Support NeoGAF

[Arsenic]

..and I cannot recover it. Not now at least.

I got an email stating a request to change my email address to an email I do not have any association with. It's been over a year since I played any game on my Blizz account as well.

Fast forward, I go to the account recovery page to see what can be done. Phone call and live chat are obviously down at this hour, but they seem to have an automated recovery process or whatever.

First option was answering the security question correctly, which did not work at all. Maybe it was changed? Is this possible? And if so, that's a serious fucking security flaw for these accounts.

Second option was to enter the serial numbers for the physical copies of games I own. I own only digital copies, so I'm screwed there.

Third and last option is to upload a picture of my ID or passport showing my first and last name. Very strange option to explore, and I don't feel too comfortable doing this.

Has anyone tried this step? Or better, is anyone experiencing something like this right now?

 

[Wario64]

Just do the ID option.

Then protect your account with the authenticator

 

[Aeana]

I had to scan my photo ID to get them to remove the mobile authenticator from my account after my phone died. It was quick/painless.

 

[slicedmass]

do the id option and photoshop important information like your driver license number etc.

 

[ASTROID2]

Mine was hacked a while ago too. Then got control of my account then a few days later they locked it again. So I said fuck it and I'm done. Why does it seem they have a really high hack rate? Don't they have security?

do the id option and photoshop important information like your driver license number etc.

I agree do this.

 

[slicedmass]

Mine was hacked a while ago too. Then got control of my account then a few days later they locked it again. So I said fuck it and I'm done. Why does it seem they have a really high hack rate? Don't they have security?



I agree do this.

blizzard accounts are hot commodity's, the most common way they get hacked is forums get hacked and the emails/passwords can often times be the same as a blizzard account. This is especially true for any fan site specifically about diablo/warcraft/starcraft.

Too bad their authenticator is either 1) buy a USB stick from them or 2) get a non-Dumbphone since they can't seem to do e-mail to your two-step authenticated e-mail address (sup, Google) or text a dumb-phone (sup Google) or let you make your own USB key.

There is a windows app (its open source) that is an authenticator. I used it as I had a shitberry that didnt work with their authenticator app. It works like a charm.

 

[TheSeks]

Then protect your account with the authenticator

Too bad their authenticator is either 1) buy a USB stick from them or 2) get a non-Dumbphone since they can't seem to do e-mail to your two-step authenticated e-mail address (sup, Google/Steam) or text a dumb-phone (sup Google) or let you make your own USB key.

 

[Arsenic]

I was weary of the ID option mostly because I wasn't sure if it was a phishing attempt as well. a friend of mine got a fake email a month ago from "blizzard" saying pretty much the same thing, linking him to a website that asked for certain info.

But right, ASTROID, there's seem to be a very high rate of account hacking on blizzard.

blizzard accounts are hot commodity's, the most common way they get hacked is forums get hacked and the emails/passwords can often times be the same as a blizzard account. This is especially true for any fan site specifically about diablo/warcraft/starcraft.

I use none of these forums. It's also strange how this happened days after changing all of my passwords to sensitive account (not blizz)

 

[civilstrife]

A hacker took my account a while back and bought me a WoW expansion. It was nice

 

[Delstius]

Just had the same issue yesterday and I opted for the third option, worked fine. Follow slicedmass advice tho~

 

[slicedmass]

I was weary of the ID option mostly because I wasn't sure if it was a phishing attempt as well. a friend of mine got a fake email a month ago from "blizzard" saying pretty much the same thing, linking him to a website that asked for certain info.

But right, ASTROID, there's seem to be a very high rate of account hacking on blizzard.



I use none of these forums. It's also strange how this happened days after changing all of my passwords to sensitive account (not blizz)

im only stating 1 of the common ways it happens, others are keyloggers etc. So many ways it can happen you would never be too sure how it happened unless you filled out a phishing email and realized it after being hacked.

 

[Soul Destroyer]

I have an authenticator on my account and I got an email a few weeks ago saying I was hacked that seemed legit.

Didn't follow it up as I'm assuming its BS so may be worthwhile double checking.

 

[Arsenic]

blizzard accounts are hot commodity's, the most common way they get hacked is forums get hacked and the emails/passwords can often times be the same as a blizzard account. This is especially true for any fan site specifically about diablo/warcraft/starcraft.



There is a windows app (its open source) that is an authenticator. I used it as I had a shitberry that didnt work with their authenticator app. It works like a charm.

im only stating 1 of the common ways it happens, others are keyloggers etc. So many ways it can happen you would never be too sure how it happened unless you filled out a phishing email and realized it after being hacked.

Oh I know. I'm just surprised if there was any other methods then why are my other accounts untouched lol. It odd bliz.net was targeted when its so inactive, rather than, idk, my banking account or dropbox.

 

[Rafterman]

Mine was hacked a while ago too. Then got control of my account then a few days later they locked it again. So I said fuck it and I'm done. Why does it seem they have a really high hack rate? Don't they have security?

Being hacked involves your security, not Blizzards. Whatever happened was on your end. Get an authenticator, they work and you'll never get hacked again.

 

[DrSlek]

Oh I know. I'm just surprised if there was any other methods then why are my other accounts untouched lol. It odd bliz.net was targeted when its so inactive, rather than, idk, my banking account or dropbox.

Most often it's gold farmers who want access to a potential WoW account. They find a WoW account, sell every item than can be auctioned, and vendor the ones that cannot. They mail the profits to a dummy account and then move on.

Being hacked involves your security, not Blizzards. Whatever happened was on your end. Get an authenticator, they work and you'll never get hacked again.

Erm....wasn't it proven a while ago during the whole Diablo 3 debacle that battle.net accounts do not lock after several unsuccessful login attempts, and that password capitalization did not matter?

Those are pretty basic security features that would allow an easy brute force attack. The lack of these basic security features shouldn't be disregarded if the user simply doesn't have an optional security device.

 

[Jarmel]

I got a $240 charge from the Blizzard Online store. Had to cancel a debit card earlier this week.

 

[Arsenic]

EDIT:
ah nvm.. misread Aeana's post

 

[Not Spaceghost]

Do you play WoW? If so did you play before WotLK and have a boxed copy of your BC cd key? Or vanilla WoW one?

I have been hacked twice (i slapped a auth after the second time) and the only information I have ever needed to get my account back was the CD key I used to register my vanilla WoW account because there is zero way that the hacker has access to that information.

 

[yamo]

Funny, I just got an email this morning saying that my account has been locked due to "unusual change in access pattern". I've not loged in forever but I have an authenticator connected to my account.

 

[TheSeks]

is a windows app (its open source) that is an authenticator. I used it as I had a shitberry that didnt work with their authenticator app. It works like a charm.

Link? Because Battle.net doesn't have a Windows app.

 

[Wario64]

Too bad their authenticator is either 1) buy a USB stick from them or 2) get a non-Dumbphone since they can't seem to do e-mail to your two-step authenticated e-mail address (sup, Google/Steam) or text a dumb-phone (sup Google) or let you make your own USB key.

I have an iPhone, no problem for me

 

[TheSeks]

I have an iPhone, no problem for me

Good for you, but that's missing the point: Their authenticator sucks compared to Steam and Googles multitude of options. It's either get a better phone or get a proprietary USB key.

 

[Echoplx]

Link? Because Battle.net doesn't have a Windows app.

https://code.google.com/p/winauth/ or https://winauth.com/

I just used it myself, works great.

 

[TheSeks]

https://code.google.com/p/winauth/ or https://winauth.com/

I just used it myself, works great.

That's amazing. Why doesn't Blizzard make their own like that? Ugh, whatever. I set it up. Watch it bite me in the ass if somehow my account is hacked though since this isn't an "official Blizzard supported" thing. :/

Spoiler

But given how their account protections are...

 

[Arsenic]

Do you play WoW? If so did you play before WotLK and have a boxed copy of your BC cd key? Or vanilla WoW one?

I have been hacked twice (i slapped a auth after the second time) and the only information I have ever needed to get my account back was the CD key I used to register my vanilla WoW account because there is zero way that the hacker has access to that information.

Nope, just Diablo. I also have not logged on in over a year.

 

[Ertai]

First option was answering the security question correctly, which did not work at all. Maybe it was changed? Is this possible? And if so, that's a serious fucking security flaw for these accounts..

Security questions cannot be changed so you most likely just did not provide the correct answer.

 

[BigJonsson]

My account was hacked once, a year after I stopped playing, I recovered the account quickly and had a free month paid for by whoever hacked or bought the account from a hacker

Put an authenticator back on it after that

 

[slicedmass]

That's amazing. Why doesn't Blizzard make their own like that? Ugh, whatever. I set it up. Watch it bite me in the ass if somehow my account is hacked though since this isn't an "official Blizzard supported" thing. :/

Spoiler

But given how their account protections are...

sorry went to bed so didn't see you wanted a link. Blizzard doesn't release this/support it because of it technically being insecure because if you have it on the same computer as your games the if that got hacked it means your account could still get hacked. honestly though you can password protect the authenticator so that adds some further protection and if your computer gets hacked so bad that a hacker is able to pull files like your authentcator off your computer or simply run it on your computer to get an authentication code then you pretty much deserve to get your account taken. But thats why Blizzard doesn't support it, also probably because there is no money to be made on RSA authenticators they sell if they provide such an easy free option.

 

[Infinite_Daremo]

Mine got hacked a while ago. I let them keep it. Not like ill ever play Diablo again.

 

[Stumpokapow]

Too bad their authenticator is either 1) buy a USB stick from them or 2) get a non-Dumbphone since they can't seem to do e-mail to your two-step authenticated e-mail address (sup, Google/Steam) or text a dumb-phone (sup Google) or let you make your own USB key.

It is more secure the way they do it for a number of reasons; the key can expire more quickly than an email-generated auth code which has to be viable for 6+ hours due to issues receiving email; no communication is needed between server and player is necessary (reducing the risk of interception); and it more readily satisfies the actual premise of two-factor authentication, which is that to get access to your account you need something you KNOW (your password) and something you HAVE (your dongle and/or your smartphone).

The real question you should be asking is why have Google and Steam not built a system as secure as Blizzard's?

 

[Anth0ny]

happened to me too.

I called them and was able to get it fixed. quick and painless.

i've never played a blizzard game since. ugh.

 

[Robin64]

It's not a USB key, it's just a standalone device. And Blizz make little to no money on the authenticators, you pretty much pay for cost. Really, having one (or installing the app on your phone) stops, well, every hack attempt.

 

[styl3s]

I got a $240 charge from the Blizzard Online store. Had to cancel a debit card earlier this week.

This is why i never keep any credit/debit cards on file anywhere.

Happened to me once and never again. Now i either use pre-paids, game specific cards or if i want something immediately i pay with debit and immediately remove it from my account. Also, yeah.. Get an authenticator. My wow account was hacked years ago and since i got a authenticator i haven't been hacked.

I wish more companies used them and not just MMOs. I would love a PS4/XBONE authenticator.

 

[Spiderduff]

I agree. Authenticators are great. My buddy got recently hacked and got all his characters gear sold and then his main transferred to the Horde. Its not hard to get it all back, but its the process of dealing with it for a few days that is a pain. Hope all turns out well!

 

[AzureSkies]

They asked for my ID on my account and my old account was tied to my mothers, and she refused to help out.

So I sent Blizzard an essay on how they'd be missing out on a paying customer who's going to continue to pay for WoW for years, and that there's no way they'd ever get my tech illiterate mother to ever scan her ID. Needless to say, I got my account back in a few hours, alongside all of the materials back that the hackers farmed, with a lot of gold and random characters leveled to 85.

 

[Yasawas]

First option was answering the security question correctly, which did not work at all. Maybe it was changed? Is this possible? And if so, that's a serious fucking security flaw for these accounts.

Are these not just a bad idea to begin with? Every time I've ever been asked for one I just enter random characters but maybe I'm just being paranoid. If it's anything that can be known or guessed about you then it just makes it more likely you'll be a victim.

 

[Berordn]

It's either get a better phone or get a proprietary USB key.

It's not a USB Key, it's a pretty basic disconnected security token.

 

[aeroslash]

I had to do the ID thing also...

 

[StarCreator]

My account constantly gets locked despite having no payment information stored in it (or anything of value at all, really - I've never played WoW and I don't own Diablo 3). I tried to activate the authenticator app but Blizzard's site kept erroring out during the activation process. I never use the account for anything, so I didn't bother doing anything else with it after that.

 

[Slackbladder]

I have had multiple hacks etc on my account which I haven't used in over a year. It's a complete pain in the ass and partly because of this I have no intention of playing a Blizzard game ever again.

 

[RoninChaos]

Good for you, but that's missing the point: Their authenticator sucks compared to Steam and Googles multitude of options. It's either get a better phone or get a proprietary USB key.

The authenticators are 6 bucks, shipped. It's not a USB key either. It's a security token, similar to the ones that banks use. I've had hacks to a bunch of my accounts since the Sony hack a few years ago. It fucking sucks. I don't even know how to keep enough passwords in enough places to be safe. I've got authenticators on accounts when I can. I have one for WoW/Diablo III/SCII, I have one for The Old Republic, I have one on my gmail accounts. It's a pain but I'm protected.

Look, I agree with you, hacks suck and they shouldn't be happening, but WoW is the most popular MMO in the world. Starcraft II is a very popular RTS, and Diablo III is a very popular Action RPG. All of those are tied to an account. Could they do more like Steam? Sure, but just spend the 6 bucks and not worry about it. Or get a smart phone and get the free app. There are ways you can protect yourself and your accounts.

 

[Atsumi]

A hacker took my account a while back and bought me a WoW expansion. It was nice

Dang. All my hacker got me was a month of game time and a couple thousand gold. :/

 

[katkombat]

Mine was hacked a while ago too. Then got control of my account then a few days later they locked it again. So I said fuck it and I'm done. Why does it seem they have a really high hack rate? Don't they have security?



I agree do this.

My Blizz account gets locked about every 2-3 months due to "suspicious activity". I'm never on my Blizz account. I beat HotS and haven't touched it since.

 

[Mephala]

This happened to me earlier this year. It took me a long time dicking around with the automatic recovery wizard and waiting for the call to connect before I gave up on both those ideas and fired a support ticket away and walk away. The process I might add, is absolutely stupid. I created a separate battle net account so I could submit a help ticket to recover my actual account? Checking my mails, this happened in Feb.

Also, the third option, uploading a photo id, was not available when I tried it.

This is the ticket description:
Hi, I have an account that I cannot log in to. I have forgotten both my password and secret question answer. I cannot retrieve my authentication key from my digital copy of SC2 without logging in either so the Log In support wizard isn't helping me at this point.
I still have access to my e-mail including purchase receipts and records from previous bnet contact. I had to create this account to submit a ticket, the account I am trying to recover is
blahblah at email dot com

Regards,
Me

Edit: I should probably say I that I lost my account exactly how you (OP) described, I just figured they didn't need all that detail, I just want my account back and have proof of purchase. The ticket had limited words also.

Less than an hour and a half later.

Dear Customer

Thank you for contacting Blizzard Entertainment Customer Support

First and foremost,we apologize for your inconvenience
Currently, we're having an issue with website error on performing password reset
We put TOP PRIORITY on fixing this issue so please bear with us

All you need to is sending us following details.so, please send us follows

* your request :[ Password & Secret answer reset ]

a.Your First / Last name as registered to your account :
b.Your Battle.net account : blahblah at email dot com
c. A screenshot of the email which contains the receipt of SC2 online order will do instead.
**the receipt and your email address should be visible at the same time from the shot**
d. Please select a question among below and type your desired answer

1. If you could change your name, what would it be?
2. What was the last name of your favorite teacher?
3. What was ths last name of your first boss
4. What was ths name of the boy/girl you had your second kiss with?
5. What was the name of your second pet?
6. What was your childhood nickname?
7. When you were young, what did you want to be when you grew up?
8. Who was your childhood hero?​

A:___________ ( E.g: #8 : spiderman )

***NOTE) once your secret question changed, we won't change it anymore but for answer

Hope to hear from you soon

Warmest Regards,

Natasha
SEA Blizzard Entertainment Customer Service

Not too much longer after I had followed the instructions.

This is the latest response from Customer Support:
Dear Customer

This is Natasha again

I have sent a password reset link to " blahblah at email dot com " so that you can change your password by yourself

Also, I've updated your secret answer and just you know that the secret answer is case- sensitive

Warmest Regards,

Natasha
SEA Blizzard Entertainment Customer Service

I was originally really shitty about the whole thing because I had spent ages with the autorecovery wizard and and spent some time waiting for someone to pickup the the techsupport line. But oddly, the fact that the same person was answering me and was had smiley faces in the e-mail made me feel better. >_>
I think the fact that the first thing they did was acknowledge the fact that they had a problem with their password reset wizard and I wasn't just an incompetent ludite helped as well. Mostly the unexpected smileys and quick resolution though. The process from my first support ticket to regaining my account took about 4 hours and I was slow to get what was needed.

tl:dr. Send a support ticket telling them what happened. You may need to create a separate account to do so. Tell them you have access to your original e-mail and receipts and any previous correspondence (assuming you do...)

 

[Arsenic]

I'm quite late with a response, but I thought I'd update this thread with something interesting. Blizzard got back to me the following day via email with a link to reset my password. Literally 1 minute later there was a follow-up email stating that the request to change password was successful. Minutes after that, an email that my account was locked due to suspicious activity. Okay so now it's war, obviously the person had my yahoo account (unlikely since I've changed my password for that too) or was using a method that has yet to be discovered (possible, given how common these hacks are).

Anyway, I gave support a call this time since it was midday and they took care of the issue very quickly. Added an authenticator and changed my email to a more secure service. Problem solved. But now I realized how screwed and backwards our internet security is.

I rather not get into much detail, but I now realized how vulnerable my facebook and apple accounts were too. Facebook was a breeze to take care of, but Apple, a billion dollar corp, has some really bullshit and backwards measures in place. Absolutely fucking atrocious.

After attempting to change my email (since yahoo cannot be trusted anymore), I was asked to answer my security questions, which for the life of me I can't remember the answer for. I had to call support to try to get this fixed, and what do they tell me? My account is locked for 24 hours because I can't answer the "security questions". Shit like "Who was your favorite teacher" and "What is your spouses middle name?". I usually try not to give obvious answers to questions like these because then, any close enemy of mine will be able to access my shit. But I also forgot the damn answers. So despite being able to provide my phone number, CC info, address, and even repeat a secure code sent to my phone (not via text) I was still "locked out". And its not like I couldn't log in, it meant I just couldn't change my password. Backwards AS FUCK. So if an intruder had my password, he/she can wipe out all of my information on all of my devices with a couple of clicks, while I sit back not able to do SHIT because of these stupid measures. Anyway, I had to let this off my chest, in case someone else goes through what I go through. This cloud business is a pain in the ass.

Are these not just a bad idea to begin with? Every time I've ever been asked for one I just enter random characters but maybe I'm just being paranoid. If it's anything that can be known or guessed about you then it just makes it more likely you'll be a victim.

Yup, as stated in my bloated ass rant up there, most security questions are risky. Shit like "Your mother's maiden name" should NEVER be an option, since a simple facebook check or social engineering will put you at risk. It's silly. Options to create you own question is a better method, though not perfect.

This happened to me earlier this year. It took me a long time dicking around with the automatic recovery wizard and waiting for the call to connect before I gave up on both those ideas and fired a support ticket away and walk away. The process I might add, is absolutely stupid. I created a separate battle net account so I could submit a help ticket to recover my actual account? Checking my mails, this happened in Feb.

Also, the third option, uploading a photo id, was not available when I tried it.



Edit: I should probably say I that I lost my account exactly how you (OP) described, I just figured they didn't need all that detail, I just want my account back and have proof of purchase. The ticket had limited words also.

Less than an hour and a half later.


Not too much longer after I had followed the instructions.



I was originally really shitty about the whole thing because I had spent ages with the autorecovery wizard and and spent some time waiting for someone to pickup the the techsupport line. But oddly, the fact that the same person was answering me and was had smiley faces in the e-mail made me feel better. >_>
I think the fact that the first thing they did was acknowledge the fact that they had a problem with their password reset wizard and I wasn't just an incompetent ludite helped as well. Mostly the unexpected smileys and quick resolution though. The process from my first support ticket to regaining my account took about 4 hours and I was slow to get what was needed.

tl:dr. Send a support ticket telling them what happened. You may need to create a separate account to do so. Tell them you have access to your original e-mail and receipts and any previous correspondence (assuming you do...)

I'm late, but I appreciate this response. The overall process took me about 16 hours, counting the down-time overnight (sleep and shit).

 

[pixlexic]

Mine got hacked twice then I added one of those activator things on my phone but never have my phone with me when i want to play.

 

[Wario64]

Wonder if you got hit by a key logger