So, I just got a note from Blizzard this morning saying
"Hello zhang[not my name],
Welcome to Battle.net!
You have successfully created the following Battle.net account:
[myemailthatIdon'tuseforgames]"
Changed my password. Anything else I need to be doing? I'm not even certain what a Battle.Net account allows a person to do beyond... I guess play games? I thought it was free?
Adding to that, my credit card has already been cancelled due to a fraudulent charge this past week. Anything to do beyond changing all the passwords I can find and running antivirus software?
Take a moment to donate what you can to
Critical Resistance and
Black Lives Matter.
Posts
Zhang wants a billion accounts in order to farm gold.
Step 1: buy email list for 20 bucks.
Step 2: register b.net accounts for all those addresses.
Step 3: wait for gullible suckers to click the activation link.
Step 4: farm gold.
So the email list is simply an email list, not like actual account information. Phew. I was worried by it coming so soon after the credit charge. Well, fuck you Zhang! Not clicking any link no how.
Anything to do besides delete the mail?
My speculation on the issue is that 'Zhang' has found a way to defeat email verification on the Blizzard servers. Essentially, whenever you set up an account, an email is sent to your listed address during sign-up. You either have to click a link, or enter a verification code on a webpage for the email to be authenticated. This is so someone can't just sign up using random email addresses. 'Zhang' has no doubt found a way to circumvent this issue and get a verification token without receiving the email. Something similar happened to the PSN in the wake of the larger PSN hacking, in regards to password resets, so it's not unheard of.
If this is true, then it means you wouldn't need to be 'hacked' in order for this to happen to you. And it would also mean the email is legitimate from Blizzard.
If you're concerned about the security of your email address, be sure to change the password and run a few scans for malware (there are plenty of tools, but if you want recommendations I won't hestitate). I'd also call up Blizzard and talk with them directly about this. They're familiar with the problem, and should be agreeable with removing the account.
Edit: There's an official post on the WoW Battlenet forums about this. There's not much information on there beyond what we already know, but the admin verifies that the emails are legitimately from Blizzard. Recommended actions include forwarding the email to hacks@blizzard.com, contacting Blizzard support, and tightening end-user security. Though I think that last one is just in there as a useful deflection, as by all accounts so far a user doesn't need to be infected or compromised for this issue to afflict them.
1. Setting up email addresses takes time and can also get spam blocked.
2. Chat/gold selling spam, probably.