Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

What is going on with my account??

Forum Avatar
Risq
#0 - Aug. 30, 2010, 4:48 a.m.
Blizzard Post
I'm not sure what to do anymore. And I'm pretty much going to give up.

My account got stolen not hacked.

Here's how I'm sure:

When you reset a password or have one reset you get an email that says:

Battle.net Account - Password Recovery (if you request to have it changed) or you get Battle.net Account - Password Change notice.

I got neither. I canceled my account thinking to wait for the new expansion, and since I wasn't playing much, I canceled it to wait back in January. So I've not played or logged on since then. Not one time. No one but he has ever logged into this account.

Friday I get an email out of the blue that says:

Battle.net Account - Password Rest

Now not Change, not recovery, but "RESET".

So at first I ignore it believing that its a PHISHing scam since I've not logged in in over 7 months. I mean how could anyone have my account. But 13 minutes later I get this one:

Account suspended for 3 Days for TOS violation.

Ok, now I'm lost. Not only did I "NOT" log on. But I got suspended. I change my Password to a 10 character alpha/numeric/2 Special Character password and think that's it right? No, 8 hours later I get another:

Battle.net Account - Password Reset email.

Again, no recovery first email, no Change notice email like when I do it, but another RESET notice.

I then go through getting Blizzard to check my account. They say that it was accessed by someone not me. I go to Wow Heroes and see that all five of my level 80 characters have been looted. Now remember at this point I've "STILL" not logged back into the game in 8 months.

I go through resetting it to a 15 character alpha/numeric/Special Character password. I wait, my account gets reset, and get what I found in my in box about 10 minutes ago???

ANOTHER FREAKING RESET EMAIL!!

And I've yet to log into the game in just shy of 8 months.

I've not be hacked by a keylogger, unless they sat on my account for 7 1/2 months waiting to bone me. I've not clicked on any links from emails because I had an Inactive account and I just ignore them.

So why is my account be reactivated, with no credit card attached to it mind you, and my characters being repeatedly looted and used to move gold??

Do I have to call CS on the phone and find out what is going on???
Forum Avatar
Orlyia
#17 - Aug. 30, 2010, 8:02 p.m.
Blizzard Post
It's a fallacy that an account is necessarily used right away when compromised.

Sometimes they simply have no need of one till later - and will press it into service then.

I can't tell you how this happened, other than outline some of the more common causes. Malware, phishes (social engineering) and compromised emails are at the top of the list.

I do notice here back in January there appears to be access from another access point - that was on January 7. Did you by chance ever access from another system - even once? That could have been the one with a security issue.

Don't discount an email breach. One advantage of Battle.net is that you can change your email and essentially change your account name. That was never possible under our old system.

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109


Forum Avatar
Orlyia
#19 - Aug. 30, 2010, 3:11 p.m.
Blizzard Post
Up to early January, that all matches fine - and yes, it's not uncommon for players to access from multiple locations - home and work for example.

This issue started 8/26/2010. That doesn't mean that's when they got hold of your information - just when they first accessed the account.