Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

the hackers new tactic

Forum Avatar
Slÿder
#1 - Oct. 7, 2011, 7:08 p.m.
Blizzard Post
So, my wife has an email she created JUST for world of warcraft. She does not use it for anything else. Recently, she recieved an offer in her email for a "free" winged gaurdian mount. Email looks official, untill you read the last few lines of the "engrish".

I am a Guild master of a large guild on my server, and have seen several players accounts comprimised in the last week. One member even had all his toons deleted on his account.


The reason for my post here is two fold... One, to spread the word and warn players about the new tactic the account thieves are using. If you really think Blizzard is gonna give you a "free" $25 mount, go ahead and click the link... If you think Blizz might want the $25.... report it as a phishing scam.

the second reason I post about this is in my opening sentence... My wife ONLY used this email to correspond with Blizz...

so how did her email address end up in the hackers mailing list? Is there a comprimise in Blizzards database that the Hackers have utilized to gain access to Blizz's customers? Why would they not tell us about it?
Forum Avatar
Orlyia
Support Forum Agent
#64 - Oct. 7, 2011, 8:31 p.m.
Blizzard Post
so how did her email address end up in the hackers mailing list? Is there a comprimise in Blizzards database that the Hackers have utilized to gain access to Blizz's customers?


A few ways, but no - it didn't come from us.

She could have spyware on her system, otherwise innocuous other than harvesting email addresses.

Someone else might have that email address in their address book and THEIR system is infected.

She may have inadvertently used that email in another place.

As mentioned, if the email is something that might get a hit from the dictionary - they send these out by the tens of thousands via automation. SOME of those random addresses are going to be real and SOME of those real ones are going to be WoW players :)

But no, it didn't come from us.
Forum Avatar
Orlyia
Support Forum Agent
#70 - Oct. 7, 2011, 9 p.m.
Blizzard Post
I have a theory about conspiracy theorists getting about what they deserve....but I digress.

If they ever got into OUR database - EVERYONE would be getting these. What has happened periodically is that OTHER companies have gotten compromised and the thieves come by massive lists of emails, names, passwords, etc.

Now, use the same information everywhere - yeah, that's a risk. That's also why we highly recommend both your email account AND your password for WoW be totally unique TO WoW.