Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Account Hacked - Authenticator Attached

Forum Avatar
Feralis
#0 - April 29, 2010, 1:32 p.m.
Blizzard Post
I was informed earlier by my guild leader via Skype that this character was logged in after a three-week absence and talking "strangely." I'm shocked to have been hacked while my account was actually frozen while I take a break from the game. Apparently, whoever is currently playing my characters has paid to reactivate my account. I've never heard of hackers paying to reactive a frozen account; is this a common occurrence? How they're paying, I can't be sure, since they've also attached an authenticator to my account and I can't login to Account Management.

I do everything, including playing WoW, exclusively on a Mac. Naively, I thought Macs would not be the target of any keylogging attempts. I've learned my lesson, and if my account is restored, I hope to prevent this from ever happening again. I've run a scan using iAntiVirus and come up with nothing. Is there any other software I could try? I also intend to get an authenticator ASAP.
Forum Avatar
Orlyia
#1 - April 29, 2010, 1:37 p.m.
Blizzard Post
Q u o t e:
I was informed earlier by my guild leader via Skype that this character was logged in after a three-week absence and talking "strangely." I'm shocked to have been hacked while my account was actually frozen while I take a break from the game. Apparently, whoever is currently playing my characters has paid to reactivate my account. I've never heard of hackers paying to reactive a frozen account; is this a common occurrence? How they're paying, I can't be sure, since they've also attached an authenticator to my account and I can't login to Account Management.

I do everything, including playing WoW, exclusively on a Mac. Naively, I thought Macs would not be the target of any keylogging attempts. I've learned my lesson, and if my account is restored, I hope to prevent this from ever happening again. I've run a scan using iAntiVirus and come up with nothing. Is there any other software I could try? I also intend to get an authenticator ASAP.


Quite common, usually with stolen credit cards - or the cards of those that deal with them as 'customers' - lovely folks.

Macs aren't bullet-proof when it comes to malware. There tends to be less written for them, but they aren't immune by any means.

This may also be from a different source, there are literally hundreds of variations and ways these guys trick, scam and steal player information.

Malware and social engineering are the two main things we see, but they've also taken to buying paid goggle links to fake sites, breaking into websites and trying the pass/ID they steal there (that's a crime of opportunity and an excellent reason not to reuse your passwords), etc.

I'll post the fuller version of instructions below, but it's important to followup on this now even if you are on a break so that your account will be as intact as possible when you return.

---------------------------

If an account has been merged to a Battle.net, or if an email has been changed, or an authenticator added to the account (not the player's own) one of your first stops is going to be Billing. They need to get those sorted out first so the rest of the processes can continue.

Billing and Account Services
Phone Support - 1 (800) 59-BLIZZ (1 (800) 592 5499)
Live Representatives Available 7 days a week, 8am to 8pm Pacific Time
E-mail Support - Billing@Blizzard.com
    Players in Australia should call 1-800-041-378
    Players in Singapore should call 800-2549-9273
    Players in Chile should call 1230-020-5554
    Players in Mexico should call 001-888-578-7628
    Players in Argentina should call 0800-333-0778
    All other international players should call: (949) 955-0283


Now, it's very very important to figure out where the security breach occurred. If they CAN get back in, they WILL be back. That, unfortunately, you can count on.

These two stickies should prove helpful.

Computer Security Recommendations
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

Account Compromise Info Center
http://forums.worldofwarcraft.com/thread.html?topicId=14318909866&sid=1

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109

I do wish you all the very best on a speedy recovery.
Forum Avatar
Orlyia
#4 - April 29, 2010, 2:24 p.m.
Blizzard Post
Q u o t e:


very interesting scam/hack- my friend is a victim of this too - even though he just started wow 4 months ago - has an 80 with 5.3k GS and a rogue lvl 20 with BoA bow,chest,shoulders,daggersX2, they put an authenticator on it............... how long will this take to resolve??? also he said in his e-mails it said there was a character transfer to blackrock realm? geez wow - how can u transfer a character without logging onto his e-mail or running through the secret questions and stuff, thx
ps. it just happened around 12am-4am


They may have, Stonee. It's not uncommon at all for email accounts to become compromised as well.

I'd recommend starting with a call to Billing if you need to get back into control of an account - or transfers have been done. You might also want to setup another totally unrelated email to use with WoW and have Billing add it for you on the phone. You'll want to set that up once you are certain your system is secure - or use a known secure system.