Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Absolutely flabbergasted

Forum Avatar
Hellïsh
#1 - June 5, 2013, 4:23 p.m.
Blizzard Post
Today as I was playing my WoW account I saw what I thought was my son playing his D3 account.
He hadn't been playing for a few months, but I knew he was "between games" at the moment, so I thought nothing of it. Talking to him this evening I found out it wasn't him at all, he had been hacked.

On looking through his email there was an email dated May 22nd from Blizzard. In Chinese!!
He said he had seen that, but considering we speak English, are registered on the US site, and live in Australia, he suspected it was a phishing attempt and ignored it. After finding out he had been compromised we ran it through a translator and it was a request to change email and password......done in Chinese from China.

For the last 20 hours or so there has been some-one using my son's account to farm with......and they are still doing it (because it takes roughly 12 hours to have a ticket regarding an account compromise to be looked at).

Now surely it can't be too hard to have alarm bells go off and lock down an account where the language, and the Country, and originating country's IP requesting change of details is not the original one? I mean really?
Some person writing in Chinese requests change of details of an English speaking account and no-one goes uhhhhhh............probably not legit?

I'm absolutely flabbergasted that this is the case.

No, my son's machine is not compromised. His Yahoo account was compromised a while back when there was a password leak in Yahoo. He changed his Yahoo password at the time, but his email was still out there. And before anyone assumes he had the same password, I can assure you it was not the same pass. He was taught long ago to have a different pass for every password he uses. The password he had for his Yahoo account at the time was not the one he used on his D3 account.

When the person compromised the account all they needed was his email address, and his name. They had that from when Yahoo was compromised. From there they could ask for his password change, then change his email address. There was over 450,000 email addresses, passwords and names made public when Yahoo was hacked, my son's was one of them.

Again, is it too hard in this day and age with technology to have some form of safe-guard alarm system in place that locks down an account when there is a request to change details done in a totally different language and country from the actual account holder's on-record address and language?
Forum Avatar
Orlyia
Support Forum Agent
#17 - June 5, 2013, 6:32 p.m.
Blizzard Post
Looks like petition has been submitted, and this is in the works.

Scanning is always good, looks like most everything else was addressed - I'd also recommend an authenticator.

They'll get mine when they pry it from my cold dead paws :)

~~~~~~~~~*~~~~~~~~~*~~~~~~~~~*~~~~~~~~~*~~~~~~~~~*~~~~~~~~~

Got Feedback? Click me.
Forum Avatar
Orlyia
Support Forum Agent
#23 - June 5, 2013, 7:17 p.m.
Blizzard Post
Locking this, folks - it's been handled.

Thanks!