As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Battle.net account Hackered (Mysterious Solutionationed)

erraticrabbiterraticrabbit Registered User regular
edited March 2010 in Help / Advice Forum
So I got an two emails from blizzard today. One was a password reset email, the other was an account suspension (3 hr) notification in WoW. I haven't played WoW since the first month it was out in '06. I was able to change my password to something else through the link in the first email, but I can't actually get into my account anymore because whoever accessed it put an authenticator on it. It asks to put the code it generates in after I put the new password I used.

The help lines are busy due to high traffic, and obviously my email to billing isn't going to get a reply for a while.

What the hell happened? The only sites I visit related to any blizzard product is teamliquid to watch streams. Nothing at all for years related to WoW. The only thing I've done with my account is register my games there and apply to the beta's in the last month.

steam_sig.png
erraticrabbit on

Posts

  • travathiantravathian Registered User regular
    edited March 2010
    You just got phished.

    edit: goto the blizzard website fraud section and read all about it

    travathian on
  • RUNN1NGMANRUNN1NGMAN Registered User regular
    edited March 2010
    Yeah, that first email was a fake.

    RUNN1NGMAN on
  • erraticrabbiterraticrabbit Registered User regular
    edited March 2010
    "Blizzard Entertainment" <noreply@blizzard.com>

    was the first. linked to battle.net, where I changed my password to a random series of number and letters that I don't use as a password anywhere else.

    "WoWAccountAdmin@blizzard.com" <WoWAccountAdmin@blizzard.com

    is the second, notifying of this 3 hr susp.


    Even if the first was a phish (which it wasn't, it links to the real us.battle.net site) that doesn't explain why my battle.net account now has an authenticator, because even if we assumed that it WAS a phish, they still don't have my password

    erraticrabbit on
    steam_sig.png
  • admanbadmanb unionize your workplace Seattle, WARegistered User regular
    edited March 2010
    E-mail addresses are easy to fake. What's the exact url of the Battle.net link?

    admanb on
  • erraticrabbiterraticrabbit Registered User regular
    edited March 2010
    https://us.battle.net/account/support/password-reset-confirm.xml?ticket=D6FB8AFCCBC73F3D0658485775440BD94FE22BAD5C9E3619602C7865C0AC7E62

    password link in the first email. Even if it was phishing, they didn't get my password from it because I used a random one, and it did not ask for the old password.

    erraticrabbit on
    steam_sig.png
  • That Dave FellaThat Dave Fella Registered User regular
    edited March 2010
    You didn't get phished, someone accessed your account and you had been suspended because they were using your account to spam.

    It was an automatic deal. They will have also added an authenticator to your account so all you can do now is sit tight and wait for a reply.

    For in game tickets you're looking at a 3 day response almost, so their email wait times will be astronomical.

    That Dave Fella on
    PSN: ThatDaveFella
  • ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited March 2010
    Did you copy where the link went to, or just the link text? Because there have been phishing emails with links that have "www.worldofwarcraft.com" as the text but "www.worldofvvarcraft.com" as the link target.

    The three-hour suspension is also fake.

    Could you post the full text of both emails here, stripped of any links or private information?

    ronya on
    aRkpc.gif
  • CrovaxanCrovaxan Registered User regular
    edited March 2010
    Look I signed up for battle.net last month to get into starcraft2 demo. 4 days later i get 2 emails from blizzard about account changes to my battlenet and WOW that i never played after first 4 months. the links LOOK legit but they pnt send to that site. it's a phishing site. you got frauded.

    ill post my copys in a few mins

    1st
    When we carry out a routine check when the account, we have evidence to show that your account has been involved in the disputed transactions.
    So we have to inform you visit our website( http://www.wowaccou-battle.net ) fill out some information to facilitate our investigation.
    If you can not tie in with our soon we will have to temporarily lock your account.

    Sincerely,
    Blizzard, Inc.
    Copyright @2010 Blizzard, Inc. All rights reserved.


    2nd
    Hello,

    This is an automated notification regarding your World of Warcraft account. Your account options was recently modified through the Account Management website.

    If you made this change to your subscription type, please disregard this automatic notification.

    *** If you did NOT make any changes to your account or subscription, we recommend you login to Account Management at the following link to review your account settings:
    http://www.worldofwarcraft.com/account/billing/

    If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for advanced assistance.

    Billing & Account Services can be reached at 1-800-59-BLIZZARD (1-800-592-5499 Mon-Fri, 8Am-8PM Pacific Time) or at billing@blizzard.com.

    Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

    Regards,

    The World of Warcraft Support Team
    Blizzard Entertainment
    http://www.blizzard.com/support/wowindex/


    the first link actually goes to http://www.support-billing-warcraft.com/ so yea looks legit. its not

    Crovaxan on
    1850973-1.png
    Crovax.436 Steam: Crovaxan
  • Eat it You Nasty Pig.Eat it You Nasty Pig. tell homeland security 'we are the bomb'Registered User regular
    edited March 2010
    Their email responses for account compromisation/password retrieval are actually pretty prompt (at least, they were when I went through this process.)

    Be sure you email their account admin staff rather than just the general customer service email; I traded 3-4 mails with their reps back in the day, and they always got back to me within 24 hours.

    Eat it You Nasty Pig. on
    NREqxl5.jpg
    it was the smallest on the list but
    Pluto was a planet and I'll never forget
  • That Dave FellaThat Dave Fella Registered User regular
    edited March 2010
    If the email you received told you that you were suspended and that you had to verify your details that's a phishing mail.

    If it just told you that you were suspended and see you in 3 hours then you were suspended.

    That Dave Fella on
    PSN: ThatDaveFella
  • ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited March 2010
    Also, check whether your email looked like this (fake) one posted on the forums:
    World of Warcraft Account - Password verification

    We have verification the password for the World of Warcraft account associated with this email address. verification password, please click the following link and follow the instructions:

    https://us.battle.net/account/support/password-reset-confirm.xml?ticket=BC9E6EFC85206C409C5A42AE45F2373752E47BCA161020F76C40DC2D8C750F12

    If you did not request the verification, it is possible that this World of Warcraft account has been accessed by someone not authorized to do so. If you notice issues with the World of Warcraft account or associated games after logging in with your account, please contact the appropriate support department for assistance immediately: http://us.blizzard.com/support/index.xml?gameId=11

    Please remember that it is your responsibility to keep your login information confidential. You may not share access to the account with anyone who is not expressly permitted in the World of Warcraft Terms of Use and the Terms of Use for the games you play. You are also responsible for every use of your login information, whether you have authorized it or not.

    Billing and Account Services can be reached directly at 1-800-592-5499. Players in Australia and Singapore should call 1-800-041-378 and 800-2549927 respectively if unable to connect via the first number. Our representatives are available Monday through Friday, between 8:00AM and 8:00PM Pacific Time.

    We encourage you to keep the following security tips in mind when playing an online game on any computer:

    - Use up-to-date firewall, antivirus, and anti-spyware software, and scan your system regularly for viruses, Trojans, and key loggers.
    - Keep your operating system and other software up-to-date, and be careful when downloading new software.
    - Be wary of “spoof” and scam websites and e-mails that pose as Blizzard Entertainment and request account or personal information. As a reminder, Blizzard Entertainment representatives will *never* ask you for your password.
    - Use separate, unique passwords for your email, World of Warcraft account, and any other online accounts.
    - Change your passwords regularly and keep World of Warcraft account information updated using the Account Management page at http://www.battle.net/account

    For additional security tips and information, please visit the following site:

    - Account Security: http://us.blizzard.com/support/article.xml?articleId=26328

    If you are looking for an added layer of security, we currently offer the Authenticator, an optional second line of defense that can help prevent unauthorized account access. For more information about how the Authenticator works or how to add one to an account, please visit the Authenticator Information page at http://us.blizzard.com/support/article/24986.

    Thank you,

    Blizzard Entertainment

    ronya on
    aRkpc.gif
  • erraticrabbiterraticrabbit Registered User regular
    edited March 2010
    Full text of email #1, password change. From "Blizzard Entertainment" <noreply@blizzard.com>

    
    Battle.net Account - Password Reset

    We have reset the password for the Battle.net account associated with this email address. To choose a new password, please click the following link and follow the instructions:

    the link

    If you did not request the reset, it is possible that this Battle.net account has been accessed by someone not authorized to do so. If you notice issues with the Battle.net account or associated games after logging in with your new password, please contact the appropriate support department for assistance immediately: 'nother link

    Please remember that it is your responsibility to keep your login information confidential. You may not share access to the account with anyone who is not expressly permitted in the Battle.net Terms of Use and the Terms of Use for the games you play. You are also responsible for every use of your login information, whether you have authorized it or not.

    Billing and Account Services can be reached directly at 1-800-592-5499. Players in Australia and Singapore should call 1-800-041-378 and 800-2549927 respectively if unable to connect via the first number. Our representatives are available Sunday through Saturday, between 8:00AM and 8:00PM Pacific Time.

    COMPUTER AND ACCOUNT SECURITY:

    For your own protection, we encourage you to keep the following security tips in mind when using any computer on which you play World of Warcraft:

    Before you log back into your account, you will want to review the following page which has details regarding Trojans/Viruses, and how to recover account information or recover in-game items or characters: [link

    We highly recommend adding a Battle.net Authenticator to an account as it is the highest level of security we currently offer. For more information, please visit: [url]link

    It is very important that you review the security precautions here to assist you with any current or future compromises: ([/url]link

    Thank you,

    Blizzard Entertainment

    The link text is the same as what it links to (copied from browser after clicking the link in email) link

    Next is the wow susp email, which I did not perform any action on other than read. From "WoWAccountAdmin@blizzard.com" <WoWAccountAdmin@blizzard.com>.

    English speaking customers: Please refer to the start of this mail
    Para los clientes españoles: Por favor vayan hasta el fin de este correo electrónico

    Account Name: My Account

    Account Action: 3 hour suspension and password reset
    Reason for Action: In-Game Chat Policy Violation - Advertisement and Spamming

    This suspension happened because a character on the account above repeatedly abused World of Warcraft's in-game chat system. This abuse includes advertising third party services/websites and repeatedly spamming in-game chat channels.

    To prevent further harm to the game and the account you use, the account has been suspended for 3 hours and the password was reset. You do not need to reply to this email, as the account will automatically become available again once the 3-hour suspension period has ended. It may take up to one hour for our system to generate and send the new password. If you have not received a password within one hour of this message's delivery, please check your Spam, Junk, or Suspect Mail folders. If you are still unable to locate the email containing your new password, please contact us using this form: http://us.blizzard.com/support/webform-us.xml.

    Account compromises most often occur when a player shares login information with an unauthorized third party or plays on a computer that has a virus, Trojan, or key-logger. We recommend you read and apply the following tips to protect yourself and the account.

    - Unauthorized Account Access Policy: http://us.blizzard.com/support/article/20460
    - World of Warcraft Account Security: http://us.blizzard.com/support/article/20572
    - Computer Security: http://us.blizzard.com/support/article/21118
    - Email Address Security: http://us.blizzard.com/support/article/28585

    Please be aware that if unauthorized access to this account continues after the recovery process is complete, it may lead to further action against the account. For more information, please review the World of Warcraft Terms of Use (http://www.worldofwarcraft.com/legal/termsofuse.html).

    Regards,

    Account Administration
    Blizzard Entertainment
    www.worldofwarcraft.com

    After I changed my password in the first email's link (by inserting, twice, a random number and letter combo password which is not used by me anywhere else, I received an acknowledgement from "Blizzard Entertainment" <noreply@blizzard.com> that I had done it. The text follows:
    Hello My Name,

    This is an automated notification regarding the recent change(s) made to your Battle.net account: my email

    Your password has recently been modified through the Account Management website.

    *** If you made this password change, please disregard this notification.

    However, if you did NOT make any changes to your password, we recommend you contact Blizzard Billing & Account Services for assistance keeping your account as secure as possible.

    For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.

    Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

    Sincerely,
    The Battle.net Account Team
    Online Privacy Policy

    I can log into battle.net with the new random password, but cannot access my account because of the authenticator they attached to it. I suspect this nonsense is wow-related, but as I haven't accessed wow stuff in over two years I don't know how it happened. I'm baffled.

    erraticrabbit on
    steam_sig.png
  • That Dave FellaThat Dave Fella Registered User regular
    edited March 2010
    The suspension 1 is legit and you have been compromised and they're using your account to spam which is why you received an automatic password reset mail.

    They will sometimes get your password and details and not use them for years, they've so many accounts to get through and so little time.

    That Dave Fella on
    PSN: ThatDaveFella
  • AwkAwk Registered User regular
    edited March 2010
    HIDE YOUR EMAIL

    Awk on
  • erraticrabbiterraticrabbit Registered User regular
    edited March 2010
    Awk wrote: »
    HIDE YOUR EMAIL

    gack. got it

    erraticrabbit on
    steam_sig.png
  • That Dave FellaThat Dave Fella Registered User regular
    edited March 2010
    Your quickest bet is probably ringing their billing phone line as they can probably remove the authenticator token from your account.

    Tell them that your account was compromised and it should be all good.

    That Dave Fella on
    PSN: ThatDaveFella
  • ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited March 2010
    That looks real enough.

    This is your thread (see section 6.3 as well). I do not envy you, this will take a long time.

    ronya on
    aRkpc.gif
  • erraticrabbiterraticrabbit Registered User regular
    edited March 2010
    yes, 6.x was the interesting part-

    their phone lines have been busy for the last three hours, and I sent the email to billing about two hours ago... now I wait.

    I'm not concerned about what they did with my wow stuff, since the highest lvl guy in there was 35, and was poor even for '06 wow standards.

    My concern here is Starcraft Beta :)

    erraticrabbit on
    steam_sig.png
  • Eat it You Nasty Pig.Eat it You Nasty Pig. tell homeland security 'we are the bomb'Registered User regular
    edited March 2010
    Don't send an email to billing, send it to the account administration address in the thread ronya linked.

    Eat it You Nasty Pig. on
    NREqxl5.jpg
    it was the smallest on the list but
    Pluto was a planet and I'll never forget
  • DerrickDerrick Registered User regular
    edited March 2010
    Calling Blizzard when there's a problem is always a winning solution. Their customer service is top notch.

    Derrick on
    Steam and CFN: Enexemander
  • TrillianTrillian Registered User regular
    edited March 2010
    Yeah Tatdayvfellah is an expert in dealing with Blizzard, listen to him and do what he says.

    Trillian on

    They cast a shadow like a sundial in the morning light. It was half past 10.
  • NateVaderNateVader Registered User regular
    edited March 2010
    Same thing happened to me a month ago. I hadn't played for 6 months and I woke up to a password reset request email. I tried logging on and it said there was an authenticator tied to the account. Then I checked the armory site for my character and saw that he was being played a couple hours earlier. I called (too busy try again another time) and emailed and got it fixed that day or the next (eventually I got through on the phone line). I added my own authenticator to it and haven't had any problems.

    They also changed my gmail account password, but that didn't take much to fix.

    NateVader on
    steam_sig.png
  • erraticrabbiterraticrabbit Registered User regular
    edited March 2010
    Update/resolution.

    After a few days of not being able to reach phone support due to their 'we're hammered' message, I finally got a reply to my email: "After reviewing your email, our records indicate that your situation has already been resolved"

    I was about to nerdrage, but figured I'd try to log on and see if by some fluke it WAS fixed... and it was. My wow account had some number of days left on an expansion trial and isn't accessible to manage due to bannage/lockage/suspension. I hope it's banned so that wow spammers won't get anything out of screwing me up again.

    Now for another password change and continued monitoring for sweet, sweet starcraft beta.

    erraticrabbit on
    steam_sig.png
  • admanbadmanb unionize your workplace Seattle, WARegistered User regular
    edited March 2010
    There seems to have been a recent epidemic of cracked Battle.net accounts. Yours must've been one of the crowd.

    admanb on
Sign In or Register to comment.