World of Warcraft Account System Hacked?
Running WoW on Windows? Protect yourself now with Anti-Spyware software
Over the last few months many users of the insanely popular MMORPG World of Warcraft have been reporting more and more incidences of game accounts being compromised at an alarming rate. Even closed accounts have not been spared, making these reports even more disturbing. The typical account hacking usually includes tales of high level characters being stripped of their valuable gear and guild vaults being emptied but typically don’t include any “real world” compromise of billing or other personally identifiable information. Until now. Within the last 24 hours I have been initiated through my own experience with a hacked WOW account into this less-than-gleeful club when persons unknown used a stolen credit card and now Blizzard Entertainment wants to make me pay, all on an account that was not even active when it was compromised! If you have been, or are currently a World of Warcraft subscriber I highly recommend that you remove ANY personal information from your account ASAP. Blizzard insists that 100% of accounts that have been compromised are a result of user’s not taking adequate security precautions but the evidence seems to be pointing towards another explanation.
Even the most basic Google search will turn up hundreds of reports of folks whose accounts have been hijacked and the usually lengthy ordeal they went through in order to return things back to normal. In my own case the issue was not so much getting things returned to normal but more along the lines of trying to figure out how someone managed to actually gain access to my account in the first place.
The story begins in January of 2008 when I closed my World of Warcraft account due to not having enough time to play (was taking classes at the time). According to Blizzard, about three months later my account was compromised and a stolen credit card was used to reactivate the account and my own (months later) investigation revealed that the account was apparently used by spammers (likely trying to sell gold, etc) since I did not have any high level characters and no interesting or rare items.
As you can imagine I was quite surprised to find that my account had actually been compromised since I have never played on a Windows system, only on my trusty Macbook Pro and never on any other network than my own which I use only the latest security precautions (I am a security engineer by day…). To make things even more interesting, believe it or not but I have never even logged into the WOW web site or forums from anywhere other than that one system and only on my local LAN. So after scanning my system and conducting an exhaustive forensic investigation on my Macbook I was forced to conclude that there was no way the account information was leaked or stolen off my system. There was simply not one shred of evidence showing that this was even possible never mind that Blizzard insisted otherwise. So…after going through all this trouble I was still left with no choice but being to suspect that Blizzard Entertainment has had a serious compromise of their account management system or they are being hit by successful social engineering attacks.
Even after coming to this conclusion I still went ahead and let them reactivate my account after being informed by Blizzard that it had been compromised since initially the event appeared to have been resolved and there was little I could do to address the loss of whatever personal information may have been accessed anyway. I thought the matter had been resolved but boy was I wrong.
After only one month my account was again disabled only this time it was due to a “chargeback” on the account from the stolen credit card’s bank. Again, I called Blizzard and reported the problem. This time rather than offering to clear up the situation they began to get defensive and insisted that until an “investigation” was completed my account was still locked because I “owed” $15.74. At this point I was no longer interested in dealing with Blizzard since it was clear they were completely unable to take responsibility and deal with the situation.
So, the facts are as follows:
1. A closed account, with a complex password over 10 characters, and never used on a Windows PC was compromised.
2. I was never notified by either email or phone that my account had been compromised (as best as I can determine).
3. A stolen credit card was used to reactivate the account and Blizzard later attempts to collect the amount “charged back” from the original account holder (me).
4. Blizzard admits that the account was compromised and offers no explanation as to how and still (as of this writing) is making the claim that I am responsible for the charges unless an “investigation” reveals otherwise.
Bottom line: Don’t give any information you value to Blizzard Entertainment since it is very likely they have a serious security flaw in their account management servers or they have an internal personnel security matter.
Here is the only email communication I have received so far from Blizzard Entertainment regarding this issue:
—————————————————————————
Greetings,
Access to the World of Warcraft account <deleted>, has been temporarily disabled due to a dispute filed against the account’s past payments. This dispute was filed by the bank, credit card company, or financial institution associated with the payment on the account.
As a result of this dispute, funds paid on the account were withdrawn from Blizzard Entertainment in direct violation of the account’s terms. This is known as a “chargeback.”
The total withdrawn by this chargeback was: $15.74
A full timeline for this chargeback is as follows:
3/20/2008 – The credit card entered on the account was charged: $15.74 as part of its recurring subscription.
6/25/2008 – The credit card company considered the dispute a success and withdrew the charge from BlizzardPlease review the World of Warcraft Terms of Use at (http://www.worldofwarcraft.com/legal/termsofuse.html), which was agreed to upon establishment of the account in question. Section 1, Paragraph C states that you agree to pay all charges to your Account, including applicable taxes, in accordance with billing terms for access to the Service that are in effect at the time that the fee or charge becomes payable. Furthermore, if your charge is returned to Blizzard Entertainment for any reason, Blizzard Entertainment reserves the right, in its sole discretion, to suspend or terminate your access and your Account, as well as terminating this Agreement and all of Blizzard Entertainment’s obligations hereunder.
The account is now considered by Blizzard to have a negative balance, and will be unavailable for play until any and ALL outstanding balances have been repaid to Blizzard. These funds can only be repaid via a United States money order for the full and EXACT amount of the disputed funds: $15.74.
This money order must be made out to “Blizzard Entertainment” and MUST clearly list the World of Warcraft account name in question: “<deleted>”.
It should be mailed to this address:
ATTN: Billing & Account Services
Blizzard Entertainment
P. O. Box 18979
Irvine, CA 92623We strongly suggest you use some form of tracking to make sure your mail gets to Blizzard Entertainment, we are not able to assist with lost inquiries. If we do not receive your package, we will not be able process your request. Once the money order is received and processed, Blizzard will unlock the account for play again, provided these instructions have been followed. Upon payment, Blizzard will also credit the account with play time equivalent to any paid subscription time that the account was locked out for.
This process to unlock the account is offered with this email is considered as a final warning: ***ANY subsequent payment disputes will result in a permanent closure of the account for repeated breach of the Terms of Use.***
Unless the above process is followed to get the money order to Blizzard, the World of Warcraft account in question will remain unplayable until said funds are received. Please do not reply to this email, as you will receive no further response. Be aware that Blizzard Billing representatives will NOT be able to provide any alternatives or expedite this process in any way.
Thank you for your understanding.
Regards,
Blizzard Billing & Account Services
http://www.blizzard.com/support/wowbilling/
Had a similar experience? Show just how pissed you are by posting a copy (sanitized plz) of your account cancelation email in the comments section below!
Hello there ******–
This message is being sent to confirm that all credit card information has been removed from the World of Warcraft account *****, effectively cancelling its recurring subscription as of July 18, 2008 11:22 PM UTC. The account will not bill or renew any further unless new payment information (credit card or game card) is manually entered in.
The account will remain playable for the remaining time it has already paid for. This account’s current prepaid time will expire on August 4, 2008 1:42 AM UTC.
To check your account status at any time, you can log into your Account Management page at this link, using your account name and password:
http://www.worldofwarcraft.com/account
At this time, Blizzard has no plans to delete or “expire” characters, even if an account is deactivated or cancelled. This means that all of your characters and their progress will be retained on our servers. Should you decide to return to World of Warcraft and reactivate your account, you will be able to pick up your characters again wherever you left off.
In the event you have any other billing questions or concerns, please feel free to contact our Billing & Account Services team for support. You can reply to this email directly, or call 1-800-59-BLIZZARD (800-592-5499) for live phone support between 8am and 8pm Pacific Time. Users in Australia should please call 800-041-378, if the standard 800 line does not work for them.
Regards,
Billing & Account Services
Blizzard Entertainment
billing@blizzard.com
I find it allarming that not only does wow not have controll over there online domain… they have banners up on sights that SELL ACCOUNT HACKING MODS… that work through OMEN, GUILD CALENDER, and several other “community mods” that update at loggin.(only applicable to guild calender) It almost seem as if they are ill conserned with the dissatisfaction of its clients. Furthermore, the only customer base that seems happy with blizzard customer service are people from Europe. and considering that most of the active GMs are opperating in that general area… i wonder why.
Yikes. Found your site after the same thing just happened to me. The only reason I knew was that one of my guildies kicked me from the guild and had the decency to email me about it. I cannot decide if I even want to call up and deal with Blizz or not because I currently have no time or interest in the game.
Chris
My account was hacked and stripped. For this Bliz kindly sent me the following mail…No investigation, this was their response….
Greetings,
We are writing to inform you that we have, unfortunately, had to cancel your World of Warcraft account:
Account Name: LMOTTRAM
Type of Violation: Involvement in online trading activities Investigation Concluded: 02/09/2008 Consequences for Account: Account Cancellation
It is with regret that we take this type of action, however, it is in the best interest of the World of Warcraft community as a whole, and for the integrity of the game, that your access to the World of Warcraft servers be cancelled.
Online trading refers to the exchange of in-game content for real world money, and includes, but is not limited to, the sale or purchase of gold, the sale or purchase of experience in the form of powerlevelling, and the sale or purchase of honor points, reputation or items.
Account access is the responsibility of the account owner and account sharing is against our Terms of Use (http://www.wow-europe.com/en/legal/termsofuse.html). Therefore, should you believe someone other than yourself (the account owner) has committed this violation of the Terms of Use with your account, these sanctions would still apply, as our action is taken against the account, not the individual.
Yes blizzard sucks i played guild wars for 3 years and had no problems of any kind, but then i trayed to play wow, and after 2 weeks i got banned for i heave no idea what kind of reason. I gues some one stolen my account and then do sompthing with it. But can they reactivate my account? I dont think so, they dont give a fuck about us. So i wote to yust ignor STUPID GAME!!!
Sry for bad english i never learned english in school.
My two teenage sons have WOW accounts that have both been compromised multiple times in the one month they have played. They use different computers with different security on them and one son has at least 3 different antivius softwares running at all times. Each night when he logs off, he receives an email from blizzard stating his account password has been changed (Which he didn’t do). We have changed his email account and this continues to happen. The “account thief” then proceeds to place advertising on his account and he is banned for 72 hours. Blizzard has horrible security, poor customer service, but unfortunately, a fun product. I HATE THEM.
My account also got hacked 10/09/2008 and banned same as above. I have not played WOW for like 2 years and after reading this will never again by choice but as banned I have no choice anyway. Just hope that my info was safe but shall change it just in case it gets hacked again, thats if they fix it ofc. Mine was done in the free trial period so luckly, well hopefully no card details like yours were added/taken. Hope you get this sorted and very poor by Blizzard if this amount of hacking is going on with hardly any response from them. I have sent online hacked form like yourselfs just have to see the response not that ill play again just at least it informs them and hopefully helps others like yourself.
I also have a lot of protection on my system’s and as I have not even logged into game for like 2 years there is no way it has come from my PC as every online game I play is different login etc. Blizzard has to wake up to this more so if they thinking on a new game comnig out soon. Poor very very poor.
acount wow
Blizzard indeed has fun products and such but their security is crappy in the last 3 months there have been at least 1000 cases of the same thing happening over and over and all Blizzard seems to do is Disable the account which as far as i can tell makes the retail key you have Useless seens how you cannot discontinue your subscription nor delete the account.
I was gone one weekend and checked my mail and found this mail:
English speaking customers: Please refer to the start of this mail
Greetings, We are writing to inform you that we have, unfortunately, had to cancel your World of Warcraft account:
Account Name:**********
Type of Violation: Involvement in online trading activities
Investigation Concluded: 02/11/2008
Consequences for Account: Account Cancellation
It is with regret that we take this type of action, however, it is in the best interest of the World of Warcraft community as a whole, and for the integrity of the game, that your access to the World of Warcraft servers be cancelled.
Online trading refers to the exchange of in-game content for real world money, and includes, but is not limited to, the sale or purchase of gold, the sale or purchase of experience in the form of powerlevelling, and the sale or purchase of honor points, reputation or items.
Account access is the responsibility of the account owner and account sharing is against our Terms of Use (http://www.wow-europe.com/en/legal/termsofuse.html). Therefore, should you believe someone other than yourself (the account owner) has committed this violation of the Terms of Use with your account, these sanctions would still apply, as our action is taken against the account, not the individual.
If you wish to review our current Rules and Polices, they can be found at:
http://www.wow-europe.com/en/policy/
Regards,
Account Administration
TeamBlizzard Entertainment Europe
—————————–
I figured out that I had some keyloggers and quickly removed them, but they can’t just cancel my account without a long investigation.Blizz realy sux
Greetings,
We are writing to inform you that we have, unfortunately, had to cancel your World of Warcraft account:
Account Name: xxxxxxxxxxxxxxx
Type of Violation: Involvement in online trading activities Investigation Concluded: 05/12/2008 Consequences for Account: Account Cancellation
It is with regret that we take this type of action, however, it is in the best interest of the World of Warcraft community as a whole, and for the integrity of the game, that your access to the World of Warcraft servers be cancelled.
Online trading refers to the exchange of in-game content for real world money, and includes, but is not limited to, the sale or purchase of gold, the sale or purchase of experience in the form of powerlevelling, and the sale or purchase of honor points, reputation or items.
Account access is the responsibility of the account owner and account sharing is against our Terms of Use (http://www.wow-europe.com/en/legal/termsofuse.html). Therefore, should you believe someone other than yourself (the account owner) has committed this violation of the Terms of Use with your account, these sanctions would still apply, as our action is taken against the account, not the individual.
If you wish to review our current Rules and Polices, they can be found at:
http://www.wow-europe.com/en/policy/
Regards,
Account Administration Team
Blizzard Entertainment Europe
Jokers, I haven’t even logged in for 2+ years!!!!
I’ll take it a step further. After my account was hacked, I reset my computer to factory settings. Made new e-mail accounts to use for my WoW account. Had blizzard re-activate me. And on a Completely clean fully updated computer, the hacker had cracked my new password in about 12 minutes. Blizzard either has compromised account servers or someone working from the inside (I find this to be more likely as I suspect someone is monitoring chat channels of users that have had compromised accounts. I stupidly typed my new e-mail address to my son in another city in whisper channel. About 10 seconds later my account was hacked again.) I’ve dealt with networks and security issues for over 20 years and know that I’m doing. Blizzard has a massive security breach and they are blaming the user to avoid a MASSIVE Class action lawsuit. IF they don’t have breached servers, then why are they pushing the new keyfob device AT COST. They KNOW they have a problem the just won’t admit it.
I’m having the same problem that most of you guys have been talking about.. I would just like to add that not only was my account compromised but there was an attempt to modify my email address to another email address whose domain was xxxx@yahoo.CN (.CN!) This is highly disturbing and Blizzard better make amends or they will have MANY MANY ANGRY customers… Enough is enough!
My account got hacked through a trojan on my PC. once i got control back..Mind you 2 e-mail accounts were hacked as well, and all the settings were changed. Oddly the person that did it was through Shinacorp.com which is a china organization.
I got a hold of Blizzard and got the account back under control, oddly 3 of my higher lvl toons had been re-named and moved to a different server, but only after everything worth value was stripped off of them, and then i find all 3 of them in a guild, which makes me suspect that some poor dumbass bought the account from one of these account selling places.
I put in an investigation complaint to get them back to their original realms, however to date i have not heard one single word from blizzard back on it, and it is now going on 7 days. I have received 10 customer satisfaction surveys, but nothing else from them.
So we will see what happens. If i dont get 100% restoral then i am done with paying Blizzard to play, i will just play on Free Private servers.
I deactivated WoW in January of 08′. At around March I got a weird email from Blizzard about account change details. Because I was so busy at the time and simply didn’t care or think it was anything besides Blizzard making changes to accounts overall; I ignored it.
When I wanted to play at WoTLK release my password wouldn’t work. I called blizzard, had everything fixed and was playing.
12 Hours later my password was changed and I couldn’t log on. I checked my email, nothing saying that I changed my password.
Called blizzard. Apparently the people changed my email address from the account page using my SECRET ANSWER, which I had never typed in ever before for years.
Changed my email/password, etc from another computer. Virus scanned and of course found a Keylogger. Started playing again after my 24 hour suspension for multiple pw/email changes from me fighting with the opposite end of the keylogger.
Now I have multiple virus porgrams, included Uniblue Spyeraser, one of the best and cost $50. It finds the keylogger almost instantly.
But I still get the keylogger about once every three days. I know it happens when I get disconnected from the game because that means somebody just logged me on. I immediately go and change all my info on ANOTHER computer THAT NEVER LOGS ON WOW and NEVER HAS A KEYLOGGER and also has almost NILL protection or virus programs at all. And luckily I beat the hackers from ever stealing anything.
What I’ve done now is tested this and not gone to any internet website and turned my security on max and only played wow for 3-4 days on that computer. I’ll still get the random disconnected and then have to do the process all over again and it always finds a keylogger.
People may say I haven’t removed the virus entirely and its reinstalling the keylogger. But I dont think so, not with all the protection I have now and the help from several serious high end techies who check my Hijackthis logs and registry and say it’s clean.
Blizzard has a compromise on their end. Keyloggers are being sent to people over the patcher in some random intervals and to the same people. It is being sent at a low enough level that blizzard either won’t catch on that it’s on their end, or will deny it.
Account Hacked
Traced signal
101.23.132.132 pt. 1203.13.954.123 gr.
traced that signal for interfearing signals and traced it to NE china … i got pissed .. and infected there server.. they have around 1,500 accounts.. thats i got to see till they kicked me off by force.. these guys are pro’s… sell/trade accounts and gold. They use encyrpting signals and codes.. unfortunatly for them im quite good at hacking myself… more and more of my friends are getting hacked by the same guys… so.. be wary.. use shift letters.. for password.. it screws there auto-key logs up… dont download any add-ons is a bonus and a reccomendation
Good Gaming,
Gar – 80 paladin
Dont get hacked… by the chinese lol
Hello Jolie,
This e-mail notification is to inform you that the World of Warcraft account, nachoo31, has just been merged into a Battle.net account. If you were not the person who performed this account merge, please contact Battle.net Supportimmediately.
You have successfully merged the following World of Warcraft account:
nachoo31
into the following Battle.net account:
soara70a@yahoo.com
From now on, you must use the above Battle.net account name and its password to play World of Warcraft and to access World of Warcraft Account Management for billing and subscription services. Your World of Warcraft billing information has not been affected by this merge.
Important! Please note that any existing recurring billing on the merged World of Warcraft account will continue uninterrupted.
In addition, you will use the above Battle.net account username and its password to log in to other Blizzard online services such as World of Warcraft Account Management, the World of Warcraft Armory, and the Blizzard Store.
A similar notification of this account merge has also been sent to the email address registered to the Battle.net account.
For more information, click here for answers to Frequently Asked Questions or to contact the Blizzard Billing & Account Services team.
Sincerely,
The Battle.net Account Team
Online Privacy Policy
Just got the email this morning.. sent report to Blizzard. Haven’t touched it in a year.
For me I had my account attacked but not taken over. I recieved a email stating that information has been changed on my WOW account and that If I did not request that then I needed to sign on to my account and fix it. It had the individuals email and even changed my Phone numbers. I went back through the whole account and placed everything back like it was, this is the email address that was put instead of my own Bamadallas95@yahoo.com .
I had noticed about a week before that my yahoo pager kept signing off for no reason. Of course at the time I just changed my password and did not think anything else of it until the account on WOW got hit. I believe when I changed the password on yahoo they were no longer able to do what they needed to do and intercept the email letting me know the account had been changed. So I think I beat them to the punch. I think probably they are hitting the emails first then the wow accounts. So anyway I changed the password to one that is so long they will never figure it out. And I changed it on a weekly basis now. Hope this helps.
Bamadallas95@yahoo.com
so if you see this email then you know he or she was trying to take over your account. And Yes I did notify Blizzard on this email but no response yet.
I had a problem with my account being stolen.
Apparently an addon my son installed also installed some type of keylogger that changed my password too.
It was smart. Smart enough to follow me through me email address and request and complete account password changes faster than I could.
My support experience with Blizzard was actually a GOOD one. My call to them was answered promptly, the rep locked my account up and provided me the password he reset it to.
I was able to set up another email and get my account back.
They responded so quickly that all of my toons, gear, and money was still intact.
I’ve been at this game since the beginning. I was hacked once before because I didn’t have anything at the time to search for keyloggers. I checked my e-mail this morning and I’ve been hacked and one toon was transferred and then more than likely deleted. At the moment I don’t know if my credit card was used or not. This in itself ticks me off. If the toons got hacked that’s one thing but my bank account is completely different. When I tried to call them I got told it was a 40 minute wait time. I choice to let some time pass because I didn’t want to wait in queue that long. The second time I called back the message said to just e-mail them. So I don’t know if my credit card was compromised or not.
I’ve been IT for 30 years. When I learn about an IT threat I normally deal with it and prevent it. Watch Blizzard is going to say I didn’t change my passwords often enough. I didn’t know that accounts were being hacked that have been closed. I made some reference in my response to them to check India or China. Seems am correct after all.
It’s unbelievable this is still an issue in 2010. Just had it happen to me. They do however recognize the problem though they pass it off on website grabbing the account info or keylogger which is total bs. They now have the Authenticator which you can link to an account and randomly generate a key to get in. I think they underestimated the amount of effort and loss of revenue from this breach. Too little too late.
Anyways this topic is still relevant *bump*
Thank you for contacting Blizzard Entertainment Support.
We hope that the information that was provided to you was helpful in resolving your issue. Customer satisfaction is a top priority here at Blizzard Entertainment, and we would like your feedback on the level of service you have received. Your response would be very much appreciated.
Here is a link to the survey:
This link is uniquely tied to this survey and your email address; please do not forward this message.
Thank you for your participation!
James
Blizzard Support