WoW: Account Hacked - Battle.net Merger

Pages

I haven't logged in for a year and a few months, so I was surprised to get this in my mail today. Sure enough, can't change my password back, looks like I've been hax0red Jim. It's odd, I run a very tight ship on all my systems, full scanning, no funky sites, no mods, it's as clean as it gets.

I emailed [email protected], so hopefully they can get this back for me. Not much you can do in the meantime eh?

A quick Google shows this "Merger" causing all kinds of funky hacking attacks, so at least I'm not alone.

PS. My name is not William. But what a lovely, generic and safe name to use for a hack attempt!

---------- Forwarded message ----------
From: Blizzard Entertainment
Date: Tue, Jul 21, 2009 at 9:10 PM
Subject: World of Warcraft Account - Account Merge Notice
To: William <[email protected]>

Hello William,

This e-mail notification is to inform you that the World of Warcraft account, *****, has just been merged into a Battle.net account. If you were not the person who performed this account merge, please contact Battle.net Supportimmediately.

You have successfully merged the following World of Warcraft account:

******

into the following Battle.net account:

[email protected]

From now on, you must use the above Battle.net account name and its password to play World of Warcraft and to access World of Warcraft Account Management for billing and subscription services. Your World of Warcraft billing information has not been affected by this merge.

Important! Please note that any existing recurring billing on the merged World of Warcraft account will continue uninterrupted.

In addition, you will use the above Battle.net account username and its password to log in to other Blizzard online services such as World of Warcraft Account Management, the World of Warcraft Armory, and the Blizzard Store.

A similar notification of this account merge has also been sent to the email address registered to the Battle.net account.

For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.

Sincerely,
The Battle.net Account Team
Online Privacy Policy

A fax of the form and a copy of your id and they will unmerge it. Took about 4 hours yesterday for me.

Here's another situation I think someone will have encountered. I currently have an un-merged wow account which is associated with my authenticator, do you get asked to generate a number if you try to merge it, or is only username + password needed for a merge?

I called a few minutes ago. I was on hold for about 25 minutes, so not too bad. I was surprised by the very friendly service, and the rep managed to make me my own battle.net account and merge my WoW account back into it. All I needed was my Mother's maiden name, so I'm glad that wasn't compromised or changed in any way.

+1 to Blizzard Support!

Scratched wrote:

Here's another situation I think someone will have encountered. I currently have an un-merged wow account which is associated with my authenticator, do you get asked to generate a number if you try to merge it, or is only username + password needed for a merge?

Yes when you merge you will be asked to authenticate with your authenticator, and each time you log into WoW like normal.

If you play WoW for any significant time I can't see why someone would not have an authenticator, unless they share accounts with other people. They are only six bucks and are pretty much proof against hacking.

LeapingGnome wrote:
Scratched wrote:

Here's another situation I think someone will have encountered. I currently have an un-merged wow account which is associated with my authenticator, do you get asked to generate a number if you try to merge it, or is only username + password needed for a merge?

Yes when you merge you will be asked to authenticate with your authenticator, and each time you log into WoW like normal.

If you play WoW for any significant time I can't see why someone would not have an authenticator, unless they share accounts with other people. They are only six bucks and are pretty much proof against hacking.

Ok, a dumb question...why are authenticators that necessary? Are they just protection against keyloggers?

Yes, it's another level of security. Instead of username+password, you need username+password+number. The way I see it, if you're spending £9/$15 a month and a lot of time on your game, then a little more to keep it safe isn't that big an ask. It's like antivirus, you shouldn't need it if you are sensible about your computer, but when something slips by it's another safety net. Since starting my wow career I have only used one password and never been hacked (touch wood), I'm not aware of my computer ever being compromised, but there's always a first time.

ScurvyDog wrote:
LeapingGnome wrote:
Scratched wrote:

Here's another situation I think someone will have encountered. I currently have an un-merged wow account which is associated with my authenticator, do you get asked to generate a number if you try to merge it, or is only username + password needed for a merge?

Yes when you merge you will be asked to authenticate with your authenticator, and each time you log into WoW like normal.

If you play WoW for any significant time I can't see why someone would not have an authenticator, unless they share accounts with other people. They are only six bucks and are pretty much proof against hacking.

Ok, a dumb question...why are authenticators that necessary? Are they just protection against keyloggers?

They're not "that necessary" but they are protection against just about every kind of password hack out there for WoW, save someone who is smart enough to ask you to authenticate, then they have a 1-min window to bust their way in, assuming you fall for their ruse.

Ultimately, I use one to protect my account, my guild, and my personal info. If every important place on the web that had my personal information would allow me to use an authenticator like this I would do it in a heartbeat.

NSMike wrote:

If every important place on the web that had my personal information would allow me to use an authenticator like this I would do it in a heartbeat.

Can't agree with you more, although perhaps something a little more robust.

Having to pay for essential security kinda sucks. No matter the price. Fewer hacked accounts means fewer demands on the support infrastructure that corrects that so it would seem to be in Blizzard's best interest to give the things away.

There's a free version on iPhone/ipod touch but you have to merge into Battle net first. Its not a bad solution, but you have to already own a very expensive device to have access.

polypusher wrote:

Having to pay for essential security kinda sucks. No matter the price. Fewer hacked accounts means fewer demands on the support infrastructure that corrects that so it would seem to be in Blizzard's best interest to give the things away.

There's a free version on iPhone/ipod touch but you have to merge into Battle net first. Its not a bad solution, but you have to already own a very expensive device to have access.

Odd, you'd think a software version could be ported over, maybe tied to a MAC address.

LtWarhound wrote:
polypusher wrote:

Having to pay for essential security kinda sucks. No matter the price. Fewer hacked accounts means fewer demands on the support infrastructure that corrects that so it would seem to be in Blizzard's best interest to give the things away.

There's a free version on iPhone/ipod touch but you have to merge into Battle net first. Its not a bad solution, but you have to already own a very expensive device to have access.

Odd, you'd think a software version could be ported over, maybe tied to a MAC address.

Well they have that kind of thing for the iPhone and I believe the touch (not 100% though) that works like the keyfob. But not really strictly software based on MAC because there is such a thing as MAC cloning that I think would really screw that all up where as the keyfob is tied specifically to your account through a main server that Blizzard has control over.

Northrop Grumman had this very thing for their VPN access when I was on the road. I wish the govt had the same thing but in its place I have my CAC now will all my info on it and access the computer by putting in my PIN from the card. Since my card is with me everywhere I go I don't have to worry to much (I still have to be concientious about where my card is at all times) about security.

Demonicmaster wrote:

(I still have to be concientious about where my card is at all times)

Think I've left my wallet at home once in the last two years, since I started carrying my CAC in it. Just too paranoid about not being able to do my job if I leave it at home.

LtWarhound wrote:
Demonicmaster wrote:

(I still have to be concientious about where my card is at all times)

Think I've left my wallet at home once in the last two years, since I started carrying my CAC in it. Just too paranoid about not being able to do my job if I leave it at home.

Only once did I forget my wallet and my wife was so stunned that she thought I was doing drugs or something. I always have my keys, wallet, and phone where ever I go. My wife on the other hand...always losing her keys or forgetting her purse, or this or that. But back on topic, my account was too hacked and if you can kind of gauge how I handle security of my belongings that is an amazing feat. I was so stunned, but I was glad I caught mine in the act. I already had a merged account and they added their WoW account to mine. I just so happened that I logged on as he was doing it and changed my password and email (I have like 5 different email accounts I use) before he could do anything with my characters. But in the process I was able to see his. I didn't do anything to them, but oh I wanted to. But I figured that the account he merged was probably another hacked account and it would not have made a difference.

But I contacted Blizz and they locked my account out totally, no loggin in or anything and did their investigation and found nothing misplaced and said they restored everything but I was still unable to log on. I then get an email from them saying they need ID from me to show them that I am the rightful owner of the account in question. I just haven't gotten around to doing it yet as I got pretty busy at work.

Well they have that kind of thing for the iPhone and I believe the touch (not 100% though) that works like the keyfob.

It does work with the iPod Touch. The only requirement is that you have an internet connection the first time you use it. After that, it can be used to generate keys without an internet connection. I have it on my touch, but I also have the fob, and prefer the fob, so I haven't set it up yet, but it will work.

NSMike wrote:
Well they have that kind of thing for the iPhone and I believe the touch (not 100% though) that works like the keyfob.

It does work with the iPod Touch. The only requirement is that you have an internet connection the first time you use it. After that, it can be used to generate keys without an internet connection. I have it on my touch, but I also have the fob, and prefer the fob, so I haven't set it up yet, but it will work.

Thanks for the assist on that. Now I know.

My account was hacked as well. I put a post about it up on GameFinance: http://gamefinanceblog.com/?p=380 Hope you got your account back, Swat, and that your characters were not effed with too much.

Oop, good point Mateo, I haven't tried logging in because I'm not subbed. I just downloaded the 10 day Lich trial (Again? what's my limit to trying for Lich for free? :D) to check if it all looks legit still.

mateo wrote:

My account was hacked as well. I put a post about it up on GameFinance: http://gamefinanceblog.com/?p=380 Hope you got your account back, Swat, and that your characters were not effed with too much.

This might be the first hack I've seen where ... ah, I won't spoil it. The rest of you need to go read it.

I guess I'll offer you both condolences and congratulations. I think.

[quote] called a few minutes ago. I was on hold for about 25 minutes, so not too bad. I was surprised by the very friendly service, and the rep managed to make me my own battle.net account and merge my WoW account back into it. All I needed was my Mother's maiden name, so I'm glad that wasn't compromised or changed in any way.

+1 to Blizzard Support!

so i did the same exact thing as u but they never told me what my pw was to log onto wow. do i just use my e-maill address , in which case i did and it was to long to even fit into the wow password login. also i cannot find an option to retreive the password and i been trying to call blizz back but its always busy =(

Greetings i had my account hacked yesterday and im going crazy those freaking @$#&^ hackers activated authenticator key i sent a mail to blizz with all the requirements does anyone knows if they can do something?:(

From what I've heard, if you can prove you should own the account you should be fine.

Astraith will always leave wrote:

Greetings i had my account hacked yesterday and im going crazy those freaking @$#&^ hackers activated authenticator key i sent a mail to blizz with all the requirements does anyone knows if they can do something?:(

Change all your accounts that use the same password as the one on your WoW account. Also change the password on the email account that is tied to your WoW account.

Astraith will always leave wrote:

Greetings i had my account hacked yesterday and im going crazy those freaking @$#&^ hackers activated authenticator key i sent a mail to blizz with all the requirements does anyone knows if they can do something?:(

My husband did this, after scanning his ID and sending the proper documents. It does take a little while to get processed, though. I think waited a week or so before he could access his account again.

Blizzard will tell you if they need anything more from you when they can. Also, listen to Yoyoson's excellent advice.

when you say documents you mean id number and staff like that ? I just mailed the secret question and the original cd key.I read the instrunctions of the mail to blizz and it said only if you dont remember the cd-key or secret question send us a copy of your id...so what should i do?

I'm sorry, I don't understand your question?
If you followed the directions(?) that you got (?), then I guess all you can do at this point is wait. It doesn't happen overnight.

Νο no blizz didnt answered yet its weekend and they are closed.I just asked you if its nessecery to sent my id number

Unless they write back saying they need your id, I wouldn't send it.

Astraith will always leave wrote:

Νο no blizz didnt answered yet its weekend and they are closed.I just asked you if its nessecery to sent my id number

Relax and take a drink (or smoke or yoga moment). We've seen that Blizz is responsive, albeit slow. Just explain the situation, without divulging your password, and everything should be good.

Astraith will always leave wrote:

Νο no blizz didnt answered yet its weekend and they are closed.I just asked you if its nessecery to sent my id number

Can't hurt.

Same exact thing happened to my son -- his account got hacked, and the hacker slapped an authenticator on it.

He sent them a copy of his ID (he had long since lost the CD key number) and got everything back in about three work days.

New thing for phishing hit me today. I got this in the e-mail, purportedly from Blizzard. When I stupidly clicked on the listed page (okay, I'm an idiot!), fortunately it was blocked by Firefox as a questionable site:

Hello,

A Character Faction Change is now pending for the World of Warcraft account [e-mail]. Please allow several days for the faction change process to complete. An email will be sent to you when it is done. You can also track the status of your request by signing into the Transaction page here: [spam site known as us.blizzard.faction].

Below is a summary of the transaction, which you may want to keep for your records.

------------------------------------------------------------------------------------------------------------------------------------------------

World of Warcraft Account Name: [had my e-mail from battle.net]
TRANSACTION ID: 47062909

------------------------------------------------------------------------------------------------------------------------------------------------

Please note the following additional information:

- This account is not available for play while the faction change is pending.
- If you did not make this transaction, you should immediately check your account to prevent character lost.
- This account cannot change factions again until 3 days have elapsed.
- You can review this and other Account Management transactions by logging into Account Management and going to your Transactions page at [spam site known as us.blizzard.faction].
- For more details on Character Faction Change, refer to the Character Faction Change FAQ located at http://us.blizzard.com/support/artic....

You can find World of Warcraft Account Management at: [spam site known as us.blizzard.faction]

We hope you enjoy your new faction!

Regards,

The World of Warcraft Team
Blizzard Entertainment

Pages