Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Account hacked and banned while inactive

Forum Avatar
Falkyre
#0 - Oct. 19, 2010, 7:36 a.m.
Blizzard Post
This is a post on behalf of my brother (who's account is paid for via my credit card), Dagarin on Saurfang. His account was canceled in early March 2010, and became inactive at the start of April 2010 once the billing cycle ended. He received an email from Blizzard on the 15th of August 2010 stating that "Due to suspicious activity" his battle.net account had been locked and that action was required from him. However due to a large influx of fake blizzard emails about cataclysm and starcraft 2 at that time, and because he knew his account to be inactive, it was suspected of being a scam email and ignored (though he changed his email password as a precaution).

So fast-forward to yesterday when we're re-activating his account for the lead-up to Cataclysm's release, and he finds that he cannot log into his account. So he uses his security answer and resets his password. Once he finally logs into the world of warcraft account management site, it notifies him that his account has been banned.

An email is immediately sent off to the address provided explaining much of what i have said above, and asking how he is able to have his account re-instated. We also initiated an "Account restoration request" as suggested for when you believe your account was hacked. To this we received a somewhat confusing email from a Game Master, suggesting that as the account was compromised over a year ago (which it wasn't? According to the emails it was compromised in August 2010) they cannot retreive any data. This is doubly frustrating since his main character, complete with armour, achievements, and statistics is still currently viewable on wowarmory.com.

Being in Australia, it's somewhat awkward contacting Blizzard via phone (though we have tried, and will try again) due to time-zone and work commitments clashing with the typical hold-time. I feel that we're not getting anywhere at all with the email correspondence we've received, and so i'm hoping that someone here can help us out. It's a very frustrating situation and we'd very much like to get it resolved, with his account being re-activated (and an authenticator being attached to it, which we have at the ready now).

Any assistance would be greatly appreciated.
Forum Avatar
Orlyia
#1 - Oct. 19, 2010, 7:48 a.m.
Blizzard Post
Well, I am rather limited in what I can discuss with a 3rd party, but having your brother contact Billing would not necessarily be a bad idea.

Not sure where 10/15 comes in, I see no email dated that. I see 10/18, when this was reported as compromised.

The initial intrusion looks to have been done in April, with the damages and closure done in May of 2010.

At this point it looks like we are awaiting confirmation from him that his system and email are secure to unlock this account. That is VITAL. If they still have a way to obtain his information, they WILL be back.

The instructions for that should be in one of the emails we sent on 10/18. Is that information at all helpful?
Forum Avatar
Orlyia
#3 - Oct. 19, 2010, 10:45 a.m.
Blizzard Post
Q u o t e:
Thankyou for the prompt reply and the information, Orlyia.

He has changed the password on his email account again, and has now added an authenticator to his battle.net account as well. His system has been formatted, and he's installed the latest version of Microsoft Security Essentials and Malwarebytes as well, just to cover all bases there too.

He's proceeded through that email that was sent and it appears that the final step involves mailing away photo ID etc to Blizzard. Is confirmation by him that he has secured his email, system, and account enough to proceed to having his account unlocked at this point? Or does he indeed need to mail away identification?

Either way, I believe he's going to attempt to call at 1am tonight local time so he can catch the opening time of the call center.

Thanks again, you've been most helpful.


It might be best to call first. They are asking for ID because it's fairly obvious his email was compromised and we have to be positive we are really talking to the account holder and that the compromiser isn't the one trying to get back into control of the account.

They may be able to do this by phone, if not, they'll certainly inform him of the next steps he needs to take.