So, it finally happened, my Blizzard account was compromised

[Vespian]

A few days ago, I received the following email. The url's really refer to the protected battle.net website. No hoax.

Greetings,

Blizzard has locked Battle.net account [account] due to a security issue with the account. Specifically, we recorded a login attempt from an unfamiliar location, suggesting that your login information may have been used by an unauthorized third party.

The Battle.net account appears to be unharmed. In order to further protect your account, we have reset your password. Follow this link to set up a new password:

https://eu.battle.net/account/suppor...ord-reset.html

If you discover any in-game items missing upon login, please contact Customer Support (https://battle.net/support/ticket/submit) so we can assist you.

Please take a few moments to review the safety tips we’ve posted at http://www.battle.net/security. While no means of account security is guaranteed, every precaution you take to secure your computer and Battle.net account adds another layer of defense.

Best wishes,

Customer Support
Blizzard Entertainment
http://battle.net/support

Before we all start laughing, I want you to realize the following:

- I have an authenticator. I have had one since they were released.
- The authenticator is on a phone that I am currently not using. It's not on. It's in my bag, right now. Noone has access.
- I have not logged into my battle.net account for months. Even when I log in, it's only from home.
- According to Blizzard the only way to "hack" an authenticator code is to use a Man-in-the-Middle attack, which basicsally steals your code the moment you try to use it and redirects the user to a fake server, while the hacker empties your pockets.

None of the above occurred.

Wat do you think happened?

[Zergin8r]

I would remove those links. Also, they noticed an attempt, not an actual login. All this means is someone in some other place tried, and most likely failed to login, since if I am at a friends place and try to login I will get a message stating that it is not normal and need to verify that it is me. This is using an authenticator as well, basically if you or someone else tries to login from anywhere more than 15 min from your "normal" location this will happen. It may not be your battle.net account that is compromised either as someone could have gotten access to your email, and just attempted to use it to see if it was connected to a battle.net account.

[Vespian]

I would remove those links....

Removed the reference to my email (doh), but the other links are harmless.

I would remove those links. Also, they noticed an attempt, not an actual login. All this means is someone in some other place tried, and most likely failed to login, since if I am at a friends place and try to login I will get a message stating that it is not normal and need to verify that it is me.

But that wouldn't cause a password reset...

[zaxlor]

A few days ago, I received the following email. The url's really refer to the protected battle.net website. No hoax.


Before we all start laughing, I want you to realize the following:

- I have an authenticator. I have had one since they were released.
- The authenticator is on a phone that I am currently not using. It's not on. It's in my bag, right now. Noone has access.
- I have not logged into my battle.net account for months. Even when I log in, it's only from home.
- According to Blizzard the only way to "hack" an authenticator code is to use a Man-in-the-Middle attack, which basicsally steals your code the moment you try to use it and redirects the user to a fake server, while the hacker empties your pockets.

None of the above occurred.

Wat do you think happened?

Same thing happened to me about 2 days ago, the day after my account run out of subscription time. The cynic in me makes me think that Blizzard wants me to re-sub to check and see if stuffs been stolen, but i'm not doing that. My password wasn't changed and there's no way they're getting into your account without your authenticator either.

I changed my password to be on the safe side and i'll see how badly i've been "hacked" when SoO comes out :P I'm guessing it's just some bot trying to brute force it's way into players accounts, which Blizzard then locks to stop any more wrong password attempts.

[Vespian]

Same thing happened to me about 2 days ago, the day after my account run out of subscription time. The cynic in me makes me think that Blizzard wants me to re-sub to check and see if stuffs been stolen, but i'm not doing that. My password wasn't changed and there's no way they're getting into your account without your authenticator either.

I changed my password to be on the safe side and i'll see how badly i've been "hacked" when SoO comes out :P I'm guessing it's just some bot trying to brute force it's way into players accounts, which Blizzard then locks to stop any more wrong password attempts.

Oddly enough, you could be right. My sub was bound to run out somewhere around now.

[Doylez]

A few days ago, I received the following email. The url's really refer to the protected battle.net website. No hoax.

Maybe your email client protects you against phishing links and changes the url if it's different from the text. Or maybe they forgot to put the keylogger link.
Did you check your WoW account? Is it actually banned/compromised?

[Masoner]

I've been canceling my account for years now, I play for a few months and then cancel it when I know I wont have the time to play/enjoy the game.

I would think this is a scam, I have received those before that tell me I have to go to said website and put in my information. I all ways ignore them cause I have an Authenticator.

[Dasffion]

Easy way to check this, log in and try your password. If it doesn't work it's legit, if it does it's not.

Also Authenticators don't make your account 100% secure, just 99.9999999%

[NightZero88]

If you do not have the SMS protection enabled it is entirely possible you DID get hacked. There was a bug a few weeks ago where people could use the SMS protect to remove your authenticator from your account then log in and add their own. It used the mobile armory. I believe it's been corrected but I believe thousands of accounts where compromised. So it is possible assuming this isn't just a scam email.

[Kuthe]

Same thing happened to me about a week ago.
I hadn't logged in for over a month on any Blizzard product/website as well.

Authenticatior attached as well, and it's in my safe custody.

[Puri]

This happens everytime when your IP-range changes (usually because you use a different internet provider, for example because you logged in at a friend's house or used a cell phone for internet tethering).
As you wrote, you did not log in for months, so maybe Blizzard deletes the old ip-ranges after a time, your provider changed them, or you did simply change your internet provider.

This is nothing to worry about, and happens every single weekend to me when I play at my girlfriends house. You just have to answer your secret question or provide a CD key.

[Vespian]

Hehe, that 0.000001% is the maninthemiddle attack I wrote about and that has a specific way of functioning. Other than that, the authenticator should actually be completely secure.

The mail is not a scam, gmail usually does a good job at keeping the spam away from me and the real ones go into my mailbox. It never failed. Nonetheless, I manually checked the mail. Also, mail clients don't alter the content of mails.

This happens everytime when your IP-range changes (usually because you use a different internet provider, for example because you logged in at a friend's house or used a cell phone for internet tethering).
As you wrote, you did not log in for months, so maybe Blizzard deletes the old ip-ranges after a time, your provider changed them, or you did simply change your internet provider.

This is nothing to worry about, and happens every single weekend to me when I play at my girlfriends house. You just have to answer your secret question or provide a CD key.

Interesting. I didn't expect this to count for IP's within the same range, but this could be a reason. I moved away 6 months ago, kept the same provider, but moved a few streets.

[SkyBlueAri]

Just call them up and sort it all out. They don't usually say no to people on the phone if you're telling the truth.

[Vespian]

Just call them up and sort it all out. They don't usually say no to people on the phone if you're telling the truth.

I have no issue with retrieving my account (yet)

[raoden]

this did hapen to me after i instaled the beta battle.net app, i have an authenticator but the app dosent use it more than the first time i logged in.

[Delekii]

A few days ago, I received the following email. The url's really refer to the protected battle.net website. No hoax.


Before we all start laughing, I want you to realize the following:

- I have an authenticator. I have had one since they were released.
- The authenticator is on a phone that I am currently not using. It's not on. It's in my bag, right now. Noone has access.
- I have not logged into my battle.net account for months. Even when I log in, it's only from home.
- According to Blizzard the only way to "hack" an authenticator code is to use a Man-in-the-Middle attack, which basicsally steals your code the moment you try to use it and redirects the user to a fake server, while the hacker empties your pockets.

None of the above occurred.

Wat do you think happened?

This doesn't mean they got past your authenticator. It means someone somewhere has your password, and tried to log in, only to find the authenticator and was unable to do so.

If this was from an unknown location.. well yeah. Alarms triggered.

I got the exact same message 5 days ago, and have been playing every day prior and every day since from the same PC.

[Doylez]

This happens everytime when your IP-range changes (usually because you use a different internet provider, for example because you logged in at a friend's house or used a cell phone for internet tethering).
As you wrote, you did not log in for months, so maybe Blizzard deletes the old ip-ranges after a time, your provider changed them, or you did simply change your internet provider.

This is nothing to worry about, and happens every single weekend to me when I play at my girlfriends house. You just have to answer your secret question or provide a CD key.

Doesn't happen for me. If I use my VNP (which is based in a different country) I only have to reenter my authenticator code, I don't get any emails from Blizzard.

Also the email says that the login attempt was unsuccessful. So why would they lock your account? I get quite a lot of keylogger links sent to my WoW email. So the email is out there and I suppose people are trying to login on my account all the time. Yet it has never been locked by Blizzard.

I'd bet that even though the keylogger link is missing it is still a fake mail and your account is not actually banned.

[Dasffion]

this did hapen to me after i instaled the beta battle.net app, i have an authenticator but the app dosent use it more than the first time i logged in.

You can change the settings to have it ask you every time and if you don't it will still ask you something like once a month or if you change IPs.

[Vespian]

I'd bet that even though the keylogger link is missing it is still a fake mail and your account is not actually banned.

So they make me change my own password in hope that they can somehow keylog my password?

[Doylez]

So they make me change my own password in hope that they can somehow keylog my password?

I don't know, maybe it's as simple as they just forgot to replace the legit Blizzard link with their keylogger link.