Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsAccount Administration encouraged not to restore hacked characters
by Adam Holisky 
Jan 8th 2010 at 11:00AM
Please see the update to this original post.
If the player does not accept this care package, they are then forced to go into a character restoration queue that is consistently several days to weeks long. According to sources familiar with the situation, this "care package policy" has been implemented in order to lighten the work load of those Blizzard employees who perform account restorations. Similar policies have existed at other times account compromises have been high, such as during the transition from Vanilla WoW to The Burning Crusade.
This care package being offered consists of the following:
- 2,500 gold
- 2 Emblems of Frost
- 10 Emblems of Triumph for every day the players has had to wait to receive the care package
WoW.com believes that this practice, while potentially making some sense logistically, stands firmly against the best interest of the players. Sources that we have spoken with tell us most account administrators do not agree with this policy, however their hands are tied due to Blizzard management (it is their job, after all, and they have to do as they're told).
WoW.com believes Blizzard can do a better job at solving long restoration queue times without placing player's hard work as a secondary concern. Instead of offering players a care package, Blizzard can employ more staff, and as we will discuss in a later post, train those staff in better ways to prevent account compromises and exploitation. The serious consideration given to mandatory authenticators is also part of this solution.
Filed under: Blizzard, News items, Account Security
Reader Comments (Page 2 of 21)
Ktok Jan 8th 2010 12:56PM
@Creese5704
In nearly very case of account theft, it is not what you'd call "hacking". Hacking implies some form of discerning information through force. What happens to WoW accounts is, generally, someone being careless and getting keylogged. This is "compromised security" not "hacking" and does not happen if you have an authenticator.
Why not? Because even if they know your login and password, unless they can also guess the random string of numbers on the authenticator for that specific span of 30 seconds, they can not log in to anything related to your account. This precludes the theft of the account, as they are unable to *change* the password, log in to take items, or transfer a character.
The only way to lose an authenticator protected account is if the thief has your login, password, original CD key, and secret question answer. If they somehow manage to have all that (CD key is *extremely* unlikely unless you bought the account online) then yes, they can get an authenticator removed by posing as you to customer service. It is, however, far, far less likely that this will happen than it is that some idiot at your house could use your computer for 15 minutes, run into a key logger, and you lose your account for simply not having an authenticator.
catharsis80 Jan 8th 2010 1:10PM
@Hakker
It is never, I repeat NEVER, the player's fault for being hacked. If that were true, then it is the murder victim's fault for being murdered, the victim's fault for being stolen from, and the victim's fault for being raped.
This sentiment is utterly absurd, and should be shot down whenever it rears it's freakin ugly head.
EZ Jan 8th 2010 1:42PM
HOW DARE THIS ARTICLE BE CRITICAL OF BLIZZARD!?
I DEMAND it be taken down IMMEDIATELY!
MY fan-boy rage is OVERPOWERING YOUR WEBSITE!!
TAKE. IT. DOWN!!!
edit: lot's of reply's up in this thread
Speedmonkay Jan 8th 2010 1:42PM
Accept the package and be done or wait a while for your stuff to be restored.
All depends on how much your stuff is worth to you.
Account restoration on WoW is still way easier than some other games. On FFXI to reclaim your compromised account, you have to get a form filled out and signed by a notary and mail it into Square Enix. Then wait to be contacted and continue the rest of the long process from there.
catharsis80 Jan 8th 2010 1:59PM
Seriously, how was my comment downrated with no rebuttals to it? Show me how this is flawed logic.
I will stand by it: It is NEVER a VICTIM's fault that they had a crime perpetrated against them. Anyone who says it is is immediately suspect to me already as BEING a perpetrator themselves. Don't you all realize that the hackers WANT you all to think it's your fault for being hacked? It delights them. They have no blame put on them, yet they are the only ones in this scenario committing a crime.
Starsmore Jan 8th 2010 2:09PM
Rape and Murder?
Wow, someone's going a little overboard. Take a step back.
This is more akin to me handing my car keys over to the shady dude standing on the corner, and asking him to park my car. Then he takes off with it.
Yeah, he's a criminal for taking off with my car, but he would have never done so if I never gave him the keys in the first place.
Same thing here.
Phishers and the like don't break into your house to steal your login information. They don't have secret ninjas that sneak into your computer room while you are sleeping to steal your epics. They use social engineering to trick you into plugging your login information into their site, so they can get your account.
So yes, it is the victim's fault for being an f'ing moron and thinking that they can get into the Cata beta by going to www.cataclysmbetaworldofwarcraft.cn
catharsis80 Jan 8th 2010 2:29PM
Rape and murder were just used to bring out the fact that we are talking about CRIME. This is not "going overboard" but trying to illustrate.
The victim is not an "f'ing moron" as you so rudely put it. They are misinformed and uneducated on how to understand and use the Internet, and what to watch out for. There's an enormous difference between being a "moron" and plain, innocent ignorance.
Also, pointing fingers and calling them morons really doesn't help them either, fyi. They need to understand, not be insulted.
Tethra Jan 8th 2010 2:48PM
@catharsis80
LOL rape and murder? It's more like someone having unprotected sex. If you don't wrap it up and you have lots of one-night stands, it's your fault if you get Herpes because you engaged in risky behaviour and didn't protect yourself. Even if you have unprotected sex in a monogamous relationship, the other person may not be as clean as you think they are, or you could end up with an unwanted pregnancy. Again, if you don't protect yourself, you end up with things you don't want.
Similarly, if you don't protect your account and you do stuff like buy gold or use powerleveling services, it's your fault you got hacked. Even if you don't think you engaged in risky activity, someone else who used your computer could have done something risky and got your computer infected.
Also, I'm tired of people saying, "My password wasn't easy to guess. How did I get hacked?" IT DOESN'T MATTER HOW GOOD YOUR PASSWORD IS, IF YOU GET A KEYLOGGER ON YOUR COMPUTER, YOU ARE SCREWED.
Wither Jan 8th 2010 2:59PM
A whole lot of people going crazy over a whole lot of nothing as usual. I think WoW players just like to argue.
Obviously reducing phishing and hacking is in both players and Blizzard's interests. The traditional ways to do this are:
1) Educate the players about how to avoid being compromised.
2) Encourage players to use more secure methods (like the authenticator).
If they still have trouble, then Blizzard can eventually mandate use of the authenticator and as others have already said, hopefully they'll be one in certain Cata boxes when it is released.
Finally, to redirect the attention of Blizzards account teams to where they are most needed, they can offer a quick solution of a care package instead of a restoration to players AS AN OPTION.
Yay! That means in some cases players get playing again sooner and they also allow the account restoration team to focus their energy on players who need a full restoration. Everybody wins! The key point - is that it is optional - you don't have to accept it.
Noting that I haven't said anything controversial yet, let me wade in on an separate ethics issue.
*Victim's of crime are never to blame.*
Read this before joining sides on that debate - http://www.scu.edu/ethics/publications/iie/v3n2/justworld.html.
Aykwa Jan 8th 2010 3:09PM
I think Blizzard is missing the boat here in terms of what account security can be. The 3 possible categories of access control involve something you have (a key or authenticator), something you know (a user/pass) or something you are (fingerprint, eye scan, voiceprint). Having 1 of the 3 is lease secure but most convenient, having multiple of each is most secure but least convenient.
Right now, without the authenticator, they ask for 1. With the authenticator they ask for 2, which is of course better. But is having the authenticator for the second choice really the best thing to do? Secure it is. Convenient, not as much. And the possibility of losing an authenticator can be a nightmare. What's more, if you play in different places (different locations or on a laptop in different places) you are forced to physically take the authenticator around everywhere you go, increasing the chance of loss or even theft by someone familiar with you. Lost and stolen authenticators put an account out of commission for a while, and also cost Blizzard extra support time.
I think Blizzard should look at allowing other methods of account security besides just authenticators, and then let users have a choice between several.
Hoggersbud Jan 8th 2010 3:42PM
>It is NEVER a VICTIM's fault that they had a crime perpetrated against them. Anyone who says it is is immediately suspect to me already as BEING a perpetrator themselves. Don't you all realize that the hackers WANT you all to think it's your fault for being hacked? It delights them. They have no blame put on them, yet they are the only ones in this scenario committing a crime.<
Your absolutist and hysterical position makes me immediately suspect you are a person who refuses to accept any responsibility for your own actions.
Fault is indeed possible in the case of being hacked, murdered or even raped. And believe it or not this does not necessarily absolve the action of the offenders, as there is no shortage of blame to go around. Of course, sometimes it does, but that's a matter for the courts in the case of murder and rape, and probably too emotionally charged a subject to discuss here. Which is probably why you brought them up as examples, as you figured nobody would dare speak against you.
But they can just downrank you without even bothering to say anything. Me, though, I'll tell you to cut the bullshit and I'll tell you why. Because you're an ignorant judgemental moron who ought to be slapped in the head till you get some sense knocked into you.
Tethra Jan 8th 2010 4:22PM
@Hoggersbud
Yeah, he sounds like he was hacked before and refuses to accept that he is at least partly responsible for it. It's like having unprotected sex with a hooker and then saying it's the hooker's fault you got syphilis.
Tethra Jan 8th 2010 4:32PM
And now he appears to be downranking anyone who doesn't agree with him.
jslim419 Jan 8th 2010 6:53PM
"It is never, I repeat NEVER, the player's fault for being hacked. If that were true, then it is the murder victim's fault for being murdered, the victim's fault for being stolen from, and the victim's fault for being raped."
it is the murder victim's fault if he walked into a serial killer's house, and started yelling obscenities at him to goad him into a fight. it is the victim's fault for being stolen from if they leave their front door standing wide open instead of closing, and locking it. and it is the victim's fault for being raped if they walk around town buck naked with "rape me!" written on their skin.
hell.. i should contact chevrolet about just giving me a free car instead of making my insurance pay for the small fender bender i had last year, because it's not my fault. it's chevrolet's fault for not making a 100% crash proof car that i don't have to pay attention while i'm driving it.
Fuzzbutt Jan 11th 2010 1:20PM
Murder and rape? Really? You really want to go there? Yes! There are situations in which victims in those cases are to blame. Not always, but sometimes. If you let a sex offender babysit your child, you have played a part in any crime he or she commits. If you lay down in the middle of the road and someone runs over you in their car, it's certainly YOUR FAULT that you got run over.
I think, to an extent, the Just World Theory doesn't necessarily make something wrong. If you got run over, for example, and I was on the jury for the case against the guy that ran you over, I would want to know if you decided to lie in the road. Placing yourself in the roadway would be a reason for me to vote to acquit the driver. That is clearly YOUR FAULT and YOU ARE the victim. Sorry, it happens sometimes. Just because JWT can be used as a logical fallacy in some cases, doesn't mean the thought process involved is never valid.
In the case of the rape in the Just-World arcticle, I don't think the rapist should have been acquitted. He obviously raped the woman, there was evidence he raped her, and he should be held responsible for that. On the other hand, there were obviously things the woman could have done differently to give herself more protection. She could have gone to the bar with at least one friend. That's not just a woman thing; I'm a male and I go to bars and clubs with friends because there is safety in numbers. You never know what will happen, and it's a bad idea to go out to the sometimes dark parking lots alone late at night. She could have not dressed in the manner she did. Dressing in a manner designed to attract the more base desires of others did just that. She could have carried a device to protect herself like mace or a taser. She could have learned self-defense tactics. She could have had a little less to drink, as alcohol impairs your judgment and situational awareness that could otherwise allow you to avoid parking lot hobos. These factors DO NOT make the rapist innocent, but there are a number of things that the example woman could have done to make herself less vulnerable to the vagrant in the parking lot. It's an atrocious crime, he's definitely guilty and should have been held accountable for his actions, but at the same time she didn't really take actions to protect herself.
If your house gets burgled, the burglar is definitely responsible and should be held accountable for his actions. On the other hand, you could have had an extra lock. You could have had an accurate alarm system. You could have lived in a neighborhood with an active neighborhood watch. You could have closed the blinds in the window to the room with your $10,000 entertainment system and your wife's diamond jewelry displays. All of those things open you up to being a victim. You aren't to blame. The burglars are still guilty of their crimes. BUT you didn't protect yourself to the extent you should.
Now, let's apply this to the hacked accounts. Account thieves are responsible for what they do, it's wrong. Shame on them! This isn't rape, murder, or theft, though, and although it'd be nice to hold them responsible for their actions, they never will be. That sure sucks. They're anonymous and hard to track. In the face of this happening, we have to be alert. We know who is trying to compromise our accounts, now let's avoid it. Let's download a good virus scanner, firewall, and malware scanner. Let's make sure we use a browser that is more difficult to compromise (Firefox or Chrome). Let's get appropriate addons to prevent scripts from running. Oh, and while we're at it, let's get one more layer of security--it's called a Blizzard authenticator. Although that CAN be subverted, it's much less likely than just your account name and password.
Or, we can be a victim and we can analyze what went wrong after the fact. You could have had a better firewall/virus scanner/malware scanner. There are free ones that find keyloggers. You could have not followed those links on the forum. You could have changed your password after logging into your account from your friend's computer. You could have improved the security of your web browser. Oh, yeah, or you could've had that little $6 box called an authenticator. Although someone else is still guilty of messing with your account, there are many things YOU PERSONALLY can do to protect yourself. It may not be your fault, but it's much harder to be sympathetic to you. How can Blizzard/the police/Batman protect you when you can't take basic steps to protect yourself?
Situational awareness beforehand and simple protective measures are always better than crying to blizzard after the fact. Courts can't un-rape, un-murder, or un-burgle you. Blizzard can't completely un-compromise your account, even though they can restore your purple pixels. Many people with compromised accounts are re-compromised in the future unless they take more protective steps.
I think it's wrong to take the responsibility for crimes away from criminals, but it's also wrong not to expect people to have a small amount of personal responsibility for themselves. It's wrong not to expect people to have situational awareness and to take small, reasonable steps to protect themselves.
toddoster Jan 12th 2010 8:49AM
I would settle for like 29k and some serious emblems (enough for 2 sets of tier gear (Dual Spec), I can make 2k in a weekend. It is shoddy management by Activision I suspect, these customer service nightmare scenarios were not happening when it was just Blizzard.
If they want to make authenticators mandatory, then they better be willing to ship one to us for free.
Whitehaven Jan 8th 2010 11:03AM
How long was the queue to get your account restored before this change was put into play?
Adam Jan 8th 2010 11:36AM
I had to wait 13 Days for my restoration....
zurkka Jan 8th 2010 12:33PM
i got hacked in november, i just had to wait 3 days for a full restore, i think this might take diferent times in diferent servers
FifthDream Jan 8th 2010 11:03AM
Ouch.