I recently had a friend that re-enabled his account. After logging in for the first time in many months he found that all his gear on all 9 characters (some on different servers) was gone. He discussed this
with Blizzard and they returned it saying that it must have been removed based on the account being de-activated for nearly a year.

About two weeks later he recieved a second email stating that an additional charge had been placed on his credit card due to a charge back that happened in March when the account was re-activated. The problem with this is he had not activated the account in March. the last time it was activated was last August and not re- opened till the begining of July. After a couple emails back and forth Blizzard had explained that someone activated his account back in March with false Credit card info. They apoligized for any inconvienance and returned the money from the charge back.

Both my friend and I are IT Security and Networking professionals, and we have come to some startleing conclusions based on the evidence.

Blizzards Login servers have been hacked and are continueing to be hacked on a regular basis. My friend and I both play on a Mac, so we can absolutely rule out Virus/Spyware/other methods of attacking the
client via either Hardware, OS, Software. Given also that he de-activated the account almost a year ago (six months before being hacked) and therefore there would have been no data stream for a "man in the middle" hack back in March to glean the password. Based on the evidence of his situation, and given the shear amount of hacked accounts in recent months it is clear that Blizzard is the party that has been hacked, not the Tens/Hundreds of thousands of accounts holders that have been hacked already.

My guild is one of of the largest on the Durotan server and in the last 2 months we have had 12-15 accounts hacked, so many in fact that we have been in contact with Blizzard to get re-assurances that we were not being targeted somehow. Given that there are over 10 million accounts and out of the sample of 300 or so accounts in my guild I would base that aproximately 5-6% of the accounts have already been hacked. A number that Im sure Blizzard will not want getting
arround.

Now with the above SecurID dongles being proven to be able to be worked arround, Im sure that many, like myself, will be switching from Monthly credit card withdrawls to purchaceable game cards so to minimize the posibility of loss.

Put another way, the biggest loss of personal and credit card informantion that I know of to date was somewhere near the 1 million mark(TJX corp). If what some suspect is true, and Blizzard does not come clean and tell us exactly what happened/is happening, Blizzards suspected loss of personal and credit information could be 10 times the TJX loss.

Reply