Password Changed - Have Authenticator

#0 - Sept. 4, 2010, 12:08 a.m.

So I logged in a few minutes ago to this.

ï»¿Hello me,

This is an automated notification regarding the recent change(s) made to your Battle.net account: "my e-mail".

Your password has recently been modified through the Account Management website.

*** If you made this password change, please disregard this notification.

However, if you did NOT make any changes to your password, we recommend you contact Blizzard Billing & Account Services for assistance keeping your account as secure as possible.

For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Sincerely,
The Battle.net Account Team
Online Privacy Policy

I attempted to log in and sure enough my password did not work. But the weird part is I have an Authenticator. I figure my problem is I rotate my password to avoid such an issue even though I have an authenticator. But the password I was using was the password I had when I got hacked a while back. Anyway my concerns are I've run a virus scan and show no keylogging or trojans. There was no prompt to change my password, it just merely stated that it was changed.

Btw the e-mail is legit as it matched the one I got after I changed it to something else. Even the links (which I did not click but hovered over and it read battle.net as the destination address.

Side problem is my Wows launcher seems to be broken as in it's not doing anything and it's frozen. I have to ctrl + alt + delete and force close it. I'm going to run a repair. But as far as I can see all my characters have their gear.

It's just very odd to me. I'm a very cautious person. I'm not stupid enough to fall for phishing scams. I have a anti-virus that runs 24/7. And yet this still happens. On top of me having an Authenticator and them bypassing it.

My final words. Blizzard, when someone has "forgotten their password". Make it so that it doesn't just need your First and Last name. That's obviously easy to obtain. Please add the need for the Authenticator code as well when prompting for password change. That would have saved me a world of trouble.

#8 - Sept. 4, 2010, 1:17 a.m.

Though an Authenticator is an excellent extra layer of protection, Gluttony, it does not make you immune from all attacks.

If someone had access to specific account information such as the e-mail address, name and the answer to your security question and they have access to that e-mail address they would be able to attempt a password retrieval.

This would send an e-mail with a confirmation link to the registered address, if they have access to that e-mail address they need to click on that link which would then give the option of selecting a new password.

Information like this is rarely gathered from a keylogger or other malicious program, though it is possible. It is usually gained by the registered user providing the information either by knowingly sharing the information or by answering a phishing e-mail.

Since you believe your system is secure, Gluttony, if you have access to the account in question I would take this opportunity to change your e-mail address.

Q u o t e:

My final words. Blizzard, when someone has "forgotten their password". Make it so that it doesn't just need your First and Last name.

As outlined, it takes a bit more then just your first and last name. :)

Good luck.