Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Help - Account Compromise

Forum Avatar
Chillback
#0 - May 5, 2010, 4:41 p.m.
Blizzard Post
So check it, I recently took a week break starting April 26th 2010 and ending May 4th 2010, i didn't have internet service as i was changing internet service providers. When trying to log in, I was asked for my 6 digit authenticator code, but i had never bought or used an authenticator, then i checked my mail and found out my password had been changed. So i went and looked up my characters on Armory and saw that everything shown that could be sold was.

After contact Blizzard Account Services, i was able to prove i am the owner of the account, had the authenticator removed and proceeded to change my account PW my account email address, ran a system virus and spy ware scan and purchased a firewall. After logging in i found that everything that could be sold on all 4 of my characters was sold and everything that couldn't be sold was deleted, including bags, gold, gear, flasks, keys(lol yes even keys) regular food, buff food, pet food, usable consumables, potions, everything in my bank, and everything in guild banks my characters had access to.

It literally took 2 hours on hold to talk to a CSR and now i have been waiting 20 hours strait to get a reply back from a game master. I never went to any stupid website, i never fell for any trick, and i never NEVER for a fact gave my password OR email address to ANYONE EVER. When the hacker used my account i know of at least 2 people for sure that reported the hacker was using my account nothing was done then and nothing is being done now. I know blizzard says the the customer is responsible for account safety, but when i took every precaution necessary and still got hacked, Blizzard needs to take some responsibility in making their customers safer to hacking. I understand your a huge conglomerate corporation and you don't really care about a single customer, but i refuse to be treated like my money and more importantly my time doesn't matter, my game card expires tomorrow and if my account isn't restored to its full glory of April 26th 2010 i will not be renewing my 5 year loyal account, i will also be going out of my way to dissuade any new customers from buying any blizzard products and make sure all the people loyal to me will leave and do the same.

So my 5 years of time in game-play and my 15 dollars a month for 5 years don't matter to you? How about 10 or 20 times that? I'm serious, rectify this situation immediately.
Forum Avatar
Syndri
#7 - May 5, 2010, 5:10 p.m.
Blizzard Post
In order for an account to be compromised, Chillback, its login information must be learned by an unauthorized party. This can happen in multiple ways. It's possible that a computer from which you accessed your account (at any time) possessed a latent infection. It's possible that you accidentally responded to a malicious phishing scam or visited a website which contained embedded malware. It's also possible that your registered email address was compromised separately, opening a doorway to your Battle.net account. Because of this, I would encourage you to ask yourself the following questions:


  • Do you ever access (or have you ever accessed) your account from a different computer? If so, could that computer perhaps be at risk? Remember that you will need to examine all computers from which you've logged into the game client, the World of Warcraft forums, and/or Battle.net Account Management. All three of these locations require an account name and password.

  • Do your use your account name and/or password as your login credentials for any other website? Perhaps a networking site like Facebook or Twitter or MySpace? Or a guild website? If so, this could have lead to your compromise.

  • On a similar note, is your registered email address publicly available? A quick way to check is to plug your address into any online search engine. If the search returns results, then it's probably a good idea for you to update that piece of your contact information. Instead of simply using a different email address, though, my advice would be to set up a completely new address. When creating this new address, make sure that the username and password are unique. Don't use a username (e.g. character name, IM screen name, profile tag) or password that you already use online.



Now, I know it's much simpler to point the finger at Blizzard Entertainment than considering the above possibilities. It's important that you come to terms with them, though, because if you deny personal responsibility, you may neglect to take key steps that can bolster your account's security. In the end, accepting that compromises occur client-side is the first and most important step to protecting your account.

As always, though, we'll be happy to help you reclaim your account (if necessary) and recoup any losses your characters may have suffered as a result. All that we ask in return is that you focus on securing your computer, account, and registered email address to help prevent repeat compromise. This is something only you can do. It sounds like you're already taking the appropriate steps, but here's some additional resources just in case:



I would also highly recommend acquiring a Battle.net Authenticator. The availability of this device represents Blizzard Entertainment's commitment to security—something which you've asked for within your post. Unfortunately, it doesn't appear as though you've elected to take us up on this offer. If you would like to in the near future and are interested in learning more about these devices, I've included relevant documentation below:





Q u o t e:
So my 5 years of time in game-play and my 15 dollars a month for 5 years don't matter to you? How about 10 or 20 times that? I'm serious, rectify this situation immediately.


There's no need for threats, Chillback. Nor is there reason for you to be defensive. We're not at odds with you. We agree that account compromises can be devastating and so have devoted ourselves to helping those who fall victim to this malicious practice. Though it may take some time, we will do all that we can to recoup any items, characters, or currency that may have been lost as the result of your compromise. Again, all that we ask in return is that you remain patient with our representatives and the use the time in between to thoroughly secure your account.


I know this must have been a very troubling time for you, and for that I am sorry. If you have any questions or concerns, please let me know and I will be happy to assist in any way that I am able. :)
Forum Avatar
Syndri
#10 - May 5, 2010, 5:18 p.m.
Blizzard Post
Q u o t e:
but yet its another way for bizz to make money... instead of charging your customers for it, it should come with a new game and sent to older customers, you know your security blows, thats why you invented them...instead of charging even more they should be part of the monthly fee


We actually sell Battle.net Authenticators from the Blizzard Store at cost. This means that we do not make a profit through their sale. We also offer Mobile Authenticators, and for many mobile devices this application is free.
Forum Avatar
Syndri
#13 - May 5, 2010, 5:25 p.m.
Blizzard Post
Q u o t e:
Having this exact same problem. All my bags were deleted, main hand weapon is gone, logged off last night in Dalaran & woke up in stormwind. Sent an email in but still haven't heard back. wondering if this is a server issue and I wasn't hacked?


Unfortunately, it appears that you may have been compromised, Devvo. Because of this, I would sincerely encourage you to review the following guide:



It will walk you through each step of the account recovery process: securing your account, regaining access (if necessary), reporting any losses, and what to expect in terms of restoration.

Please let me know if you have any questions, though.
Forum Avatar
Syndri
#18 - May 5, 2010, 7:45 p.m.
Blizzard Post
Q u o t e:
Lastly, I wasn't making threats of any kind, i read the Blizzard code of conduct before i posted. I will make a comparison. If a car dealership sold me a car with a door that you couldn't lock without telling me and my car got broken into and stolen and then horse beaten and stripped and the car dealership refused to accept any responsibility and also made it as difficult as possible to find out how to rectify the situation, i would do the same thing. Never purchase a car from them again and make sure people know what happened and persuade them from buying from the dealership.


You were threatening to cancel your subscription, Chillback. While the threat itself is victimless (though, I admit, I would be sad to see you go), it was still a threat. I was merely noting that such statements are not necessary in order to receive recovery and restoration assistance. We will provide that happily, without provocation. :)

Q u o t e:
It's called doing good business and the customer is always right.


Sometimes the customer is wrong. It would be remiss of us as a company to not acknowledge that. Why? Because then there would be no room for growth, understanding, or continued education. It's okay to be wrong, though. We've many representatives that are more than happy to help our players find an answer to a question, learn more about any particular aspect of any of our games, or simply correct a previous misunderstanding.

Now, stating that the customer is sometimes wrong isn't synonymous with "the customer is never right" or "Blizzard Entertainment is never wrong." Just like the absolute of "the customer is always right," those ideas would be just as poor an example to follow and would hinder positive growth in the same way.

Q u o t e:
If there is a way for anyone to prove this was in any way my fault (i left my own doors unlocked) i will wholeheartedly apologize and accept responsibility.


Unfortunately, since I do not have access to your computer systems, I cannot identify what the source of your compromise may have been. By providing recommendations for account security and reminding you that compromises occurs client-side, though, I'm not saying you were remiss in your responsibilities as an end-user—nor am I blaming you for your compromise. Sometimes accounts can be compromised despite our best efforts: we click on a site we didn't mean to, we accidentally forget to update Adobe Flash or our OS or our scanning software, or we log in from a friend's computer. These things happen and the best we can do is regroup, rethink, and (in your case) consider picking up an Authenticator. :)

Q u o t e:
Until then i believe it is the Company's responsibility to ensure the safety of its customers and their money. At the very least take the time out to explain the process of rectification before people start thinking that the company that they are sending their money really couldn't care less about them.


In terms of explanation, we've provided these various resources to help spread awareness about account security:



This resource, in turn, breaks down to the following pages:



We also have these pages on our Support site:



If you can think of any additional ways we could help educate more players, though, please let us know!

Q u o t e:
As far as i can see it, the steps Blizzard has taken to ensure the safety of its customers accounts via authenticator and Battle.net has proven itself to not add any safety at all. In fact it seems a higher percentage of people are getting hacked than ever.


If players elect to use the Authenticator, it provides a very real, very solid level of security. While it's no silver bullet—the Authenticator shouldn't replace system security and safe browsing habits—adding one to an account can significantly reduce one's chances of being compromised. Unfortunately, many players do not wish to use this device.

As for an increase in compromises? There's not really been one. Reports of compromises frequently come in waves, though, and you may be noticing that trend as it's cresting.

Q u o t e:
Blizzard stating there are just a handful of employees working in game and in the account office is not an excuse. Blizzard claims to have over 11 million subscribers At $15 a month that is more than enough money to have enough employee's to service all of its customers, not to mention all the authenticators and miscellaneous swag they try to sell at every opportunity.


Just a handful of employees? May I ask where you might have seen or heard this assumption? While we do have finite resources, there's certainly more than a handful of us employed in Blizzard Entertainment's Support department. Several hundred handfuls, in fact.

We are seeking to hire more representatives, though. We more than acknowledge that increased staffing is merited. If you know anyone's that interested, please encourage them to apply online:



Q u o t e:
I just got finished talking to a friend in game, they got hacked a couple months ago, and swear up and down they took every precaution necessary to ensure the security of their account. So she went through the process, got her stuff back, got a whole new computer with the latest firewall, virus scanner and spyware scanner and purchased a Blizzard account authenticator and dedicated the computer soley to Game playing, no downloads, no streaming videos, no email checking. Well guess what? She got hacked today and subsequently immediately deleted all 3 of her accounts.


Did she update her registered email address? Many who are compromised unfortunately don't think about this particular step and, as a result, are compromised a second, sometimes even a third time.
Forum Avatar
Syndri
#24 - May 5, 2010, 8:21 p.m.
Blizzard Post
Let's not direct derogatory remarks at one another. This recommendation goes for you, Chillback, and for other posters in this thread. Unfortunately, that sort of deviation can lead to the derailment of a thread and ultimately take away from any meaningful discussion. I understand you're concerned, Chillback, but I would prefer that you direct your concerns at me. If you have any issues with other posters in this thread, though, please tap the biohazard symbol and I'll look into your report.


Q u o t e:
I do know the internal numbers for compromises and there are more compromises now than ever before period.

And there are more active players playing right now than ever before, as well. Percentages are just as important a consideration as base numbers.

Q u o t e:
I got what i wanted, my post's expedited the process of getting my stuff back AND blizzard is sending me a free authenticator.


I'm not entirely sure what you mean by this statement, Chillback. For the account on which you are posting, there are no internal orders placed for a free Authenticator. With this, while your account is currently in queue for a compromise (escalated as per normal procedure), it doesn't appear to be expedited. Are you willing to elaborate further? Are you perhaps referring to a different account?

I can understand waiting for restoration is very frustrating, so please know that we will investigate and provide what restoration we can just as soon as possible.