Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Blizzard is commited to security is it?

Forum Avatar
Sandusk
#0 - Jan. 31, 2010, 9:03 a.m.
Blizzard Post
So why is it every other day I get emails from the same several sites that want to hack my account. Why do I keep forwarding them to [email protected] when nothing changes? Why aren't these sites shut down in short order? What's the point in forwarding mail along if nothing changes? Seems to me you're more intested in trying to get people to buy authenticators than shutting these crooks down. Are the FBI and Interpol too busy or something? I mean these people are commiting both federal and international crimes here. Why aren't you suing the crap out of these people? How are they getting our emails in the first place? I'd have to assume that Blizzard is selling them in the first place. So how is it you guys are "commited" to our security?

Forum Avatar
Aredek
#26 - Jan. 31, 2010, 2:42 p.m.
Blizzard Post
The following response was written by one of our new teammates. Because they are still in training and do not yet possess a forum account of their own, they shall be posting via proxy through me.

Okay, there are a few misconceptions I believe need to be addressed regarding account security and phishing/scam attempts by third-parties. Firstly, the notion that Blizzard is intentionally responsible for this breach in security, or is purposefully disseminating players’ information is blatantly incorrect. Blizzard has never nor will never sell its players email addresses or other information to scammers. This would be wholly counter-productive towards the amount of time, effort, and money spent on investigating and restoring compromised accounts. It would make absolutely no sense to allow a third-party to compromise an account or email address for money only to turn around and invest effort and funds in its recovery.

In truth, many times email addresses are accidentally ‘shared’ with the internet by players via social networking sites, registration for third-party forums, guild websites, or other seemingly innocuous methods. Often, phishing and scam emails are sent to you likely as a result of not having an entirely separate email address for Battle.net. You may consider setting up an email address you solely for Battle.net and Blizzard games.

Secondly, forwarding the emails you do get to [email protected] does allow the pursuit of legal action and the ability to “shut down” scammers in some instances. However, with other cases, it is possible the legal system of the countries in which these scammers operate is not conducive or effective in ceasing their malicious operations. In this case, the best weapon we have against these scammers is education. The sample emails you see in this article Fake E-mails from "Blizzard Entertainment" http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1 were all actual emails sent to players that were then forwarded to our Hacks team. While you may not be able to immediately see results, there is indeed a purpose to forwarding these malicious emails to us.

Regarding Authenticators, there is no “scheme” to make mountains of money selling Authenticators to players. The Authenticators are sold relatively inexpensively, and close to, if not wholly at cost I believe. Additionally, if you are within the United States, free shipping is included with the order. Stack on top of that the free (or nearly for some phones) Mobile Authenticator, and the thought that Authenticator sales are a nefarious plot to fill the money bin is a bit shaky. We want players to be able to play, have a secure account, and be able to trust that their hard work and time investment will be there whenever they return to the game world. We want no players to ever be compromised or have their characters otherwise affected by an unauthorized third-party.

I hope the information I’ve provided has been somewhat helpful and enlightening Sandusk. I apologize if you feel Blizzard is not doing enough, or is somehow otherwise lax in our efforts to protect players’ accounts, information, and characters from malicious third-parties. If you feel we can do more, or that you have an idea on how existing methods can be improved, don’t hesitate to make a well-constructed post in our Suggestion forum. We’re always on the lookout for new ideas, as player account security is always an important topic.

Best of luck to you Sandusk, I wish you all the best.