Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag Account

North American players may now update their security questions

Image
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators.

In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.


Nethaera
As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one.

Filed under: News items, Account Security

Blizzard security breach, no evidence that financial data was compromised

Important security update from Blizzard
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here.

The full post is below.

Mike Morhaime
Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,
Mike Morhaime

Filed under: News items, Account Security

Blizzard releases customer support how-to videos

As part of its continued fight against account hacking and account compromise, Blizzard's customer support department has started a YouTube channel dedicated to hosting how-to videos on security, what to do if your account is hacked, general security tips, and how to use the Battle.net authenticator. Not only are the videos educational and helpful, they are also adorably fun, making security as enjoyable as it possibly can be.

Not only is this an awesome service for Blizzard to put out, the videos offer excellent ideas for online security in general. The tips in the general account security video are great tips to follow, even if you aren't a gamer. Everyone on the internet should be following these security tips. Good on you, Blizzard, for this awesome community service. I don't think we can give the customer support guys enough shout-outs.

Brace yourselves for what could be some of most exciting updates to the game recently with patch 4.3. Look at what's ahead: new item storage options, cross-realm raiding, cosmetic armor skinning and your chance to battle the mighty Deathwing -- from astride his back!

Filed under: Blizzard, Account Security

Opt-out option incoming for recent authenticator security change

If you follow WoW account security, then you've probably heard about (or personally encountered) a recent change to the way Battle.net authenticator devices work. Basically, when you log into the game, the client attempts to determine if you're logging in from your "home" computer or at least a computer you use regularly. It uses several factors to make this determination, such as your MAC address and your IP address. If the information doesn't indicate that the login is taking place from a safe machine, it'll prompt you for your authenticator code. If it is a safe computer, then you'll only be asked for your code randomly, once a week or so.

The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature.

Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced.

The full announcement post and followups are after the break.

Read more →

Filed under: News items, Account Security

Battle.net Mobile Authenticator now available for Windows 7 Phones

Android and iOS device users have had the luxury of using the Battle.net Mobile Authenticator, a software version of Blizzard's downright necessary keyfob authenticator, on their phones or tablets for a while now. As of today, Windows 7 Phone users can also take advantage of the Mobile Authenticator by downloading it from the Windows Phone Marketplace.

At this point, there's pretty much no reason not to have an authenticator -- they're 6 bucks and free to ship for a physical device and no cost at all for a software version available for every major mobile platform. Just get it!

Battle.net Mobile Authenticator for Windows® Phone 7 Devices
The Battle.net Mobile Authenticator, an application for mobile phones that provides an extra layer of account security, is now available as a free download for Windows® Phone 7 devices on the Windows Phone Marketplace. The Battle.net Mobile Authenticator provides a one-time password that you use in addition to your regular account name and password when you log in to a Battle.net account to play World of Warcraft or StarCraft II.
Versions for other mobile devices are also available for download here, or you can purchase a physical Battle.net Authenticator from the online Blizzard Store. Visit the Battle.net Mobile Authenticator FAQ for more information, or head to the setup page to get started after you've downloaded the application.
For additional account security advice, check out our Account Security page.


Battle.net authenticator process updated with smarter log-in detection

A substantial updated to the Battle.net authentication system was announced today. Players will soon notice a change to their authenticator log on -- it just might not appear. Blizzard's login servers and authentication system now intelligently track where your account is logging into the game from and, if you're consistently logging in on your home computer, the authentication servers will let you pass, no code needed.

Blizzard wants make the authentication process less intrusive and this is a first step towards that goal. Right now, having to input a code each and every log in is a pain, sure, but it also makes me feel secure. I'm never going to say no to more security, however, and if the system is something that can accurately figure out where I am and let me on, that's great.

This doesn't take into consideration the circumstance where you use an authenticator to prevent access to WoW, even from the home PC. I know some parents who use a simple password that their kids can remember but use the authenticator as the gate to prevent unwanted play. Maybe there will be an opt-out feature of some kind to always ask for the code.

You can check out the Battle.net account security page or check out the Blizzard mobile site for application information. For more information on this specific change to the authenticator system, follow me after the break.

Read more →

Filed under: Blizzard, Account Security

The Lawbringer: Account management and you

Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play?

Writing The Lawbringer has taught me a lesson in trends. Over the past few months, specific questions are sent to me in topical batches. Sometimes it is a few emails about selling accounts. Other times, I get four to five emails about account security or compromise. May's email topic of choice was transferring accounts to family members.

Blizzard is very restrictive about what you can and cannot change regarding your account information. On the one hand, it is your account, right? Shouldn't you have ultimate control over the information you provide for the facilitation of a service you pay for? On the other hand, there is a certain degree of problem mitigation that comes with restrictive change. If Blizzard can control certain aspects of what you do with your account and the information it is all filed under, problems can get mitigated before they appear. Today's topic is really all about damage mitigation.

Read more →

Filed under: The Lawbringer

First Core Hound Pup adoption campaign winners announced

Blizzard's Core Hound Pup Adoption Campaign is giving players the chance to win an iPad as well as boost their own account security. In an effort to get more authenticators attached to accounts, Blizzard ponied up some iPads to get the job done. Each month, a screenshot entry is chosen to win one of 12 iPads. Just take a screenshot of you and your security pup companion doing something crazy, out of the ordinary, or just plain awesome, hit up the contest rules page, and you've got a shot at winning. The first four winners have just been announced and their screenshots released.

Read more →

Filed under: Contests, Account Security, Cataclysm

RSA security hack not affecting Blizzard authenticators

Many people were quick to wonder and worry about whether the recent hacking of the RSA (the security branch of EMC) had the potential of harming Blizzard's authenticators or authentication software. Fear not, as the blues have chimed in with a response:

RSA Hack and Blizzard Authenticators
Pokzin,

The Blizzard Authenticators are based off modified Vasco tokens. I'm sorry to hear about RSA's troubles, but it will not affect the Blizzard Authenticator.

It doesn't look like Blizzard will be harmed by this at all. As a reminder, please keep your account safe by not clicking links in emails that don't appear to be from Blizzard, always check your email headers for incoming email addresses, and if you have any questions about whether an email is legitimate, contact Blizzard first. And do please get an authenticator for your account. Check out some of our own security articles here.

Filed under: Blizzard, Account Security

Blizzard posts new account security guide

Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure.

To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.


Filed under: News items, Account Security

Breakfast Topic: What made you decide to get an authenticator?

This Breakfast Topic has been brought to you by Seed, the Aol guest writer program that brings your words to WoW Insider's pages.

Once again, Blizzard is encouraging its players to use authenticators to protect their Battle.net accounts. In addition to the incentive of a lovable Core Hound Pup pet provided to all World of Warcraft characters on an account that has an authenticator attached, there is now a contest going on to win an iPad for your best Core Hound Pup screenshot, and we've even received reports that free authenticators are being offered to owners of accounts that have previously been compromised. Still, incentives alone aren't enough for some players. Sometimes it takes an incident to drive the point home.

For me, it was a hacking scare involving my girlfriend's account. We had just resubbed to WoW in preparation for Cataclysm and were having a blast when she got a notification from Blizzard that her account had been locked due to an unauthorized break-in. Nothing was gone, no items destroyed, no gibberish-named level 1s created, but she did have to change her password and verify to Blizzard that she was still herself. She was playing on a Mac, used Adblock and had disabled Flash on her browser, and she only visited a handful of websites on a daily basis, all very innocuous places like Gmail and WoW Insider. We figured it was an isolated incident, but just to make sure, she wiped her hard drive and reinstalled WoW. Then, a week later, it happened again. I couldn't believe it, and I still don't know how or why she was targeted, but I ordered our authenticators the very next day. We haven't had a problem since.

What convinced you to get an authenticator? Was it a contest, a promotion by Blizzard, or a hacking scare? If you don't have an authenticator yet, what's holding you back?

Blizzard announces automated account recovery form for hacked accounts


World of Warcraft accounts have been under siege for years, with hackers and gold-selling outlets stealing passwords, items and more to fill their coffers, selling that gold to unwitting buyers. Blizzard has fought back incessantly over the years to stem the tide of gold farming and account hacking, and as you can imagine, the scale at which this happens is very tasking on its customer support department.

Blizzard has just announced a new, speedier way to get help and answered about your hacked account, stolen items, authenticator issues and more! Now, under the new system, you will not have to email or call Blizzard to get these matters into its queue -- simply use the Account Recovery Form.

Read more →

Filed under: News items, Account Security

Battle.net Real ID preview and FAQ

We're getting a lot of info today about Battle.net's new features. First it was Facebook integration and now a full explanation of the Real ID features. We previewed some of the features of Real ID before and there were some concerns. This Battle.net feature is completely voluntary and requires mutual acceptance. So the only people who will be your Real ID friends are the ones that you agree to (and they have to agree as well).

Real ID features
  • Real names for friends Your Real ID friends' names will appear next to their characters.
  • Cross-Game chat You will be able to talk to your Real ID friends cross realm and in other games like StarCraft II and Diablo III.
  • Rich Presence You will be able to snoop see what games and modes your Real ID friends are playing. So you'll know if they are just hanging around Dalaran. And they'll know the same about you.
  • Broadcast You can broadcast short messages to all of your Real ID friends and view recent messages that they have broadcast.
  • Friend once, see all characters Real ID friends can see all of each other's characters. All. You won't be able to pick and choose which ones can be seen, unless they are on another Battle.net account.
Again, both friends have to agree to become Real ID friends and this will not be a mandatory feature of Battle.net. This is obviously a feature that you will want to use only with people that you don't mind knowing what Blizzard game you are playing on which character and where.

The complete Real ID FAQ is after the break.

Read more →

Filed under: News items

New scam targets the WoW Launcher

A post in the official forums today, later confirmed by a blue, points to hackers attempting to take advantage of a new avenue to attack the user -- the World of Warcraft Launcher.

As you can see from the screenshot above (large version here) the real launcher apparently is replaced with a fake launcher that sends the user to a web site that pretends to be official, asking for subscription information (including answers to secret questions and the original CD-Key) in what is meant to appear as the means to restore a supposedly suspended account. One of the telltale signs that this isn't legit, besides the very invasive information requested, is the version number in the upper left corner of the screen. We're way past patch 3.1.1 -- however not everyone might know this.

Ancilorn posts confirming that this is not genuine (reiterating that they will never ask for your password in such a manner, and also requesting that such things be sent directly to Blizzard if they happen to you). Goes to show that as security is increased, those looking to breach it become more desperate.

Filed under: News items, Account Security

Help! My account has been hacked!

There are so many scams going around like the Catclysm Alpha invite and the WoW Armory phishing site, that people's accounts are getting stolen more than ever. With all of the work that Blizzard has to do to keep up with the problem, it's no wonder they are offering the fast solution of care packages. We've talked about how to avoid scams as well as how to protect yourself. Here is a guide as to what to do if your account gets stolen.

Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.

Read more →

Filed under: Blizzard, Account Security

WoW Insider Show 

Subscribe via  iTunes for our latest show.

Hot Topics


 

Upcoming Events


Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories