Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Just now Hacked! I'm using an authenticator!

Forum Avatar
Cuddlemuffin
#0 - Aug. 10, 2010, 1:45 a.m.
Blizzard Post
My account has been compromised and the hacker is online right now. i cant log into my account, and I;m using an authenticator. What should I do?
Forum Avatar
Orlyia
#23 - Aug. 10, 2010, 7:08 a.m.
Blizzard Post
Cuddle, are we talking about the account you are posting under? I'm seeing something totally different here.

Want to be sure we are discussing the same account first.
Forum Avatar
Orlyia
#27 - Aug. 10, 2010, 12:45 p.m.
Blizzard Post
Thank you, wanted to be absolutely sure we were discussing the same account.

On 12/28/2009 a mobile authenticator was placed on this account.

That was removed 3/5/2010. There has not been one in place on this account until it was added again on 8/9/2010 - the exact same serial number, the same authenticator was reattached.

Unfortunately, the malicious access seems to have occurred on 8/8/2010.

I'm just not seeing any type of authenticator on this account between 3/5 and 8/9/2010.
Forum Avatar
Orlyia
#30 - Aug. 10, 2010, 1:04 p.m.
Blizzard Post
I see.

Well, this access doesn't pop right out as exploitative, but it easily could be.

It also looks like it started just prior to your authenticator being re-added.

While it's possible you did suffer from one of the rarer attacks, this looks more to be someone was logged in just prior to your re-adding your authenticator and simply stayed on till they were done.

Adding that - or even changing your password won't necessarily knock them offline.

I'd still do all your scans, etc. This is currently in process for a restoration investigation.
Forum Avatar
Orlyia
#34 - Aug. 10, 2010, 1:18 p.m.
Blizzard Post
Well, it's likely to make sense to our techs, or some of our more tech-savvy regulars here.

That's not really my forte.

One of the hallmarks of that kind of attack is not actually connecting and getting ingame yourself, so that could be.

Have you downloaded any addons - you may have hit a fake site. Most reports of that particular situation seem to have that in common - they setup a fake site, sponsor it as a top search engine link and doctor that addon.
Forum Avatar
Orlyia
#36 - Aug. 10, 2010, 1:28 p.m.
Blizzard Post
That SHOULD be caught during the restoration process.

Please don't touch him till that is over - and if by some stretch it gets missed, do let us know.
Forum Avatar
Orlyia
#38 - Aug. 10, 2010, 1:35 p.m.
Blizzard Post
Q u o t e:
ok, I'm just making a quick on my characters to survey the damage which really doesnt look that bad. I'm curious though, is there any way to be 100% sure my computer is safe now?


Sadly, if a computer is hooked to the internet - that can never be 100%.

Please, please don't remove that authenticator going forward :)

Also, if you ever run into the situation again where it's not letting you log-in like that, you'll know immediately something is up.