Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsGawker hack prompts Blizzard to issue password reset
by Adam Holisky 
Dec 15th 2010 at 12:00AM
Earlier we reported these emails as phishing attempts. This turned out to be incorrect. At the time these emails were received by members of our staff, there was no word from Blizzard on them, and such attempts at phishing out WoW account passwords are common after well-known hacking attempts.
Nonetheless, it is imperative that everyone uses an authenticator and employs good password security. Always watch what the links you go to are, and don't use the same password for multiple sites -- especially for your WoW account. If you do have an account with a Gawker website, it's recommended that you reset your Battle.net / World of Warcraft password.
Blizzard's full statement after the break.
Blizzard EntertainmentAs some of you know, several Gawker Media websites, including Gawker, Gizmodo, Kotaku, Lifehacker, Jezebel, io9, Jalopnik, and Deadspin, were recently compromised. To help minimize the effects of this compromise -- namely for players who might be using the same login information for their Gawker Media accounts and their Battle.net accounts -- we recently issued password-reset emails for several accounts. If you've received an email from Blizzard Entertainment requesting a password reset as a result of the Gawker Media compromise, please click on the link included in the email's body to choose a new password. You can also log in to Battle.net Account Management to reset your password on your own ( https://us.battle.net/account/management ).
If you used your Battle.net email address to sign up with any of the Gawker Media sites listed above (for example, to post comments), we also recommend that you update your Battle.net email address as soon as possible via Account Management. If you are unable to complete this step or the password reset and believe your account might be compromised, please contact our customer support staff by using the Account Recovery Form ( https://us.battle.net/account/support/account-recovery.html ) and be sure to check out our Account Security Awareness guide ( http://us.battle.net/en/security/ ) for additional security tips and suggestions.
For more information about this situation, please visit Gawker Media's official announcement ( http://gawker.com/5713056/gawker-security-breach-were-here-to-help ) or Lifehacker's comprehensive FAQ ( http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media ).
If you used your Battle.net email address to sign up with any of the Gawker Media sites listed above (for example, to post comments), we also recommend that you update your Battle.net email address as soon as possible via Account Management. If you are unable to complete this step or the password reset and believe your account might be compromised, please contact our customer support staff by using the Account Recovery Form ( https://us.battle.net/account/support/account-recovery.html ) and be sure to check out our Account Security Awareness guide ( http://us.battle.net/en/security/ ) for additional security tips and suggestions.
For more information about this situation, please visit Gawker Media's official announcement ( http://gawker.com/5713056/gawker-security-breach-were-here-to-help ) or Lifehacker's comprehensive FAQ ( http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media ).
Filed under: Account Security
Reader Comments (Page 2 of 6)
toofat2serve Dec 15th 2010 12:23AM
Yes. For some, it is.
Because not all 12 million Wow players are at ALL tech saavy. Many are parents that play to spend time with their kids. Many are kids that know how to use a computer, but know nothing about security.
So go ahead and pat yourself on the back for knowing how to click on links. But don't be a jerk because you know something someone else might not.
I guarantee you there are people that know more about INSERT TOPIC HERE than you.
waycooler Dec 15th 2010 1:51AM
In Mail, on my Mac, there is no link preview thingy at the bottom of the window or anything, that I could find. If you are using a web-based email service, this is great advice, but otherwise, it might be completely useless.
On the note of the emails themselves, I've gotten two over the last week or so, claiming to be battle.net, saying that my account info had been changed and to check to make sure, or something. The first time, I hit up us.battle.net, logged in, noticed nothing had changed, deleted the email, confused. The second one, yesterday, I had just woken up, clicked the link in my drowsiness, and was faced with a big red screen saying ATTACK SITE BEWARE RAWR. Thank you, Firefox.
nav Dec 15th 2010 6:21AM
@waycooler Mouseover tooltip.
Taliaran Dec 15th 2010 3:11AM
@waycooler: If you hover the link in Mail, the address will be shown in a tooltip. :)
Ice Dec 15th 2010 4:26AM
Have you ever heard of the idea where your brain only needs to see few letters of but still can read the sentences like they were proper sentences?
Also when the link could be like eu-battle or like back in the day there was addon site where i was l. Would you notice the missing PIXEL when you click the link on google search?
When people read these they might panic and click the link anyway and dont look at tiny damn pixel differences.
Dont click the links folks, its bad.
irnbru001 Dec 15th 2010 12:15AM
This issue has been handled poorly by all involved, Gawker, Blizzard and Wow Insider. Your first post on the issue seems like the kind of thing it's important to check on before you add to the confusion. Does Wow Insider really not have a press contact at Blizzard whom they can call to verify facts?
Adam Holisky Dec 15th 2010 12:34AM
Unfortunately it's hard to work with a company that doesn't return official requests for comments and communications.
The staff producing the original report followed all proper journalistic procedures. In correcting this story, all appropriate steps have been taken as well.
ManiacFive Dec 15th 2010 1:03AM
Wow Insider aren't 'involved' they're a news source posting what information they can. Your post reads like you hold WoW Insider somehow responsible for The shoddy communication from Blizzard.
Journalists aren't affiliated with the companies they write about you know. They're not employed PR. They go with the facts as they appear.
wow Dec 15th 2010 1:26AM
Check email headers
Oh its coming from a blizzard mail server
????
Profit.
Urza Dec 15th 2010 7:52AM
I guess because it's a "blog" WoW Insider has no responsibility at all for reporting news without fact checking then? If so, then you can't call yourself journalists. Isn't that the standard we hold newsmen and newspapers to?
Zakarii Dec 15th 2010 12:15AM
If you've have an authenticator, you should be fine.
Wait, people still don't have authenticators? There's two free options in lieu of the paid option!
ducss750 Dec 15th 2010 1:06AM
Correction:
There is 1 free option - you must own an iPhone or iPod.
There is one inexpensive option at .99c but you must own one of the rather limited number of cell phones supported and your wireless plan will be billed the .99c.
These is one full price option at 6.50, the mobile authenticator through Blizzard.
Any way you do it, it's a great idea.
oldchap.truc Dec 15th 2010 7:05AM
There is 2 free options
1- Ipod/Ipad/Iphone
2-Android on android cellphones and windows android emulators
I leave to you the pleasure of googling for that.
Inorinouta Dec 15th 2010 1:36AM
@ducss750 Correction to your correction:
There are 2 free options. iPhone/iPod or Android both have free authenticator apps. As an Android user, I should know ;)
Baba Dec 15th 2010 6:15AM
Give me a iPhone / Android and then I'll have a free option ;)
Welan Dec 15th 2010 6:21AM
I already have an authenticator that I ordered. I love it. However, now I bought a Droid (evo). Can I download the Droid version and use both? Or would the original need to be unlinked?
ducss750 Dec 15th 2010 9:41AM
Edit to my much-corrected post:
There is 1 free option - you must own an iPhone, iPod or Android based phone.
Consider the deceased equine suitably flogged :)
(For those of us who use a smartphone with *another* os, we are out in the cold. My nephew is getting a keyring authenticator for Christmas, I ordered mine at the same time)
ducss750 Dec 15th 2010 9:47AM
@ welan
No, just like Highlander "There can be only one"
From Blizzard:
Can I keep one Battle.net Authenticator at home and another at work, and have both associated to the same account?
No. Each account can have only one Battle.net Authenticator linked to it at a time, so you would need to carry the Authenticator with you to log in from different computers.
Bynde Dec 15th 2010 11:09AM
I'm sorry, but unless you are in a country that cannot get an authenticator for various reasons , there is no reason why players should not have an authenticator. Just like there is no reason no one should not have a smoke/fire alarm in their house or seatbelts in their car.
yeah yeah yeah, everyone is so careful and smart and canny and no one can ever hack them because of their total uberness. Got it.
$6.50 is the cost. Unless you are dependent upon a parent or a special ed counselor for money, there is no reason to not have one, if you can get one. It's that simple.
And any Guild that allows bank access to someone without one is a poorly run Guild , IMO.
nekorion Dec 15th 2010 12:15AM
Has there been any issues with authenticators themselves? I've been having trouble with mine for a while now being unable to log onto the websites, but always into the game. I haven't gotten much feedback from blizzard even with a lot of back and forth.