Authenticator put on my account by someone

#0 - Jan. 22, 2010, 6:04 a.m.

Hello.

I was recently in the middle of a Uldaman run, only to be randomly disconnected. This happens sometimes, so I simply logged back in and kept playing. A few minutes later, the same thing happened. Only this time, when I tried to log back in, it is asking me for an Authenticator code.

Now, I know about these, but have never thought I'd need one. I did NOT put one on my account. I googled a bit and found that this means someone has gained access to my account, and put an authenticator on themselves.

So far I have changed my password, and am in the middle of running a Malware scan (has found 2 infected objects so far, might not be anything but we shall see).

I am a bit worried at the moment, as I tried calling the Billing Department but they closed about 2 hours ago (it is currently 5pm here in Australia)..so I'm out of luck.

Is there anything I can do in the meantime? I might just format my computer while I wait..I was planning to do it anyway, and it would get rid of anything malicious such as a keylogger.

Could the person who has gained access to my account be playing it right now? I did change my password..but what if they have the authenticator?

This sucks..I guess I just wasn't being realistic when I thought it would never happen to me :(

Orlyia

#12 - Jan. 22, 2010, 6:25 a.m.

I am a bit confused how an authenticator can be showing as put on an account and you are able to change the password afterward, but Billing would likely be a good place to start with this.

In the meantime, a full security sweep would be an excellent idea. The following information is what most compromised players are going to need to know.

--------------------

If an account has been merged to a Battle.net (not your own), or if an email has been changed, or an authenticator added (and it wasn't you that added it), one of your first stops is going to be Billing. They need to get those sorted out first so the rest of the processes can continue.

Billing and Account Services
Phone Support - 1 (800) 59-BLIZZ (1 (800) 592 5499)
Live Representatives Available 8AM – 8PM Pacific Time, 7-Day Support
E-mail Support - [email protected]

Our Billing Support page can be found at http://us.blizzard.com/support/article.xml?locale=en_US&articleId=20606

Now, it's very very important to figure out where the security breach occurred. If they CAN get back in, they WILL be back. That, unfortunately, you can count on.

These two stickies should prove helpful. I'd also recommend doing your scans with the launcher open and some junk entry in the account ID. We've seen some nasty keyloggers pop up lately that don't want to show on scanners unless the launcher is active.

I also highly recommend changing your email password once you are certain your system is secure. They don't need into a system once they can dip into an inbox.

Also, if you have used the same password/ID anywhere else, that is a very dangerous practice - especially on websites, or social sites like Facebook or MySpace. Please do not reuse the same password you've used anywhere else.

Computer Security Recommendations
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

Account Compromise Info Center
http://forums.worldofwarcraft.com/thread.html?topicId=14318909866&sid=1

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep anyone else out of your WoW account. Not to mention core hounds make adorable pets!

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109

Even more core-hound goodness can be found here!

http://forums.worldofwarcraft.com/thread.html?topicId=21726114509&sid=1

I do wish you all the very best.

Orlyia

#14 - Jan. 22, 2010, 6:41 a.m.

You could certainly apply your own - but if another is currently on the account, that will need to be dealt with first.

Orlyia

#16 - Jan. 22, 2010, 7:30 a.m.

Q u o t e:
Ok, thanks for the replies.

What I don't understand is why an email wouldn't be sent telling me an Authenticator has been added to my account. I mean, surely it wouldn't hurt to require confirmation before it is added?

Without that, things like this happen..and I can't do anything but wait :@

To be able to add an authenticator to an account - you've already BEEN compromised. They had to have your account ID and password to do this.

This really isn't all that different than the tricks they used to pull, just a little different twist :)

Orlyia

#18 - Jan. 22, 2010, 7:42 a.m.

Q u o t e:
I understand this, but they would not have had access to my email.

If they have put an authenticator on it, it means they pretty much have their own access to it.

Oh well. Guess no WoW for me for a while :(

I'm not even sure how they could have got my password etc. in the first place. The scan did not turn up any keyloggers or the like.

A format should do the trick..but then I'd be nervous about it happening again.

I can just see the authenticator being a real pain. Just really restricts my gaming, but I suppose I play at home 99% of the time. Argh, prob don't have a choice.

Ok, there is a clue right there - where else do you play? THAT system could have malware.

This also doesn't necessarily have to be malware - social engineering, i.e., fake websites and phish emails are also rampant and some of them can look quite legitimate.

Remember, we are NEVER going to ask for your password in an email. Always, always double check where an email really comes from and where any links may go.

Orlyia

#21 - Jan. 22, 2010, 8:02 p.m.

Q u o t e:
Try copy and paste for passwords from notepad, problem solved

Uhhh, actually - that's no protection at all. Keylogger anymore is a bit of a misnomer - they can read clipboards.