WoW Account Hacked – This Just Keeps Happening

Another friend and member of our guild who had been out of WoW for a while just went back to re-up to play with a friend, and was greeted by this:


Somebody got his account information, somehow, and then used the account in such a way as to get it banned.

Unlike the last guild member who got hacked, this time the guild vault did not get looted.  Instead, it seems that they just used the account as a gold selling mule for a while… his characters were probably spamming gold seller URLs in chat for a while… until Blizzard turned off the switch on the account.

After an hour on hold, the Blizzard rep began the process of restoring the account.  The rep told my friend more than once that Blizzard is getting very good at restoring people’s accounts after such an event.  No doubt they get a lot of practice.

And my friend now has the phone version of the Blizzard Authenticator set up.

Another tale to remind people that, yes, this might happen to you.

23 thoughts on “WoW Account Hacked – This Just Keeps Happening

  1. Snafzg

    My account was active for two weeks and someone added their own authenticator to it. I had never had a single game account hacked in my life so I hadn’t bothered adding one myself.

    I sent in a Web ticket and immediately began calling Blizzard support. I never got through after two days of trying. Every time the hold queue was full.

    This was just last week.

    My guess is this happens A LOT too! :P


  2. Snafzg

    Oops, I forgot to add that they did eventually fix it through my Web form ticket. I’ve added my own Blizzard Mobile Authenticator to it so I hope that will protect me from future hacks.


  3. ~ elle

    My accounts were closed and a hacker broke in reactivated the accounts, put an authenticator on it and started to prep my characters for sale. Lucky I monitor my email daily and caught them early since my warlock was already in the process of transfer.

    Called customer service and after an hour wait got everything straightened out. Blizzard is good at restoring accounts but they aren’t good about what happens afterwards. I had huge headaches with questions regarding my authenticity of ownership, then with blizzard wanting me to pay for the months that the account was used even though I wasn’t the one who reactivated.

    All this could have been avoided if they had put some thought into the battlenet login and used our WoW usernames instead of email addresses.

    Yes, I was forced to add an authenticator to protect accounts that I don’t have active just in case I want to return later….pfffttt.

    /rant off =)


  4. Thomas

    My friend who was against using an authenticator has finally bought one. Several of his guild mates got hacked recently. I am glad I got mine last year.


  5. Stephen

    @elle same thing happened to me. my account had been closed for over a year. the credit card tied to it wasn’t even active anymore. They added an authenticator, game time and even added the lich king expansion to my account before getting banned for who knows what. Blizzard got my account back in about a week.


  6. Reatu Krentor

    Blizzard and their insistence on using an email adress as your login, it’s dumb. The way it was before was much much better and safer. With the email being the login they now have 2 avenues to hack an account, the account itself and the email it’s linked to. /o\ stupid.


  7. PeterD

    @Dril, yes, because it’s perfectly reasonable to expect people who aren’t even playing the game to pay Blizzard money to protect the account. *boggle*


  8. kaozz

    I won’t play without an authenticator anymore. While in the past I’ve ranted about having to have one but the extra safety is well worth it.


  9. Stabs

    I don’t play WoW any more but all these stories (and the constant bombardment of phishing attempts) makes me a little reluctant to go back for Cataclysm.

    I think they’re daft not to make the authenticators free. It’s their job to offer a secure gaming experience and if they can’t there’s tons of people who can. Even if you buy an authenticator WoW seems less safe than just about any other MMO and if you don’t buy one you may as well trust Nigerian princes who want to borrow your bank account.


  10. Pai

    I solved this problem easily: I set up a gmail account JUST for my account. I never use it for anything else. It’s password is very different compared to any others I routinely use, as well.

    That way I know the instant I get a ‘Blizzard email’ on any of my ‘real’ email accounts, that it’s a fake. Also, there’s less chance of it getting hacked since I’m not routinely using it’s information.

    More people should do this, as well as get an Authenticator. WoW accounts are far too valuable nowadays — hackers are being very aggressive and smart in trying to get your information.


  11. Dril

    @PeterD: Golly, all SIX of my hard-earned pounds to protect hours of investment that I might come back to at any point. If people don’t want to do even spend that much then they might have the calibre to do something about it, like do as Pai says, scan their computer or take any number or logical and easy steps to stop themselves from being hacked.

    I was hacked two years ago, before authenticators were about, and once they came out I immediately bought one. I didn’t change my password at all before I was hacked, and my login was commonly used, along with the password. It was entirely my fault, I didn’t scan the PC daily. If people don’t take steps to protect themselves despite all the horrors stories, especially with the easy authenticator fix, I’m not really shedding a tear for them, especially if they try and shunt the blame away from themselves.

    It’s a crap-attitude stance I know, but, well, it’s what me thinks :P


  12. Carson

    @Dril, is it possible to attach an authenticator to an account without re-activating it first? I’d assume not. So it’s not just six pounds.

    Living in Australia, and thus subjected to ludicrous postage & handling charges, I think it would cost me about $US37.00 to harden up my (currently inactive) account with an authenticator. No thanks.


  13. Wilhelm2451 Post author

    @Carson – The Authenticator is associated with your account and you can apply it any time you want, since that account is “live” whether or not you are paying a subscription.

    $30 US in shipping and handling sounds like an exaggeration. But I’d have to go create a account with an Aus address to see, and I’m really not that interested. If the final charge is that high though, I am going to guess that the Australian government is taking their cut in duties. If so, go complain to your parliamentary representative.

    Either way, you have to make the call on the value proposition of an authenticator. If it costs you $37 to get one, but you figure your time and effort dealing with Blizzard customer service will be worth less than that should your account get hacked (which is far from a certainty), then that wouldn’t necessarily be a bad economic decision.


  14. Carson

    @Wilhelm2451 – I wish it was an exaggeration! Actually it’s $6.50 for the authenticator, $20.68 for shipping and handling, and – if you had to re-activate the WoW account – another $14.95 there, for a grand total of $US42.13.

    Nobody seems to know why the shipping is so expensive. There’s a rumour that it’s due to US control on exporting cryptography devices, but that was just forum talk, so who knows?

    However, if the authentication is associated with the account rather than an active WoW subscription, and especially if you also have a phone that can run the mobile authenticator app, then it becomes a no-brainer, securing an inactive account shouldn’t cost nothing more than a little time and effort.


  15. Carson

    UPDATE! Yes, if you have an inactive WoW subscription and a phone capable of running the mobile authenticator app, then yes, it really IS just a matter of a little time and effort to secure your account. I just did it.

    Visit the account management. Select the menu option to add a mobile authenticator. It sends an email to your registered email address with a link to add the authenticator. Download the app onto your phone. Run it. It gives you a unique serial number for the install. Go to the link you were emailed, enter than serial number, enter the current code from the authenticator app, and bam! You’re done. Didn’t take even 5 minutes.

    So thanks for posting this topic, Wilhelm, and letting me know that there was action I could take despite being one of the “unsubscribed until Cataclysm” crowd. :-)


  16. Terppy

    Yeah, for almost a year now my account was un-active and now I get emails saying my account is banned and than unbanned and than banned once more. I really don’t want to waste my time talking to blizz on the phone just so they know it’s the my account and not the hackers. And tell me what the authenticator code is and blah blah blah. I don’t care much about WoW anymore. It was in my game addiction days :P. But I am pissed about the hacker doing all this.


  17. Stephen Flaum

    The only way to play Wow safely is with an authenticator. Since I understand computer security, I thought I didn’t need one, but I was wrong. Here’s my story.

    My account was cracked. I reported it to Wow, so they restored my stuff and gave me the usual story: don’t give anyone your password, use anti-virus software, etc. However, I had followed all of the good practices. I never share my password. I used KeePass to generate hi-entropy passwords. (In other words, I used a randomly-generated password.) Every account, including WoW, had a different password. I never wrote these passwords down, but instead stored them in KeePass’s software safe; this had its own password, which I memorized.

    I access the internet only through a Sonic-Wall, corporate-quality hardware firewall with automatic anti-virus updates. Behind this I have Symantec Endpoint anti-malware software; again, this is corporate quality software, not consumer, and it has a current subscription which automatically updates virus signatures. In other words, I have redundant, professional-quality anti-malware protection. Other than the WoW account cracking, there was no symptom of malware getting past all this.

    Anyway, after the cracking incident, I followed WoW’s advice to run a virus scan while their login screen was open. This confirmed that I had no key loggers or other malware.

    While this was going on, I changed my Battle.Net password several times, always using KeyPass’s random generator. After each change, my account was immediately cracked.

    I told WoW tech support all this, so they said my email had been cracked and someone had sent these passwords via the cracked email. However, this cannot be. I own a small business with its own domain and I administer the email accounts myself. I confirmed that there were no redirect or forwarders except those I had placed. Anyway, no one had ever emailed any of my passwords, much less all of them in sequence.

    Each time my account was cracked, Wow restored my stuff. However, they also sent threatening emails and sometimes locked the account for a while. It’s one thing to send an email suggesting security procedures and pointing out that WoW doesn’t accepts liability for cracked accounts. Repeated emails that sound as if they were written by the Mafia’s protection-racket department are something else.

    By now I realized that WoW accounts cannot be secured by the user. The cracking has something to do with Wow, not only their clients. I should then have bought an authenticator – they’re pretty cheap.

    However, I had become tired of being threatened. Therefore, I cancelled my WoW account and have been playing LOTRO instead for the past couple of months. My account hasn’t been cracked and LOTRO doesn’t send me threatening email.


  18. bob

    my account had no time and it got hacked and then banned for something i did not do. it had not been active for over three months and no time was added before it got banned. how did i get banned?


  19. mark

    100% agree the security problem is from within WOW! I was in my email while my account was being hacked and password changed, and the hacker changed my password WITHOUT going through my email as WOW was claiming.

    This account was being hacked from within WOW! I am certain of it!!!

    Because of their lies and refusal to face the fact that the security problem is coming from within, I have permanently closed my WOW account and vowed never to play WOW again!


  20. Anonymous

    I am also a member of the “hacked while unsubscribed” club , so far Bliz have offered no apology or explanation as to how an unsubscribed account can be accessed from outside . Their solution was to re-subscribe (at a cost of course) to have my account reactivated so that “most” of my items could be restored . Smells very fishy to me and strange the number of stories on the net that are disturbingly similar to mine . Bliz would never publicly admit any internal security issues . I voted with my feet and will never re-sub or support any other blizzard products . Blizzard , you have a hell of a lot to learn about customer service .


  21. David Deitch III

    90% of warcraft acounts are not hacked they are stolen via the blizzard phone service. due to upgrade issues with the blizzard phone acount software scammers can ring unlimited times with your real id full name and email and make attempts to fool an operator into changing your email address. as real id contains your full name these scammers will have searched for your facebook for additional information. once they fool an operator this bypasses authenticators and mobile devices and passwords as they can login via the new email and remove all those. i have a full story too


Comments are closed.