Patch 5.4 patch notes
Virtual Realms feature revealed
The Proving Grounds are coming
The latest patch 5.4 newsHelp! My account has been hacked!
by Robin Torres 
Jan 21st 2010 at 7:00PM
Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.
Did the thieves put an Authenticator on your account?
If no, then follow these steps:
- Try to recover your password: Attempt to retrieve your password using Blizzard's password retrieval form. If they didn't change the email address registered to your account, you will receive the password in your email.
- Change your password: Immediately change your password to something you don't use anywhere else and is strong (not a word found in the dictionary, has numbers that are not related to any dates that are important to you). I would also recommend throwing in a capitalized letter or two, but Battle.Net passwords are not case sensitive. (Neither were non-Battle.Net WoW passwords, by the way, so this is not a change.)
- Post on the Technical Support forums: Go to the official Technical Support forums and find the latest blue post that has something about the Authenticator being added. As of this writing, the current one is at this link, but they get locked after a while and a new one is started. You don't have to enter an Authenticator code to post in the forums, so post from your compromised account in the thread that you need to have the Authenticator removed.
Even if you have posted on the tech support forums, I still recommend you contact Blizzard redundantly. Just make sure that you mention the other methods you have contacted them as a courtesy.
- Email: You can either email Blizzard directly at WoWAccountAdmin@Blizzard.com or by using their web form.
- Phone: Call the appropriate number for you from Blizzard's Support Number list. You may be put on hold for a while and/or be asked to leave a voicemail.
While you are spending time getting your account back, the thieves are pilfering the guildbank and sending your friends/guildies tells to go see this really cool video you made. Get on your guild forums and/or vent and tell your guildies to demote and ignore your characters until you get your account back.
Follow Blizzard's instructions.
Blizzard will contact you with instructions on how to restore your account. You may have to provide notarized documentation, which can be scanned and emailed or faxed. Follow the directions carefully, as any missing steps or information will result in even more of a delay.
Get an Authenticator.
You can either order the keyfob or download an app for your mobile which is cheap to free. If you do not have a mobile which is currently supported by Blizzard and are having trouble getting an Authenticator shipped to your location, then see if a friend, family member or guildie can get one and ship it to you. The device is the same globally and therefore can be activated on your account, even if it is bought by someone in the U.S. and mailed to you. But please do get an Authenticator so you never have to go through this again.
In before the "only stupid people get hacked" comments: very intelligent, prepared and careful people get hacked every day. As social engineers get more sophisticated, new security holes are opened up in our lives all the time. I don't normally do this when I write about Account Security, but any comments that are insulting will be deleted. If you really feel that strongly about how superior you are to someone who has been hacked, please go tell your mom. I'm sure she'll be very proud of you. But the rest of us are not interested.
Please remember that account safety and computer security is your responsibility! While WoW.com has provided you with resources to additional information, do your homework and make sure you know what you're doing before installing any antivirus or other software.Filed under: Blizzard, Account Security
Reader Comments (Page 5 of 7)
Talengashi Jan 21st 2010 10:23PM
I had considering ordering an authenticator for the last few months. Then a couple weeks ago, with what seemed to be an increase in hacked accounts, I order an authenticator on Jan 8. On Jan 14, I was hacked. On Jan 16, my authenticator arrived. Nearly three years without an issue. I wish I hadn't procrastinated.
rkaliski Jan 22nd 2010 1:51AM
Some people are against authenticators for the same reason that they dislike bicycle helmets, seatbelts and using condems....its because someone said they should. Humans have this streak of stubborness that compels them to reject advice that may be good for them.
We will never, ever be able to make things totally safe. Look at commercial air travel. It is by far one of the safest things you could do. The accident rate for flying commercial airlines in the United States makes it more likely you will get hit by lightining that die in a plane crash. However, planes still go down and people die.
My flight instructor used to say "You can make things fool proof. You can't idiot proof them"
icepyro Jan 21st 2010 10:29PM
I'm just glad to see an article pointing out links and information on how to go about recovering an account.
Still, I think this whole push for authenticators brings to the front something else: if it's a hack by keylogger, how much easier is it to see someone type www.bankname.com or www.ebay.com or other related, serious, real world sites followed by username and a password than to guess that email/pass is logging into WoW? I won't get into the argument over authenticators other than I hope they are never mandatory, but seriously if my WoW account ever got hacked (say if I ever take my authenticator off for some reason), Blizzard would be one of the last companies I make phone calls to since this is like the equivalent to me having my wallet stolen.
summerassociate0607 Jan 21st 2010 10:46PM
Having seen so many people get hack (in my guild and on this site) motivated me to get an authenticator. Now whenever I have to enter the code in, I couldn't be happier knowing my account is safe.
Kurdaj Jan 21st 2010 10:52PM
So what do you do when the Authenticator gets bypassed?
Robin Torres Jan 21st 2010 10:58PM
Kurdaj, authenticators don't get bypassed.
Kurdaj Jan 21st 2010 10:52PM
The bad guys throw an Authenticator on the stolen account to hold onto it for a while longer?
That is damn genius.
Gimmlette Jan 21st 2010 10:55PM
I've copied and pasted this article to the front page of the guild web site where those who don't go to WOW.com will have a chance to see it.
Spectacular Death was hacked this past weekend for the 5th time since the release of Wrath. Prior to Wrath, I only knew one person who had been hacked. Since Wrath, I've run out of fingers and toes to count those I know. I have now decided there is no bank access unless you can show me your core hound pup, which, I feel very strongly, defeats the whole purpose of having a guild bank. Might as well have a mule as we did before the banks because that's the only way you get things now, ask me or an officer.
It's sad that it's come to this. I have no suggestions for Blizzard were they to ask me. Anything I could come up with, such as the random words you have to type in on some sites, has been explained as being unworkable for such a large audience.
There would need to be a complete reworking of the economy to remove the gold standard for obtaining items. I don't know what would be put in its place and probably the game that we know would suffer dramatically.
As long as there are people unwilling to do the work to obtain the rewards which enable them to purchase those things they want, there will be people willing to steal fake gold in a fake universe and sell it. "The fault, dear Brutus, lies not in our stars, but in ourselves."
Elyvis Jan 21st 2010 11:00PM
I wonder how difficult( or even possible) it would be for Blizzard to include an authenticator packaged with the next expansion? I bought one a few month ago when a guildie got hacked. She got everything back but it was a pain.
jaynitan Jan 21st 2010 10:56PM
Authenticators are the best WOW security right now. . . . not the best internet security. Thank god these hackers and social engineers are spending so much time hacking WOW. My wife and I am pretty safe we really only use the interent to play wow, send email and go to the same two or three sites (safe sites) over and over. We aren't internet surfers, she got hacked and we both got authenticators right away.
I am just glad that these people are going after WOW because I guess they cannot be prosecuted as heavily for stealing virtual goods instead of using the keylog to get my Paypal or credit card info when i pay a bill, or my bank info when i check an account balance.
Authenticators work, they are not foolproof or social engineer proof, But I believe that if all WoW users had them then it would deter 90% of hacking, the stolen accounts would be from people falling for scams, using gold buying or leveling services.
BTW, the hackers stealing accounts and putting authenticators on the accounts, brilliant.
Why hasn't Blizz locked out those authenticator serials? You can use or reuse an authenticator. Blocking them causes the people to have to reset their Ipod/Iphone app or buy a new keyfob.
My wife and I shared the Ipod touch app for three separate accounts just fine.
Bel Jan 21st 2010 11:43PM
@ Sparcrypt
You're an IT tech? I work in internet repair and you have no idea how many IT techs call in because they forgot to plug in their modem or restart their computer or something simple because they feel they're too smart for something that simple to happen. This is not meant to berate you or anyone else. I'm just saying that level of security and knowledge only work so well. I was never a fan of the authenticator but I got the mobile authenticator anyway. I discovered the true value of the authenticator when my Ipod needed to be reformatted. Since nobody had the authenticator, it was impossible to get into my account and I had to call Blizzard. I was grateful to discover the high level of security they used to verify my account. Now I'm happily levelling alts again and the authenticator is NEVER leaving my account or my side EVER again. Knowledge only goes so far. it isn't only "stupid people" that can get hacked. Sometimes those who's "knowledge of computer security is higher then the average reader" get hacked too.
Fairlane Jan 22nd 2010 12:41AM
I own a hardware Authenticator, and I was hacked this past Saturday.
Several people on the Customer Service Forums suggested that I was the victim of a "login screen trojan". I practice safe computing (AV updated nightly, software firewall, Spybot resident and updated nightly - not to mention the router) so it initially struck me as completely implausible. But on reflection, it makes sense:
When I fired up the game, I was presented with the familiar login screen. After entering my Battle.net information and entering my Authenticator code, it immediately said my information was wrong - not even a delay one might expect while my client contacts Blizzard's servers. I tried another time or two, then left for several hours with my wife. I tried again when we got home and had the same problem, so I went to the Customer Service Forums seeking advice before shutting down the machine and going to bed.
http://forums.worldofwarcraft.com/thread.html?topicId=22418749594
Note that the next morning, I was still unable to login and all of my gear was gone. I'd even managed to gain an Emblem of Valor according to the Armory.
I recently received an email from Blizzard with a PDF file I am supposed to print, fill out, and mail back with a copy of my ID so they can restore my account. I'm not sure this game is worth that effort anymore.
- Fairlane
JKWood Jan 23rd 2010 1:06PM
The lack of delay actually means that you had either the password or the authenticator code wrong - that's completely normal.
My suspicion is that you're making this up in an attempt to convince people not to use authenticators - why would you do that, I wonder?
Fairlane Jan 23rd 2010 4:27PM
If it makes you feel safer to believe that I'm lying, I wish you luck. You're going to need it.
The point is that merely having an Authenticator does NOT make your account invulnerable. You would think that any reasonable person would know this. Clearly, you'd be wrong.
Koskun Jan 22nd 2010 2:01AM
@Neirin - You said "Now, if you were the GM of a 300 person guild, had a gbank full of nothing but Primordial Saronite, and the hackers were aware of this, they might expend the extra effort to break into your account"
No, they really won't "expend the extra effort" if said GM account has an authenticator.
The security setup that the authenticator uses is the same setup that Governments, banks (both global and local), and corporations use to protect their systems.
If a hacker were to find a way to bypass the security of the Blizzard authenticator, they would not waste their time to hack someone's account to get some items. They would instead take millions of dollars and live out the rest of their life in some tropical non-extradition country.
Please do not spread more mis-information that it is possible to bypass an authenticator. While yes, technically it is, and technically I can balance an elephant on a spoon, the repercussions of someone hacking one would be much much larger than a WoW account.
Jermakis Jan 22nd 2010 2:02AM
i have heard some of my guildies say that they actually have a text document saved with just their password in it. They highlight the password, copy, and paste [ctrl + v] it into the password box at the login screen. the idea is that a keystroke program intended to steal your account only logs the copy and paste you did. sounded like a really cool and simple idea, just thought i'd see if people agree...
Tarot Jan 22nd 2010 2:23AM
Quite simply, that doesn't work. Keyloggers can read your clipboard as easily as they can read what you actually type.
Malkinius Jan 22nd 2010 2:05AM
There is one more thing that I can add to what to do if your account gets hacked. My roommate's account was hacked late last year and they did have the usual malware protection on the computer. There was no authenticator on the computer at the time. There is now. I got home very shortly after it was hacked and they found their stuff gone.
I immediately contacted a GM and told them about it. A short while later I was contacted about it and the very nice GM worked with us to get her protected with a new password and put through the info to get her stuff replaced. This was after the billing department was closed and I know that not everyone has someone who can assist this way but if you do, it is a lot faster to get things back than email and phone. It still took about three days for things to be reset but all or almost everything was returned.
So...if you can, contact a GM with a help request as soon as you can. You will save time if you are hacked. I will also say, don't use any version of Internet Explorer. There are too many exploits for it waiting to infect you.
Be well....
Malkinius
Faulken S Wulf Jan 22nd 2010 3:04AM
I'm sure this is too late to be read-- but, I was wondering, shouldn't Blizzard be able to prosecute anyone that hijacks an account and puts an authenticator on it?
The authenticator is only available on an online store, which would require a credit/debit card to order. This authenticator then has to be delivered to a physical address. With each authenticator having a unique ID, shouldn't it be a simple process when removing a gold-sellers authenticator on an account to track down the buying and prosecute them?
It does not get RID of hacking, it does not excuse someone for not buying an authenticator for themself, but it might cut some of it down if people know there is jail-time for buying an authenticator and attaching it to someone else's account with the intent of selling good from that particular account.
markroberts66 Jan 22nd 2010 3:47AM
While I'm confident that my own net "savvy" will keep my account safe, there is one good reason blizzard will never make an authenticator mandatory (not atm anyways) you need a credit card to purchase one, (off Blizzard Euro) while that remains the case, they daren't do that unless they want to risk losing over half their players overnight.