more secure? The Authenticator is there for those who would like an added level of security.

You should be able to reset your password by visiting the following link.

https://us.battle.net/account/support/password-reset.xml
Q u o t e:


2> Is the $6.50 you made more important to you than the security of my account?


You seem to be unaware of how much this item costs to make and how much profit is involved in selling them so it would be wise to refrain from comment.
Q u o t e:

3> Am I powerless in regards to getting EVERYTHING that I'm sure this hacker sold or stolen back into my rightful hands?


No. We understand that mistakes happen and although we would love it if no one ever became compromised we know it happens. In this business we are unique in the steps that we are willing to take to repair as much damage as we can when an account becomes compromised.

You'll need to contact our Billing and Account Services department during business hours. They should be able to help you regain access to your account.

You can call 1 (800) 592 5499 (1-800-59-BLIZZARD) Monday through Friday 8AM-8PM (PST) for live representation.
Australian users should please call 1-800-041-378 if the standard 800 line does not work.

I'd also recommend checking your system to make sure it is secure.

** Computer Security Recommendations **
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

Once you have regained access to your account check your characters and report any damage you find via an in-game petition. Your case will be forwarded for investigation, these investigations usually take a few days but once it is complete you will be contacted with the results.

If also may be a good idea to look into picking up an Authenticator. You can purchase the physical device or you might think about picking up the Mobile Authenticator.

Blizzard Authenticator
http://us.blizzard.com/support/article.xml?articleId=24660
http://us.blizzard.com/store/search.xml?q=authenticator

Mobile Authenticator
http://us.blizzard.com/support/article.xml?articleId=26109
Forum Avatar
Vrakthris
#10 - Nov. 23, 2009, 5:43 a.m.
Blizzard Post
Q u o t e:
If you change your password, you must confirm it via e-mail.


If you reset your password you must confirm it via e-mail. As long as you enter the correct password you may change it any time you like.

Changing your e-mail address requires knowing your Security Question/Answer.
Q u o t e:

I understand that somehow this hacker got my information and I am willing to take the blame for that. However, why should he/she be able to COMPLETELY BYPASS all of the security precautions already set in place by the account holder to attach an authenticator to the account that can potentially prevent the account holder from accessing it?


The security precautions already set in place are the Account Name and the Password.
Forum Avatar
Orlyia
#26 - Nov. 23, 2009, 9:20 a.m.
Blizzard Post
Accounts that have authenticators added need to start with a call to Billing.

Billing and Account Services
Phone Support - 1 (800) 59-BLIZZ (1 (800) 592 5499)
Live Representatives Available Mon-Fri, 8am to 8pm PST
E-mail Support - [email protected]
    Players in Australia should call 1-800-041-378
    Players in Singapore should call 800-2549-9273
    Players in Chile should call 1230-020-5554
    Players in Mexico should call 001-888-578-7628
    Players in Argentina should call 0800-333-0778
    All other international players should call: (949) 955-0283


After that - these are very much the same as any other compromise.
Forum Avatar
Orlyia
#33 - Nov. 23, 2009, 9:54 a.m.
Blizzard Post
Q u o t e:
Just pretty lame the hacker can get away with it cause he did it at night when you can't call up billing =/



He's already 'gotten away with it', he's in.

As I've previously stated, the part that is most important right this second is figuring out how, so they do not get in again.

Have you found your security breach?
Forum Avatar
Orlyia
#35 - Nov. 23, 2009, 10 a.m.
Blizzard Post
Q u o t e:
Yes, reformatting that computer as we speak, only used it for WoW so its no big deal.


Don't forget about your email. We quite often see email accounts compromised at the same time.

I'd highly recommend changing your email password once you know you are secure. They don't need into a system any longer if they can dip straight into an inbox.
Forum Avatar
Orlyia
#50 - Nov. 23, 2009, 1:34 p.m.
Blizzard Post
Q u o t e:
If i cant get in the game, How am i supposed to run a scan when the game is running? seriously


All you need is the launcher up for that check.
Forum Avatar
Orlyia
#53 - Nov. 23, 2009, 1:39 p.m.
Blizzard Post
Q u o t e:
I am running a scan now, I will keep you updated, Wow launcher is up, so i guess we will see, stupid hackers, they really need lives,


Unfortunately, their lives include having a job that makes your WoW account a target for theft.

I heartily encourage everyone to get an authenticator. Once you have one , it's not a replacement for good security habits, but you won't have to worry about someone getting into your WoW account.
Forum Avatar
Orlyia
#71 - June 16, 2010, 2:06 p.m.
Blizzard Post
Q u o t e:
I just discovered my account has been compromised as well with the blizzard authenicator i managed to login to the forums and get some instructions on how to remove spyware and change all my passwords. Still unable to login to my account i sent an email to tech support .




[quote]I am amazed that I was even able to log onto these forums...

My friend called and notified me that there was someone logging onto my characters back-and-forth while I was at work. I had no idea what could be happening since I had logged out about 4 hours earlier, but as soon as I got home I tried to login to my account.



You should have access at this point, and I think you may have prevented them from doing too much damage, but it would pay to check out your characters and let us know if there was any mischief done.

Also, finding the source of this is vital to them not getting right back in. Looks like there were actually two placed on this account, the first they removed themselves.

Right now, security is the main concern so they can't get back in. If they can....they WILL be back, that is very likely.

This sticky may be useful.

Account Hacked? Security Issue? Look Here!
http://forums.worldofwarcraft.com/thread.html?topicId=24702231244


You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109