Authenticator Error... But I Don't Have One

Q u o t e:
i'm getting this error message when i try to log on.

"Please activate the Battle.net Authenticator product attached to this account, and enter the six-digit digital code that it generates."

i was in a dungeon when it booted me and this is what i see when i type in my password now. the only problem is i don't own an authenticator. i never have. ever. i can't even log into my battle.net account from the wow webpage without it asking me for this code.

what gives?

Please check your registered email for a new password, Donn. This is indeed a compromise situation - whether or not they managed to do much damage is something you'll want to check into and report just as soon as possible.

It's also vital that you find the source of this. To add an authenticator, they had your password and ID. Making sure that cannot happen again is vital to this not recurring and them getting right back in.

This sticky should prove useful.

Computer Security Recommendations
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109

Q u o t e:
i checked my email and indeed received a link to reset my password which i did.

does this mean that the hacker will no longer have access to my account (main concern) and if not, after i complete all of my virus scans, will i be able to log back into my account without receiving the authentication error?

thanks for the speedy response.

That was removed. Of course, if they can get your information again - they could add another.

Remember, emails can also become compromised. You should be able to get back in the account at this point, barring them molesting it again with your new information.

If it's malware.

There are other ways this can happen, like a compromised or forwarded email.

If they are into your email - they can pull the new information directly out of it - just as you can.

Some even go as far as auto-forwarding emails so even changing the password isn't sufficient in those cases, they still have access to your information. I'd check that.

And no, just changing a password won't kick them out - but logging in will boot them offline.

Q u o t e:
i just deleted the email that contained the information about my (new) login information. i also changed my password for that email account (the server said it was a strong password). all from the clean computer. i'm currently downloading the client on this (clean) computer. hopefully they didn't ruin everything i've done over the years in a span of 4 to 5 hours. :/

That is one of the first things to check for when you get back ingame - damages. Those can be dealt with.

Generally, it's not really necessary for you to know the damages, we'll tell that from the logs.

There are a few things it's very helpful for us to know going into an investigation.

Were any professions tampered with?

Was there any guild bank involvement.

Most other things we can see. Now, that's not to say it's not a good idea for you to have some idea, just to double check once the restoration investigation is complete.

We do try to catch everything on the first pass, but characters/realms can occasionally get overlooked. We are always happy to take another look in those cases.

Not yet - not on this one.

You'll want to place an ingame petition so that can get started.

And yes, this has got to be the most frustrating and intrusive thing that can ever happen to a player, I do well understand that.

Our goals are to help you to keep it from ever happening again, and see what we can do to get you back into shape.

Restorations can never be guaranteed, but we do our best and promptly reported compromises usually have good results.

Q u o t e:
i'll open a ticket in-game when i get home in a couple of hours. that's the best i can do concerning time.

you said the authenticator message should be gone (assuming the hacker hasn't already obtained the new one). i'm guessing that contacting billing at this point would be moot?

thanks again for the speedy responses and your help.

Aye, unless it shows back up or you cannot access the account, that's not necessary.

You may see that on the login screen, just ignore it.