Blizzard dropping the ball on security issues

#0 - May 21, 2010, 6:05 p.m.

For 3 weeks i have been getting emails about my account being under investigation for trading /selling my account and possible gold buying/selling. For the last three weeks every day at various times i try to contact, by email or phone about this to verify they are sending me these emails. You see my account did get hacked about 2 months ago. it got suspended because of some seller using my account to spam. I got it back. I changed my password. Kept getting emails about illicit activity on my account.. so i changed the email address( using an email address for a login is just screaming "HACK ME". Needless to say ALL my attempts to verify all the very THREATENING emails i was getting i had no response from Blizzard.. I can never get through to them on the phone, they wont let me stay on the line till someone is available.. so yesterday i received a really threatening email. I responded and now I have a damn authenticator on my account..

Flag this messageBATTLE.NET-Account Under ReviewWednesday, May 19, 2010 5:16 PMFrom: "[email protected]" <[email protected]>Add sender to ContactsTo: <removed>
Greetings,
An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of,this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use
The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.

In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage: http://www.worldofwarcraft.com/account

Blizzard staff will verify your account information submitted in two days, please do not modify your account information during this time . It will not affect your game uptime.If you are unable to successfully verify your password . using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at [email protected]. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Regards,

Account Administration
Blizzard Entertainment
http://www.blizzard.com/support/wowindex/
and here is another one:

Flag this messageAccount Registration Verification‏Thursday, April 22, 2010 12:19 AMFrom: "Blizzard Entertainment" <[email protected]>Add sender to ContactsTo: <removed>Hello

World of Warcraft -Legal - End User License Agreement
and Section 8 of the Terms of Use:
Blizzard Entertainment ->Legal - Terms of Use
A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions.If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account. This is an automated notification regarding the recent change(s) made to your Battle.net account. An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use

The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.
In order to keep this from occurring, you should immediately verify that you are the original owner of the account.

To verify your identity please visit the following webpage: << removed >>
Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.

Sincerely,

Account Administration
Blizzard Entertainment

Number 1 , have you noticed since Blizz had us use our EMAILS as a log in more and more get hacked??? BTW those came to my old email , i had changed my email 3 weeks ago.
How has Blizz dropped the ball? for one making us use emails as account names.
2- they are not that easy to get a hold of to verify such emails being sent.. because nope i do not want to ignore and email from them and my account gets banned ect.
3- When a PAYING customer chooses to phone Blizzard to verify such possible actions on their account. Blizzard should let them, if we think staying on the phone for 4 hours or more to get this taken care of is important.. SO SHOULD BLIZZARD. The inability for a customer to do so is negligence on Blizzards part. Making Blizzard subject to claims of negligence.

again, I have patiently tried to contact Blizzard about these emails, with no response from them and nowunder the threat of my account being banned, I have an unauthorized authenticator on my account.

Blizzard stop harping and nagging your consumers about account security, when you need to clean up your own backyard.

Malkorix

#44 - May 21, 2010, 6:57 p.m.

Q u o t e:

Again these started really coming in after I changed my email address.. and for the following weeks in vain I have tried to contact Blizzrd with no avail.. in the past 3 to 4 weeks I should have established some contact with them over my daily attempts ( sometimes 2 to 3 times a day), but nope, they are unreachable. And the links that i did click are blizzard links,which means Blizzard's web addresses are not secure.

Q u o t e:
What you may be saying maybe true, but again , I should be able to have some rapport with blizzard on verifying the emails. And that isnt possible.

Please refrain from posting your email address in a public location - doing so is a security risk and exposes you to even more phishing messages. I'd also like to point out that if you were experiencing any issues contacting our staff directly, we do have self service venues via which you can find out about such emails.

There's this sticky, which not only includes examples of phishing emails, but also a first post which details the steps you can take to determine the legitimacy of a suspicious email:

Fake E-mails from "Blizzard Entertainment"
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1

In addition, there is this support site article which also provides guidance:

How to Identify Fake or Phishing Emails
http://us.blizzard.com/support/article.xml?articleId=25133

Finally, a thread on this forum itself would generate a rapid response regarding whether a particular message is genuine.

Malkorix

#48 - May 21, 2010, 6:59 p.m.

Q u o t e:

It is doubtful that the author has a Malware infection at this point.

He went to a phishing website and submitted the information.

Regrettably, this is probably so. In such a case, now would be a good time to consider reviewing our information regarding account compromise here:

Account Hacked? Security Issue? Look Here!
http://forums.worldofwarcraft.com/thread.html?topicId=24702231244&sid=1

Malkorix

#117 - May 21, 2010, 7:53 p.m.

I fear that you missed my most important post in this thread, Thondar. It includes the various venues via which you might have received immediate help from Blizzard Entertainment, even without making contact with our staff:

http://forums.worldofwarcraft.com/thread.html?topicId=25026562857&pageNo=3&sid=1#44

In addition, it does not take 'weeks' to get in touch with our staff =/. I don't know what gave you that impression, but I assure you that it is not the case. An in-game petition or email to [email protected] could have delivered you an answer in a considerably shorter period of time. Some patience and persistence in calling our Account Services telephone line will deliver support even sooner.

Finally, I recognize that you are frustrated and that the ongoing debate in this thread is probably only making you more frustrated than you were earlier. However, comparisons between an Authenticator - a measure we've invested considerable funds and effort into providing, and 'protection money' are frankly insulting, and I'll thank you to please leave off of that metaphor immediately.

There is a charge for the physical device because they are purchased from a third party, and the systems associated with them (run by this third party) require maintenance. We swallow the costs of shipping them domestically. We do not charge for the Mobile Authenticator, or charge very little, based on certain restrictions. They are measures simply to help our players secure their accounts, and nothing more.

I will unlock this thread, but I'd like to ask everyone involved to please take a few breaths and post with measured courtesy and consideration moving forward.

Thank you.

Malkorix

#121 - May 21, 2010, 8:16 p.m.

Q u o t e:

If they did provide an Authenticator in every boxed copy of the game, then every copy of the game would cost $6.95 more. However they can’t even if they wanted to they do not own the copyright, nor do the manufacture them! The company that does has more important customers, Banks, Governments, and other business that need informational security. Because of that they limit how many they let Blizzard, a game, company have out of each batch.

Indeed. While we have been able to address some of the supply based issues that were occurring, we still do have limited access to the number of physical Blizzard Authenticator tokens available.

Malkorix

#123 - May 21, 2010, 8:20 p.m.

Q u o t e:

Btw have posted on tech forums about 3 hours ago, still have unauthorized authenticator on my account.

Did you post from the compromised account? From their FAQ here:

Q u o t e:
4. Can I post from a friend or family members account to have the authenticator removed from my own account?

No, we can only remove an authenticator from a compromised account if you are able to post from the affected account. If you can't post on the forums you will need to contact the Billing and Accounts department via phone or email.

Also, it can take some time before a representative is able to address your concern. There are likely others waiting for service as well.

I'd like to take this opportunity to issue a reminded that I did not unlock this thread so arguments could be continued or so that someone could have the 'last word'. I unlocked it to allow for civil discussion and dissemination of useful information.

Malkorix

#127 - May 21, 2010, 8:34 p.m.

Q u o t e:
but yes the thread can be locked, i see it has 6 pages.... 5 are full of lfamers. just trying to get the unauthorized authenticator off my account..

I respect that goal. To suggest that the conflict did not pass in both directions is hardly meritorious at this point.

Unfortunately, it has become clear that full cooperation with the goal of civility is not going to be forthcoming, so I will be locking the thread permanently at this point. I wish you the best of luck on a swift resolution to this situation. With a little luck our staff will be able to help you make a full recovery and get you back into the game soon.