Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Account Security in a Battle.net WoW

Forum Avatar
Iscalio
#0 - Oct. 22, 2010, 5:22 a.m.
Blizzard Post
This is the first time I've bothered to get on the forums in some five years of playing World of Warcraft. The reason is, that my wife's account was hacked and temporarily suspended while we were off line, if barely. The hackers merely rolled level 1s on a couple servers we don't play on, apparently to help transfer some gold (who knows).

Now, we haven't bought gold, paid for any leveling services or purchased any service or good whatsoever from out-of-game sources. Yet we got hacked. Then suspended. This never happened to us while playing City of Heroes, Everquest 2, Eve, or any number of other online games. AND, this never happened to us on WoW until now, post battle.net. Additionally, Blizz didn't have (and I'm guessing need either) an efficient item recovery mechanism for when people get hacked until after battle.net.

Has blizz come out and admitted to their mistake (forcing everyone onto an unsecure registry system)? I'm new to the forums, and am curious about that. Why should we be punished for blizzards inability to provide security with their service? Well, I'm just coming on to highlight your mistake with my experience blizz, and assert that our patience is thin for this sort of thing. You might be the biggest fish in the sea right now, but it's still a very competitive world out there, and if this is your idea of a good overall product, you have some re-considerations to make in our opinion.

To end I'll say the game devs have gotten plenty right with the game. The gameplay has always been a strong suit in WoW. Security, however, is essential to all other experiences in the context of online gaming. We put our time into the game, into our characters, and comply with your rules of play. The assurances need to run two ways.
Forum Avatar
Orlyia
#2 - Oct. 22, 2010, 5:58 a.m.
Blizzard Post
Iscalio,

The cretins that steal accounts to strip or use are after one thing - money. Given we have 12 million players and none of those others games have nearly that many customers, WoW accounts are ripe targets simply because they have potentially more 'customers'. While you may not have dealt with them, they and their customers are indeed the root cause of compromises and folks like yourself become targets.

If you ever hear anyone say that buying gold or services doesn't hurt anyone, well - you now know firsthand this isn't a victimless crime and feel free to tell them so :)

Now, I'm not sure where you got the idea we didn't have a recovery system prior, this has been an issue we've sadly had to help our players deal with for years and we've always helped with recoveries anytime we can. Promptly reported compromises usually have good results.

As noted above, this system is superior to the old as you can essentially change your account name with an email change. That was never possible before.

What we have seen a lot of are cases where players use the same password for everything - other games, websites, email, etc. That can become a crime of opportunity if any of those other sources are breached, they WILL test that combination if they get their hands on it. That's just not good from a security point of view. Your passwords need to be unique to an application, and having an email for only WoW is also not a bad idea at all. Don't use it to correspond with friends, don't use it for websites, nothing but your WoW account.

We developed the authenticator over 2 years ago to help our players add an extra layer of security to their accounts and have continually done our best to help educate players on good security habits. Ultimately, security of an account is in a player's hands because there is only so much we can do and the security of your system, email and password is simply beyond our ability to impact directly. Those are all up to the player.

I know it's frustrating and you may not know where the breach occurred, but it's vital it's determined. If it still exists, they WILL be back.

This sticky may be useful.
Account Recovery Form
http://forums.worldofwarcraft.com/thread.html?topicId=26859148968

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109

Our end is secure, but there are a myriad ways that these thieves trick, steal, and scam players out of their information. Malware is one of the more common methods, but social engineering is right up there with it. Phishes are numerous, always ALWAYS look at the internal header of any email to determine the true sender.

I do wish you all the best, if there have been damages to the account, please do let us know right away.