Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Filed under: Account Security

Mobile authenticator app update for iOS is coming soon

If you use the mobile authenticator app on your iPhone or other Apple device, an update is going to be rolled out soon. This update will give the app full compatibility with iOS 7 and have an appropriate resolution for the iPhone 5 and 5s. The snag here is that when you update, the app may lose track of the fact that it's your authenticator -- and that can lock you out of Blizzard games.

To make sure you don't get locked out, before you upgrade you'll want to write down your restore code: from the app menu, click setup and then continue. You'll have a serial number and a restore code here which you can write down or take a screenshot of for reference. Then, if your new app isn't working, open the menu, click restore, then "I want to perform a restoration," then enter your serial number and restore code. If you haven't already, you can also set up SMS protect, which allows you to remove a broken authenticator -- or broken authenticator app, in this case -- from your account via a text message to your phone, so you can detach the old authenticator and connect a new one.

Anyone who has their iPhone set to automatically update apps should be especially wary, as this means your authenticator app will update as soon as the update appears on iTunes. Make sure you're ready for the update so you don't get locked out!

Filed under: Account Security

Watch out for Warlords of Draenor phishing scams

With another expansion looming on the horizon, there's another round of phishing scams and emails designed to trick you into giving up your account information. With this kind of scam, you get an email or visit a website that's so much like Blizzard's that you wind up typing in your login information, which the scammers then use to pick your account clean. Though you may think this is the sort of thing people only fall pray to when they aren't paying attention, phishing scams get more sophisticated -- and harder to recognize -- every day, so you need to keep your guard up.

Take this Warlords of Draenor phishing scam reported by Malwarebytes as an example. It starts off with an email that's formatted like a message from Blizzard saying you've won a free copy of Warlords -- which is really where you should get suspicious. Once you click on the link in the email, you're sent to a perfect copy of the Battle.net login screen where you're asked to enter your login information as well as your secret question and answer before you can redeem your free copy... but of course the scammers just run off with your info without giving you a thing.

To avoid being had, always check the header to see where an email has come from -- Blizzard emails will only come from an @blizzard.com address -- and if an offer sounds too good to be true, contact Blizzard directly to ask about it. For more tips on avoiding phishing, check out the support page on phishing scams.

Filed under: Account Security, Warlords of Draenor

The Heartbleed bug and its effect (or lack thereof) on Battle.net

The Heartbleed bug, as it's been dubbed, is certainly hot news lately, with various sites being impacted and password reset advice abounding. But Blizzard has some good news: Battle.net was unaffected. However, the advice is to change your password if you used the same one elsewhere.

This is especially true if you're using the same email and password combination as you use for your Battle.net account on other sites. A big way that players get hacked, especially those without authenticators, is that their guild forums get hacked, or their email gets hacked, or their Facebook. Once those username and password combinations are known, it's possible for hackers to try them in various different places, one of which might be your Battle.net account. So be careful, mix up your passwords, and in light of these recent security issues, consider changing your passwords.

It's also a good idea, again as a general rule, to get into the habit of changing your passwords fairly regularly, for everything. So now might be a great time to start, even though Battle.net is unaffected by the recent issues. Hit the break for Blizzard's full post.

Read more →

Filed under: News items, Account Security

Connection problems for both North American and European players

Website down
Blizzard Customer Service is in the process of dealing with connection issues facing players on both sides of the Atlantic Ocean. For the North American players, login errors have been plaguing both the Account Management website, and several games--World of Warcraft, Diablo III, and Hearthstone.
For players in Europe, Blizzard noted yesterday on their EU support blog that the high latency and connection issues are, in fact, the result of a series of DDoS attacks that have been levied at Blizzard servers for the past few days. Blizzard is monitoring the situation and asks that players follow their European customer service Twitter account for updates and further information.

Filed under: Blizzard, News items, Account Security

Reaching Blizzard support if you can't log in

Earlier this year, Blizzard launched a new Support Callback feature that allowed players with account issues to simply fill out a form and wait for a callback from support. This was a fantastic move in terms of getting rid of the need to spend hours on hold -- but it did have some players concerned and wondering how, exactly, one was supposed to contact support if one was locked out of their account and could not access the appropriate Battle.net page.

Customer Support representative Araxom has written up a response to just that particular situation over on Reddit. If you cannot access your account, or log into Battle.net, there is a support page that will still allow you to live chat with customer service, set up a callback, or even submit a ticket, all without having to log in. Although callbacks and live chat may not be available every hour of every day, you can still submit a ticket with this method and get a response in a reasonable amount of time. And remember -- if you're worried about account security, picking up an Authenticator is always an excellent idea.

Filed under: Account Security

Authenticator problems? You'll need to contact support

Removing an authenticator from your account is pretty easy -- so long as you have the authenticator handy. But if you don't -- like if you've upgraded your smartphone and your mobile authenticator doesn't work anymore -- then you've got a bit more trouble ahead. Usually Blizzard has an online form to help you out of a problem like this, but the form is currently MIA which makes getting help a bit harder.

Blizzard is working to get the page back online, but in the meanwhile, you'll have to resort to contacting customer support directly for help. Customer Support rep Araxom says anyone having trouble removing an authenticator will need to contact support using one of the methods at the bottom of the support page -- which means you can open a ticket, set up a phone callback, or jump into a live chat. None of these methods are instant, but they will wind up getting you the authenticator help you need without too much of a wait.

Just remember to add a new authenticator once you've removed this one -- it's a security feature you won't regret having.

Filed under: Account Security

Social features added to Battle.net desktop client

Our friends over at Adriacraft have had the chance to test a newly datamined version of the battle.net desktop client. They have various in-depth screenshots on their article, but it looks like the current friends list has undergone a needed overhaul. You can now add and remove friends, report other players, accept and decline friend requests, and see recommended friends, which are friends of friends.

Although you can't see an actual chat window in any of Adriacraft's screenshots, you can see that there are the options to edit "toast" settings, including messages, which implies that chat, or at least notifications of messages received, could be coming soon to the desktop client.

There is also the option to remember status, but before we get excited about offline mode finally arriving, remember that there are already statuses in battle.net -- away, busy, etc. There is, however, an image of the user being offline, but this could just be because he wasn't logged in when it was taken.

If you are concerned by any of this, or feel that you would not want the friends of friends option, setting up parental controls on your account can be an excellent way to tailor battle.net communications to your personal preference. You can disable it, or even selectively disable various elements, including parental controls.

Filed under: Blizzard, Account Security

Blizzard update on dangerous Trojan

WoW Insider reported recently on a dangerous Trojan that was, at the time, not removable by any known antivirus program. Vigilance was advised by the Customer Support agents, and logs from anyone who was affected by the Disker trojan were requested. Thanks to the hard work of the Blizzard Support MVPs, a solution has been found.

Kaltonis
Our pleasure!

To summarize for those of you that haven't read the green posts:

-The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there.

-At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread.

-Thanks to Ressie's efforts, most security programs should be able to identify this threat shortly, if not by the time I type this.

-If you were compromised, follow the instructions here and we'll do our best to set everything right (as we always do).

-For those of you interested in these MitM style attacks, this is the only confirmed case we've seen in several years outside of the "Configuring/HIMYM" trojan in early 2012 that hit a handful of accounts. These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!

Filed under: Account Security

Blizzard Customer Support warns of dangerous Trojan [Updated]

Blizzard Customer Support Agent Jurannok has taken to the forums to warn players of a dangerous Trojan -- a virus that can enter players' accounts even if they have an authenticator. Update -- A solution has been found.
Jurannok
Hello,

We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.

If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64". It will usually appear like this:

Disker rundll32.exe c:\users\name\appdata\local\temp\w_win.dll,dw Name-PC\Name Startup
Disker64 rundll32.exe c:\users\name\appdata\local\temp\w_64.dll,dw Name-PC\Name Startup

Read more →

Filed under: Account Security

Resolve to improve your account security in 2014

Blizzard's European Customer Support team has invited players to make a New Year's resolution that we at WoW Insider can definitely support. It's easier than giving up chocolate, and probably more useful than that gym subscription you were planning on getting.

Following the link in the tweet above will take you to their page on account security that is just packed with helpful tips to secure your battle.net account, and your computer. Some of the most common causes of account theft relate to lax security on the side of the user, and following these tips can really help you avoid that.

There's also legitimate links to all the major sources of free anti-virus software, and the article is packed with other tips to avoid things like phishing sites, spyware, and malicious processes. In the absence of physical items on the battle.net store, there's also advice on retailers that can sell you authenticators.

Filed under: Account Security

Heading out of town for the holidays? Don't get locked out of WoW!

Over on /r/wow/, Blizzard CS rep Araxom offers some tips to avoid getting locked out of your WoW account if you're traveling this holiday season. Logging on from a different physical location can trigger some security features on Blizzard's side -- especially for accounts that don't have an authenticator attached. Avoiding holiday account lockouts is pretty simple:
  • Make sure you have an authenticator attached to your account, which makes it less likely your account will get locked for something like this. (And if you use the mobile authenticator app, be sure you have your restore code written down or screenshotted in case you run into issues with your phone.)
  • Enable SMS Protect, which can let you bypass your authenticator using your cell phone if you run into any problems.
Both of these are generally good ideas, but during the holidays having the right security setup can mean the difference between relaxing with some WoW and wrestling with resetting your password -- and we're pretty sure you'd all prefer the former. Not sure where to get started with account security? Check out our security guide for a walkthrough.

Filed under: Account Security

Safeguard yourself against WeakAuras gold exploit

The incredibly versatile and popular addon WeakAuras has been subject to a completely bizarre exploit lately, as Blizzard Customer Support Representative Vrakthris posted on the forums. The exploit was done by allowing malicious code to run, hiding itself as a helpful link from other ill-intentioned players.

The good news is that this is really easily fixed. The author of WeakAuras stepped in within hours of hearing about this with a modification to the code. Before performing either of these steps it's worth creating a backup copy of your Interface and WTF folders so that if something does go wrong you don't lose all your auras.

If you use the Curse client, all you need to do is uninstall WeakAuras, and install WeakAuras 2. Ensure that when you uninstall WeakAuras you uncheck the box that removes your in-game variables, and you're done. If you want to do it manually, head over to the download page, download it and merge the folders.

Simply log into the game and load up WeakAuras with the same commands as before, and you're done. Also, while this is fixed, a good general rule for WoW and the rest of the internet is this: don't click links from strangers.

Filed under: Add-Ons, Account Security

Connected Realms: Cause for caution as characters disappear

Connected Realms Cause for caution
Many players have wondered, after the announcement of Connected Realms, and the slow creep of connections taking place, why it isn't all moving faster. Why isn't their low-population realm on the list? When can they start recruiting? Why is it all taking Blizzard so long? Are they just resting on their laurels? Are they just being lazy?

Well, I have a cautionary tale that might help to clarify the situation. Yesterday, after maintenance in the US, inhabitants of very recently connected realms Nesingwary and Vek'nilash happened upon some highly unusual issues. Players were logging in and discovering their characters were gone. Disappeared. And players who could still see all their characters on the login screen could only access a few of them.

Other players weighed in with their stories of being unable to access guild banks, guild bank logs being years out of date, and more. 14 hours later, at the time of writing, and it only seems to be getting weirder, with characters flagged for rename, and duplicates or copies of long-deleted characters starting to appear. Players are starting to panic and grabbing their names with level one alts for security. Blizzard blue Vrakthris has been doing his best to help, giving players a code to put in tickets so they could all be dealt with swiftly, but this doesn't seem like it's been resolved just yet.

Read more →

Filed under: Realm Status, Account Security

Blizzard's tips for dealing with a locked account

Having your account locked isn't an uncommon problem -- and it doesn't necessarily mean your account has been compromised. Because Blizzard is trying to stop hackers in their tracks, doing anything that makes it look like you aren't the one playing the game -- like logging in from an unusual location -- can trigger a lock. So what's a gamer to do when hit with a locked account? Fortunately for all of us, Blizzard CS representative Araxom has explained how to avoid locked account woes -- without even getting in touch with customer support.

An easy fix? Change your password from your new computer or new location. This requires you to authenticate with Blizzard -- and answer your secret question -- so the servers are sure that you're actually you. Another helpful tidbit: have an authenticator (or authenticator app) attached to your account and SMS protect enabled. These helpful security features not only make it harder for your account to get stolen -- they can make it clear to Blizzard that your account is in your hands, even if you're logging on from a new computer.

For more details and tips, check out Araxom's thread on Reddit. And if your account actually has been hacked, it's going to take a few more steps, but we'll walk you through it.

Filed under: News items, Account Security

Newest iPhone iOS update may affect authentication

bank picture
If you use a mobile authenticator on your iPhone to log into Battle.net products, beware the upcoming iOS update. It just might reset your authenticator and cause you some irritating headaches the next time you try to log into WoW. Over on the official forums, Support Forum Agent Harlsoco outlines a few ways you can prevent an authentication mess following the update. The full blue post is after the break.

Read more →

Filed under: News items, Account Security

Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories

Joystiq

Massively

Engadget