Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Email changed on account

Forum Avatar
Vuitton
#0 - Nov. 13, 2010, 3:22 p.m.
Blizzard Post
I have preivously been hacked twice. Both times were when I got complacent with not having my authenticator on my account and I shared a password with other sites. That is not the case for this instance at all. I was using a password that is used nowhere else and an authenticator. Recently I switched to the dial-in authenticator. In the last few months I only log in from a single location.

Well I wake up this morning to my email on my account has been changed to a hotmail address. I've just completed a full scan of my system with both Malwarebytes' Anti-malware scanner and Symantec Anti-virus with no result of anything unusual.

My main email address provider, Gmail, keeps track of IP's that log into my mail and no unusual IP's have accessed my email account in the last 24 hours. Also the only email I got indicated that the email address had been successfully changed.

#1 I guess the mobile authenticator failed to prevent this hack attempt. - There is absolutely 0 chance this is an inside job unless I have someone living in my attic I don't know about.

#2 I'm absolutely flabbergasted how this is happening considering I'm constantly checking for keyloggers, I was using the actual authenticator before and switched to the dial-in about a week ago. I was using a different password than anywhere else.

I'work in IT so I do understand how these things can happen, but I think a lot of people underestimate the ingenuity these hackers have at getting access to your account.
Forum Avatar
Harlsoco
#3 - Nov. 13, 2010, 3:47 p.m.
Blizzard Post
Q u o t e:
#1 I guess the mobile authenticator failed to prevent this hack attempt.

Let me clarify – the Mobile authenticator and the Dial-In authenticator are 2 different authenticators entirely. You mentioned you have recently switched to the Dial-In version. Bear in mind that the Dial-In authenticator will only block a player if the log in to the game appears to be suspicious. If the log in does not appear to be suspicious then you will not be prompted for a PIN. On the other hand, the Mobile authenticator will prompt for a code each and every time a log in is attempted regardless of location.

Now, with all of that said, I can confirm the email has been changed on the account, however I do not show the game being accessed from the malicious party at this time.

If you have not done so begin by submitting the Account Recovery Form. A Game Master will then conduct a more thorough investigation to determine if any items, gear, gold, etc are missing from the account.

Account Recovery Form
https://us.battle.net/account/support/account-recovery.html

You may wish to consider removing the Dial-In authenticator and go back to the Mobile authenticator so the 8-digit code is required at each log in.