Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsGawker hack prompts Blizzard to issue password reset
by Adam Holisky 
Dec 15th 2010 at 12:00AM
Earlier we reported these emails as phishing attempts. This turned out to be incorrect. At the time these emails were received by members of our staff, there was no word from Blizzard on them, and such attempts at phishing out WoW account passwords are common after well-known hacking attempts.
Nonetheless, it is imperative that everyone uses an authenticator and employs good password security. Always watch what the links you go to are, and don't use the same password for multiple sites -- especially for your WoW account. If you do have an account with a Gawker website, it's recommended that you reset your Battle.net / World of Warcraft password.
Blizzard's full statement after the break.
Blizzard EntertainmentAs some of you know, several Gawker Media websites, including Gawker, Gizmodo, Kotaku, Lifehacker, Jezebel, io9, Jalopnik, and Deadspin, were recently compromised. To help minimize the effects of this compromise -- namely for players who might be using the same login information for their Gawker Media accounts and their Battle.net accounts -- we recently issued password-reset emails for several accounts. If you've received an email from Blizzard Entertainment requesting a password reset as a result of the Gawker Media compromise, please click on the link included in the email's body to choose a new password. You can also log in to Battle.net Account Management to reset your password on your own ( https://us.battle.net/account/management ).
If you used your Battle.net email address to sign up with any of the Gawker Media sites listed above (for example, to post comments), we also recommend that you update your Battle.net email address as soon as possible via Account Management. If you are unable to complete this step or the password reset and believe your account might be compromised, please contact our customer support staff by using the Account Recovery Form ( https://us.battle.net/account/support/account-recovery.html ) and be sure to check out our Account Security Awareness guide ( http://us.battle.net/en/security/ ) for additional security tips and suggestions.
For more information about this situation, please visit Gawker Media's official announcement ( http://gawker.com/5713056/gawker-security-breach-were-here-to-help ) or Lifehacker's comprehensive FAQ ( http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media ).
If you used your Battle.net email address to sign up with any of the Gawker Media sites listed above (for example, to post comments), we also recommend that you update your Battle.net email address as soon as possible via Account Management. If you are unable to complete this step or the password reset and believe your account might be compromised, please contact our customer support staff by using the Account Recovery Form ( https://us.battle.net/account/support/account-recovery.html ) and be sure to check out our Account Security Awareness guide ( http://us.battle.net/en/security/ ) for additional security tips and suggestions.
For more information about this situation, please visit Gawker Media's official announcement ( http://gawker.com/5713056/gawker-security-breach-were-here-to-help ) or Lifehacker's comprehensive FAQ ( http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media ).
Filed under: Account Security
Reader Comments (Page 3 of 6)
Qayla Dec 15th 2010 12:37AM
I believe Blizzard encouraging people to click on the links within the email to be extremely irresponsible considering how realistic the hackers (or possible hackers) emails are. They should should encourage subscribers to log onto battle.net without a clickable link so they have to type it in to their browser bar. Just my opinion.
babasyzygy Dec 15th 2010 5:00AM
On the other hand - people who just click on links in email when told to, are probaby the ones most in need of following this message!
Gessilea Dec 15th 2010 8:58AM
Agreed. I like to think I'm reasonably tech savvy, but I don't remember precisely the URL of the official sites (I'm always forgetting the us. part of battlenet) and I know that the eyes play tricks on us. I have six emails from "Blizzard" in the last couple of days regarding this. Some of them are pretty obviously fake. A couple look legit. Thankfully, I have an authenticator AND my account's inactive for the month. What a mess!
PJ Dec 15th 2010 12:24AM
Hell no, I'm never going to get an authenticator - as long as blizzard hires morons as their customer support. if the time came and it broke down or something and I needed to get it of the account, I just know it would take weeks for the idiots to get around to that.
So no way. I'll have to hope I'm careful enough.
Donaghy Dec 15th 2010 12:37AM
Uh, and how long do you think it would take should your account be compromised to get all your stuff restored?
Rurrik Dec 15th 2010 8:22AM
You know it is those same "idiots" you will be dealing with when your account is hacked. All sarcasm aside a lot of my friends think like this but I never had an issue, is it really that bad?
BigB Dec 15th 2010 12:38AM
From what I've heard removing an authenticator is pretty easy while trying to get your account back after it's been hacked is a huge hassle and not to mention all the work of setting up your characters again.
So that's a pretty ignorant kind of attitude to have.
Erogroth Dec 15th 2010 1:15AM
Removing the authenticator is very easy. Even if you lost your authenticator you can remove it easily. I have the Android App version and my phone got wiped out. All I had to do is call Blizzard and give them the first few letters off my WoW CD key and they removed it off the account for me. Granted I waited a little over an hour on hold but once they picked up it took no more then 2 minutes which is a lot better then 2 weeks.
If you have your authenticator you can remove it yourself on the battle.net site. Very very easy.
JokerFace Dec 15th 2010 2:31AM
I had the authenticator ap on my ipod. I lost the ipod and it took about two weeks to have it removed. I had to snail mail a form off the blizz website along with a copy of photo ID. I use digital download, so I don't have a physical cd key to confirm ownership of the account.
I should have written down the serial that comes with the ap, but, did I know I would ever need it for anything? No, not until I needed it deactivated.
I have to admit my own fault there...but blizz service does suck. I had no idea it had even been removed as I hadn't received any such notice from Blizz. The only way I knew was when I got an email asking me to fill out a survey about a customer service rep named Todd that I had never spoken with in any form.
It was a crappy way to miss out on the one week of SC2 beta I had gotten into.
So write down those serial keys if you choose to use an authenticator.
Or don't use one at your own risk. Which, to me, isn't much risk at all. Knowing 3 people other than myself that have played since vanilla and never been hacked.
I'm of the opinion people are paranoid that it might happen to them. You'll hear a sensational story from someone who did get hacked....not so much from people who haven't.
Blizz pushes the issue farther than need be as well. I don't blame them. Certainly some people do get hacked and it costs Blizz man hours to fix it. Time is money friend.
Josin Dec 15th 2010 8:51AM
I have a guildmate who was like you. He thought he was impervious because he's diligent on his security. And then he logged in from a friend's house.
A week later, he was finally restored, and our guild bank back in place. He has an authenticator now.
Chetti Dec 15th 2010 9:25AM
I thought since my account had nothing of real value (no heroic epics, no pvp gear, not a hell of a lot of gold) that hackers/gold farmers wouldn't even bother with me. If they're scouting a capital city and /inspect me (at the time) in quest reward blues and ah crafted purples.. and then /inspected someone in a complete ICC gear.. the account they'd want to compromise would be the one in ICC gear - even if that much research goes into who the pick to steal from.. however, after SO long of being extremely lucky that I had never been hacked amid the increase of people who had been, I ordered an authenticator anyway because one can never be too safe. In the few days it took for my authenticator to come in the mail, I got hacked. I spent a few hours just trying to get through to customer service, but I've got nothing but GOOD things to say about the guy I talked to. He answered all my questions about the restoration process, how long it'd take, how I'd get my stuff back, how my guild would get their stuff back.. how to deal with the authenticator once it came. Of course the authenticator comes with instructions. Its EASY to take it off of your account should it break - calling blizzard isn't involved.
The way I see it: 7-10 days for your account to be restored if it gets hacked, this is after however long it takes for you to get through to customer service because you DO have to talk to someone for the process to get started (at least, I'm pretty sure you do)..
OR.. use an authenticator, be in a phone app or the purchased one.. spend 5 mins or less attaching it.. and really, if you need to take it off, the same like 5 mins to remove it.
Good luck.
Bynde Dec 15th 2010 11:13AM
Then hopefully, no Guild would even be dumb enough to give you bank access.
Lorekin Dec 15th 2010 12:38AM
I guess I am thankful that I have no idea what any of those websites are, so I doubt this situation involves me in the slightest. XD
(I have an authenticator, unique email and unique password for WoW, anyway, so I'm pretty sure I'm safe...)
ManiacFive Dec 15th 2010 12:57AM
Damn Gawker, I havent visited a single Gawker media website after one of their hacks banned me from commenting after I called out their 'dollars for time with an iPad' (pre announcement obviously) as nothing but a non news publicity ploy. And yet yes, my logging details were among those stolen.
Fortunately I used my standard throwaway password but it still galls me that these jerks have compromised my details a year after I stopped visiting the site.
WTB account delete option, and, engadget FTW.
VioletArrows Dec 15th 2010 3:08AM
They're still sorting everything out, but they say they're working on an account deletion feature (just what kind of stupid crappy backend were they running?)
Jaq Dec 15th 2010 1:20AM
I had to change my WoW account e-mail because it got compromised somehow to Chinese gold farmers (betting it was a Flash vulnerability or something, since I do everything else by the book), but as I have an authenticator I didn't lose my account. This is actually quite good since that WAS the e-mail address that I used for a brief time as a Gawker account. Had to redo my Facebook security earlier because of this crap. Gawker getting hacked is a damn pain.
wow Dec 15th 2010 1:28AM
I put my money on the EJ ownage, do you have an account there? :)
Jaq Dec 15th 2010 2:05AM
Nope. I lost control of my e-mail just after I heard of yet another vulnerability in Flash, which is why I guessed that. Thank goodness for authenticators.
wow Dec 15th 2010 1:28AM
Also, the people who managed to break into the elitist jerks, and own them, are sending out duplicate emails, I've counted at least half a dozen in the last few days arriving on my elitist.jerks@MyDomainThatYouDontKnow.com email address. #fail
geoffropuff Dec 15th 2010 1:31AM
it's a pain in the ass but it's given me a chance to change all my passwords and learn to love lastpass for pw storage. let's hope lastpass remains as secure as it seems cuz i honestly don't know any of my new pws (generated a bunch of random pws).