Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Blizzard and hacked account handleing
ianicus
Member UncommonPosts: 665
First off ive got to say is pretty piss poor, in fact, very piss poor.
so, I was away for the weekend on a nice easter weekend vacation, had alot off un, it was great. I get home and I check my email and I see something quite odd from blizzard account administration. Now my first name is IAN, keep this in mind, the email read like this.
"Dear KRISTINE,
Hello kristine,
This e-mail notification is to inform you that the World of Warcraft account, ******, has just been merged into a Battle.net account. If you were not the person who performed this account merge, please contact Battle.net Support immediately..."
and there was additional jargon etc.
Notice the NAME on the email.....not my name and in fact a womans name??? So im like what the hell does this mean, you know what I bet my account was hijaked. I contacted billing and indeed my account (which had been inactive since november) had been reactivated on a wrath of the lich king trial (thanks for alowing people to reactivate my account for fraudulant purposes blizzard) and from what I can gather it has been emptied of all its belongings. So with the help of the billing rep, I get the acocunt back under my control. I start the client download so I can see what damage has been done.
So I get home from ebing out for the day, everything is installed and updated, I go to login with my new credentials, and it says the account has been suspended, and I say....wtf. So I chekc my email, and it says a 72 hour suspension has been put on the account for exploiting or whatever, initialy I didnt care too much about what was happening, but now even AFTER speaking to an accounts rep, and dtetermining that indeed my account had been hacked, my account still get suspended for nothing I did??? second strike blizzard.
So now I am awaiting a reply from account admin so I can try to log into my acocunt to see what kind of damage the gold farmers have done and to contact a gm to get the recovery process started. If there are any additional problems, I think im just gonna say forget it, and go back to playing EVE like I have been the last 2 months. I like WoW and all, but I only play it 4-5 months out fo the year, and it may not be worth the effort to fix something that shouldnt have even happened. Blizzard you need to pull up your f'n socks and beef up security and verification procedures befor handing my account over to someone else, something that was probably all done electronicaly! pathetic.
Comments
Yes sadly Blizzard treats the victims that were hacked as if they are criminals. I beleive they should be able to be charged with fraud for shutting down accounts that have been hacked. After all you paid for a service and they shut it down after someone hacked your pc. Blizz in their own way are criminals.
Your damn right. I mean my account at the time it was hacked wasnt even active, i was between play sessions. but I mean ive INVESTED money into that account, and if they dont fix this crap they are essentialy robbing me. Unfortunately thier terms of service alows them to do whatever the hell they want. This expierience, if it goes badly, may just push me back into a full time offline gamer, MMO companies are looking more and more criminal as years go by and im getting kinda tired of paying them for what in the end I have no rights to? laughable
Blizzard's strong point has never really been security. Although it has improved in WoW throughout the years. I remember in Diablo (particularly D2) soooo many people's accounts got hacked, stolen, corrupted, etc. It's really hard to prevent every possible scenario, but when it comes to personal account or billing information, they really need to tighten that belt.
From what my friends have gone thru, I think the 72 hour suspension is standard practice. I think they do it so they can review the logs and restore everything without conflict.
Roses are red
Violets are blue
The reviewer has a mishapen head
Which means his opinion is skewed
...Aldous.MF'n.Huxley
Your damn right. I mean my account at the time it was hacked wasnt even active, i was between play sessions. but I mean ive INVESTED money into that account, and if they dont fix this crap they are essentialy robbing me. Unfortunately thier terms of service alows them to do whatever the hell they want. This expierience, if it goes badly, may just push me back into a full time offline gamer, MMO companies are looking more and more criminal as years go by and im getting kinda tired of paying them for what in the end I have no rights to? laughable
I know the frustration. My whole family has once lost all accounts on the same day and took weeks to recover that. The baby was angry b/c he likes to look at the animals on the screen. Cow he will say when a tauren shows up on the character selection screen :P
Now after working with blizz for 2 weeks to get things back I come to understand their situation. There are many hackers who steal inactive accounts and use it to spam trade or sell gold or, simply to loot guild banks. How on earth can they steal an inactive account? Either they already had stolen the password before it went inactive, or the owner somehow left the log in information somewhere. I do not believe they can randomly guess the login name and password.
What blizz need to do is to balance the pain of the victim (if he is a true victim) from ease of operation from hackers. They need proves that you are who you claim, so they usually need some form of proof, not just an email or a phone call. We all know emails and phone calls can be faked easily. We need to send in photocopies of ID matching details of the registered information for the account. That makes sense. Hackers do not have my ID card, nor can they fake it that easily.
After establishing the ID of the victim and confirming that its really a victim and not the hacker in disguise they actually do a very fast partial restoration, restoring some gold (proportioinal to your alt's lvl) all the BoP items. They then go back to the logs and check your history, and do a full restore later on, by hand, character by character. I applaud the effort of Blizz, the amount of effort they paid, and the cost in manpower to do that. Auto full restoration is too risky, and makes life too easy for hackers. No restoration is too painful to victims. They adopt a road in the middle, and naturally not the most pleasing to those who are true victims.
Instead of blaming blizz, why not blame the heckers. I remember I once reported loss on a vehicle stolen and used for crime. The police hold the vehicle for investigation for months before I can get it back. I do not bark at the police. I feel myself guilty not looking after my own car well.
Given the 12m accounts active and god knows how many inactive accounts, given the slack attitude of many gamers in protecting their login information, its hard to stop hacking altogether.
Fact is, security has to start from the owner. If the hacker can get hold of your login name and password, blizz can do nothing, they cannot stop the hacker from loggin in with the same password, while allowing you to log in. Either you both play at once, or both are temporarily banned, while they sort out who is who.
The 72 hour banning is a way to stop the hacker from travelling to orgrimmar and selling the last ditch of things you have in the AH. I once lost an account, and when I got it back, the alt is flying to orgrimmar, what is on him is already mailed out or DEed, he is naked. Blizz banned the account while the hacker is flying back to orgrimmar, so luckily all my stuffs in the bank and in AH are intact.
If they do not ban it in time, I would have even less to start with when I got back my account.
D2 is different. Its a f2p game, and you can create as many online accounts as you wish per D2 account. So its kinda messy and almost impossible to establish who is the original owner. You do not need to fill in any personal information when you create your D2 b.net account. IF you lose it, you lose it. Blizz cannot help you. And its free. So create another one and start from scratch again, too bad.
MY biggest gripe is the fact I had ALREADY spoken to an account rep, and still my account was banned although the passwork and login credentials had already been changed by me and the account person. Its a little retarded if yu ask me, the account access problem had been solved (and ps I dont leave my account info written down, I have NO idea how theyt could have gotten that unless I was infected by some type of virus back when I was playing (in november) and they happened to use it now...odd....either way I know its difficult for them to prevent fraud, but there SHOULD be nore verification done in terms of this mergin wow account with battle.net account info, it looks like its VERY crappy right now. Why dont they ask for the secret question answer? I REALLY doubt the hacker would have known that.....in the end there IS MORE blizzard could have done to prevent this from happening, period.
You have spoken to an accounts rep, that starts an inquiry. They might not believe you and if you have no solid proof you are the owner, I say they have reasons not to believe you yet. The rep cannot go thru the log during the teleconversation, that takes time. 72 hours to go thru all logs, given the number of hacks everyday, is not an easy task. I run software house in the past, tracing a bug or a hack is not fun. You know how much log you need to go thru to figure out what happened?
They could have stolen your account long ago and only use it now when they got orders for ingame gold. Why would they hack your account before they need to sell gold immediately? You will report it, and blizzard will take it back. Unless the hacker got an order in hand, for your server, there is no point to steal your gold and put it in their alt's account. They will lose the gold fast, and their alt's account at once.
How would they get your password? I do not know, blizz do not know. Its definitely not blizz's fault, it might or might not be your fault, no one knows. Try to arrest a hacker and torture him for more details :P
If the hacker has your login name and password, no verification can help. How can the game tell you from him? fingerprint? eyeball scanning? Blizz has an option to link your account to a mobile phone, so that you need to dial up a number with your phone number displayed before you can log in. If you use that, chances are your account is much much safer. Apart from that, once you lose your id and pwd, blizz can do nothing to stop the hacker. If you have a solution to this, be ready for a noble prize or a very money reward patent. Banks will love to talk to you. The US military and national security, or another country's, will want to kidnap you and milk your brain.
The secret question is only one step in establishing your identity. Blizz sometimes restores account right away, sometimes they ask for photocopies of ID cards to be mailed to them. I guess they operate under some guidelines drawn up, and god knows what it is.
I am in no way saying this to make the OP angry ( so don't kill the messanger here ) but most episodes of account hacking are due to the account owner's action in some way or the other.
Many are a result of sharing an account or password with a friend/ family member/ or guild mate, and the remaining bulk of hacks are due to the visiting of sites that are infected ( think "porn" ) and the player not keeping their spyware/virus protection ware up-to-date.
Again, I'm not saying that to piss anyone off, that's just the facts - *most* people that get hacked had at least a passive ( and often ) role in what has happened to them.
You have spoken to an accounts rep, that starts an inquiry. They might not believe you and if you have no solid proof you are the owner, I say they have reasons not to believe you yet. The rep cannot go thru the log during the teleconversation, that takes time. 72 hours to go thru all logs, given the number of hacks everyday, is not an easy task. I run software house in the past, tracing a bug or a hack is not fun. You know how much log you need to go thru to figure out what happened?
They could have stolen your account long ago and only use it now when they got orders for ingame gold. Why would they hack your account before they need to sell gold immediately? You will report it, and blizzard will take it back. Unless the hacker got an order in hand, for your server, there is no point to steal your gold and put it in their alt's account. They will lose the gold fast, and their alt's account at once.
How would they get your password? I do not know, blizz do not know. Its definitely not blizz's fault, it might or might not be your fault, no one knows. Try to arrest a hacker and torture him for more details :P
If the hacker has your login name and password, no verification can help. How can the game tell you from him? fingerprint? eyeball scanning? Blizz has an option to link your account to a mobile phone, so that you need to dial up a number with your phone number displayed before you can log in. If you use that, chances are your account is much much safer. Apart from that, once you lose your id and pwd, blizz can do nothing to stop the hacker. If you have a solution to this, be ready for a noble prize or a very money reward patent. Banks will love to talk to you. The US military and national security, or another country's, will want to kidnap you and milk your brain.
The secret question is only one step in establishing your identity. Blizz sometimes restores account right away, sometimes they ask for photocopies of ID cards to be mailed to them. I guess they operate under some guidelines drawn up, and god knows what it is.
I already mentioned a great additional security measure, ask people for the secret question answer, alo harder to get since its not entered anywhere online accept at account creation, which I did at launch. The fact is there security is very lazy, they ecourage people to do TOO much online, and in turn this alows people to commit fraud in greater amounts. If people had to contact someone at blizzard to do, say the account merger than got my account hacked, this probably would have been avoided. In there end there is certainly alot more they coiuld have done as they spend next to nothing on customer support in an effort to keep as many of the dollars that you pay them a month.
There are $15 dollar cell phone plans now (same cost as wow) and you have to pseak to a rep to make major chnages, why cant blizzard do that? same monthly service cost, however blizz is provideing a service that costs them WAY less to maintain than a national cell phone network. Im sorry but this expeirience thus far has just opened my eyes to the major overhaul needed in the MMO industry in temrs of service standards and account security.
*shrug* Sometimes you get unlucky I guess. I got hacked, emailed em asking if they could move me back to my server just in case I did return to play - my entire character was put back with no further questions. Perfect response.
Seems to be a bit o random luck. Funny thing is I managed to get in and change the billing while they were in the middle of hacking my account and billed the hackers for a 12 month sub.(now I think about it it was probably a stolen card..seemed funny at the time).
Never once gave my account info to ANYONE, ever, never, ever 100%. I know it happens, BUT this is not acctualy being hacked, this is being stupid and alowing your "friend" to either hijack your account or sell the info. Again, I have never given out my info, or ever writen it down. Im not an idiot and ive been playing MMO's for years (pre WoW)
The security isn't lazy, you're just being unreasonable. Your account wasn't hacked because of account merger, your account was hacked because someone got your login name and password. And no matter what additional security measures Blizzard might have done to prevent activation of free Wrath of the Lich King trial, if you'd ever have decided to activate your account yourself and play the game the hacker would still have been there and able to hack you. The security measures you're demanding would have just delayed the inevitable.
But there is one person who could have prevented all this, you. Blizzard sells Blizzard Authenticator very cheap, and it would almost certainly added enough security to stop whatever was the way your account was hacked. But you were too lazy to use it, and your account got hacked.
It was my understanding that you couldn't change the name on an account. After all, that would make buying and selling accounts much easier. That alone is a little strange. I've not read this on any official site or anything, just through discussions and I know other games that were like this. IMO, the weakest link in Blizz's security was on their forum site. For the longest time the login never showed up as "secure" in any browser I tried to use. It's not this way now, with the battle.net stuff, but in the past it was. I think many peeps got screwed this way. As far as how long it might take to sort out, well, you just have to deal with it really. They can't salve these things over night I'm sure. Not trying to sound harsh but that's just how things work.
Z
http://www.TheIronZ.com
They didnt chnage the name on the account, what they did was merge my WoW account with a battle.net account under someone elses name, which I think is ever worse to be honest. Thats like me linking your bank account to my debit card, makes no damn sense at all, from what I can see, the little info required to "merge" a wow account to a fony battle.net account is a HUGE security risk for players.
The security isn't lazy, you're just being unreasonable. Your account wasn't hacked because of account merger, your account was hacked because someone got your login name and password. And no matter what additional security measures Blizzard might have done to prevent activation of free Wrath of the Lich King trial, if you'd ever have decided to activate your account yourself and play the game the hacker would still have been there and able to hack you. The security measures you're demanding would have just delayed the inevitable.
But there is one person who could have prevented all this, you. Blizzard sells Blizzard Authenticator very cheap, and it would almost certainly added enough security to stop whatever was the way your account was hacked. But you were too lazy to use it, and your account got hacked.
LOL your a fool if you think anyone should have to purchase EXTRA security for a product that should already be secure. There is no way in hell I should have to pay blizzard for the authenticator. Mt account was merged to a battle.net account that didnt even have the same personal information on it! and you think thats fine? you have serious issues my friend. If you feel like paying extra to a company to protect your information (that should be protected in the first place) and keep your account safer, well you might as well just bend over and let every company you deal with have thier way with you. Try coming back here once your makeing a little more sense...
My account was inactive for nearly two years when I got a message about being banned for cheating. All I had to do was ask for proof and they reactivated the account for a month with a copy/past apology.
I do have to say, I am not a fan of Blizzard but that keychain with the random generated numbers is by far the best idea any gaming company has ever used. If you are an avid WoW player I would highly suggest buying one for your own security especially with the number of hacked accounts that seem to spring up.
_______
|___
\_______/
=
|X| \*........*/ |X|
|X|_________|X|
You wouldn't understand
They didnt chnage the name on the account, what they did was merge my WoW account with a battle.net account under someone elses name, which I think is ever worse to be honest. Thats like me linking your bank account to my debit card, makes no damn sense at all, from what I can see, the little info required to "merge" a wow account to a fony battle.net account is a HUGE security risk for players.
Wow, that is seriously screwed up! I could see things getting a LOT worse if that's the case
. I do agree with your later post that we shouldn't have to purchase extra security. Unfortunately it is a necessity in today's world.
Z
http://www.TheIronZ.com
you are very right dude for getting angry i mean i would be but what needs to happen is blizzard just bann every asian account there is theni think that would solve a big part of the problem because most of the hack stuff like that is done by the gold sellers
I am a little confused after all these posts, so let me rewind a little. Initial post says you got an e-mail saying;
"This e-mail notification is to inform you that the World of Warcraft account, ******, has just been merged into a Battle.net account. If you were not the person who performed this account merge, please contact Battle.net Support immediately..."
...so basically somone had hold of your details and re-activated the account for whatever reason they chose to do so, but more than likely not for good reasons.
So up to this point, somone got hold of your account details and password for them to be able to so this, yes? So straight off the bat i don't see where Blizzard is to blame for this, but they sent you a notification to correct it if it wasn't you that asked for this activation.
So you contact them and they return control of the account back to you, so again they seem to have been reasonable then, yes?
Your gripe is then that they have suspended the said account due to exploiting, yes?
Well my question would be, do you want Blizzard to take security measures or not because if you say that your account should not be suspended for exploiting just because you say it shouldn't then you are asking Blizzard to ignore their own security measures, aren't you?
What is to stop any Tom, Dick or Harry from re-activating an account, stripping it clean, exploiting the game, passing the profits to friends and then phoning or e-mailing to claim that the account was hi-jacked???
I can more than understand your frustration at what has happened, but i see no-where in this so far where Blizzard is to blame and they seem to be taking all possible security measures, which unfortunately in this case is increasing your frustration as it stands.
The whole episode comes back to one thing and one thing only and that is how someone got hold of your details in the first place and that is what you need to concentrate on, is it not?
Whatever happens, i hope it all gets sorted for you, good luck.
It must be Thursday, i never could get the hang of Thursdays.
One of the best ways to make certain that no one can hack your account is to get one of Blizzards authenticators. Its a little keyring size device that generates a one time pass code when ever the button is pressed. I've not heard of anyone losing an account when they've had one attached. I have WAY too much time invested in all of my characters to worry about losing them. Hope this helps.
Blizzard Authenticator (United States only)
Blizzard Authenticator for use with your World of Warcraft account.
Protect your World of Warcraft account with industry leading account security - introducing the Blizzard Authenticator! The Blizzard Authenticator is designed as a supplemental authentication method for your World of Warcraft account, giving you the security of Two-Factor authentication. Each time you log in using the Blizzard Authenticator you are provided with a unique, one-time use password to use in addition to your regular password. Log in with both and you can rest easy knowing that your account is now even more secure from malicious attacks such as keyloggers and trojans.
* Simple and easy to use – press one button to display the digital code. Setup of the token is simple and takes only a few minutes.
* Small and convenient – take your token to wherever you play World of Warcraft and know that your account is secure.
* Tough and durable – lasts for years and replacement is easy.
* Provides for the highest account security available in the game industry today.
Please note: Shipping fees have been waived on this product to reduce consumer costs. As a result, shipment tracking is not available and your order can take up 15 business days to arrive. The authenticator may be associated with your World of Warcraft account(s) through Account Management when it is received.
This is a common situation. Not of blizzard being mean, but people upset at a situation they caused and finding fault with everything and everyone around them.
Sorry original poster, you did something that compromised your accounts security. Odds are you clicked on a link in the "Dear Kristine" email or something else and gave access to your account to hackers. Anything that happens after that is a result of your own doing. No offense meant, but that is the reality of it.
Blizzard standard practice is to temporary ban the accounts to investigate what happened and verify they are giving access back to the rightful owners.
You anger is very misplaced and you should find out what you did that compromised your account, because odds are you are still infected or vulnerable to repeat business.
Quoting this for emphasis. OP, I hope it gets sorted out for you, but I honestly don't see how it should have been handled differently considering there's no way an MMOG company can just go by every player's word that "it must have been someone else" or "it's YOUR fault, big evil company". ;-)
Never once gave my account info to ANYONE, ever, never, ever 100%. I know it happens, BUT this is not acctualy being hacked, this is being stupid and alowing your "friend" to either hijack your account or sell the info. Again, I have never given out my info, or ever writen it down. Im not an idiot and ive been playing MMO's for years (pre WoW)
and the porn....?
You can get the authenticator as a FREE APP on IPHONE
The authenticator is meant for players who play WoW from several machines, internet cafes etc.. not for a home users.. bottom line OP its your responsibility to keep your account secure.. Blizzard in no way has to help so if they do be greatful.
Just because you dont know how your account was accessed does not shift the blame to anyone else but yourself.
Buck stops with you.