Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

PW reset bypassed authenticator?

Forum Avatar
Twinflame
#0 - June 21, 2010, 10:10 a.m.
Blizzard Post
My password was reset tonight by someone other than myself. My YIM pop-up notification let me know when I got the auto-email from Blizz about it, so I went in and re-reset it and changed it to something completely different. After that I went through the usual steps to secure my account and system as though I had been compromised.

This boggles me for two reasons; the first is that I received a "password change notification" shortly after the password reset one, which makes me suspect someone was trying to lock me out of my account. The second and more important reason is that I do have an authenticator on this account.

I logged in afterward and found all my characters, gear, etcetera intact, so I'm not overly worried. My hope is that it's no big deal and someone at Blizz was just poking my account for some reason or other.

I thought it would be wise to inquire anyway. So, please, what's up with this?
Forum Avatar
Orlyia
#1 - June 21, 2010, 10:53 a.m.
Blizzard Post
Password resets can be done with enough information, and they may be inconvenient - but they shouldn't be able to get into your account even presuming they got their hands on the new password.

With enough information they can ask. You might want to consider changing your email - which also effectively changes your account name with Battle.net.
Forum Avatar
Orlyia
#4 - June 22, 2010, 10:33 a.m.
Blizzard Post
Q u o t e:
I've changed my email now, to an email address created just now exclusively for this purpose. It doesn't sound unreasonable that someone got ahold of my email and other info, considering the digital trail I've left on the internet over the past decade.

But I'm still a bit confused about my password being changed. It wasn't just reset; it was also changed to something else. Is there any way they could have done this other than hijacking the email that Blizz sent me after they reset it?


They would have had to have more information than they should to do that.

Setting up a new email is good.

Still - with an authenticator, passwords won't do them any good when they hit the code challenge. They may cause a bit of inconvenience and mischief, but they shouldn't be able to actually get into the account to do any damages.