This post is backdated to the date of the original post. It was imported to this blog on May 20, 2014.
Getting hacked is scary, unpleasant and upsetting. However, Blizzard will help you and you will get it all back, all you need is some patience.
You need to do your part though to secure your computer and accounts.
- Have I been hacked?
- How did I get hacked?
- But I don’t buy gold or go to bad websites!
- But I have an authenticator!
- Don’t panic
- Clean your computer
- Change your passwords
- My account was banned!
- An authenticator was added
- Contact Blizzard to start restoration
Have I been hacked?
Lots of items missing? Password changed? Characters transferred to realms you haven’t even heard of? Being asked for an authentication code even though you don’t have an Authenticator? If any of these questions match the ones you’re asking yourself right now, your account might be compromised. – Account Hacked? Security Issue?
How did I get hacked?
There are many possible ways to be compromised. Some examples are:
– Responding to, or clicking on a link in a Fake E-mail from “Blizzard Entertainment” – How to know if an email is a fake
– Flash Vulnerabilities
– Picking up a Trojan Horse virus from somewhere
– Picking up a keylogger from somewhere
– Buying gold or using power leveling services
– A forum or website you used the same email address and possibly password for was hacked and they got your information from it.
– You shared your account with someone and they did any of the above.
But I don’t buy gold or go to bad websites!
As you can see above, those are not the only way to fall prey to a hacking. Even if you use safe browsing habits there is still a possibility of mis-clicking or something on a safe site being infected.
What do I do now?
Blizzard is very helpful with getting accounts restored. Take deep breaths and try to stay calm and be patient.
Clean your computer
Should you believe your account compromised, the first—and often most important—step you should take is to remove any keyloggers, trojans, or spyware which may be present on your computer. To do so, Blizzard encourages players to scan their systems with antivirus and anti-spyware software.
Blizzard recommends using at least one antivirus and at least two anti-spyware programs to ensure a wide range of coverage and recognition. Some programs may not detect what another can. To learn which antivirus and/or anti-spyware programs may be best for you, review their support article, found here: http://us.blizzard.com/support/arti
Change your passwords
AFTER you have run all of the scans and cleaned your computer OR on a separate computer that is not compromised, change at least your email and Battle.net passwords ASAP.
Also, it is strongly recommended that you change your Battle.net email address to one which is ONLY associated with Battle.net and used NOWHERE ELSE. Not only will this prevent it being gathered from other websites if they’re hacked but also will reduce the amount of spam you will get to zero, no guessing whether it’s legitimately from Blizzard or not. This thread has some interesting information on how many phishing emails you can get just by signing up with other websites.
If you are unable to regain access through Login Support—or should you possess any additional questions related to your registered billing information—then it is advised that you contact Billing & Account Services personnel directly.
My account was banned!
“In order to protect our community, access to an account may be temporarily disabled, or locked. In some situations, we may request that the registered user provide a valid ID to unlock the account. This is done not only to ensure the account’s safety, but the also the validity of the information associated with it.
We realize this may be a confusing and frustrating process and so have created a list of tips and suggestions to hopefully alleviate some concerns. Please bear in mind, however, that this information is subject to change.”
Continue reading for more information
Sometimes characters on a compromised account will be used for malicious activities. When this happens, the account to which these characters belong may be suspended, banned, or locked for exploitation.
If your account was penalized for actions which occurred while it was compromised, the appropriate recourse is to contact the Account Administration department as soon as possible. AA representatives may be reached by email or by web form.
Should you have any further questions or concerns why compromised accounts may be penalized, please see the following discussion:
An authenticator was added
In some circumstances, malicious parties may add an Authenticator to an account to prevent access to anyone who does not possess the Authenticator. Contact Billing and Account Service Department to have the Authenticator removed from the account. Billing Representatives can be reached via phone: US, EU
Contact Blizzard to start restoration
Now that you’ve got access to your account, you need to start recovering from the hacking. You want your items, gold and supplies back and in order to do that you need to contact Blizzard.
The restoration process can be short, but it can also be long and take up to 3 weeks to complete. Often you will get your gear and a fair amount of items back right away, but the rest can take longer. Be patient, you will most likely get it all back. Read more here and here.
What should I do to keep this from happening again?
My friend/guildmate has been hacked, what can I do?
The best thing to do is to try to get in personal contact with them. Call, text, email or send them a message on your guild forums. You can also put in an in-game ticket to get their account locked down temporarily, but it’s always best if comes from them. Guild leaders can also contact Blizzard via petition about guild bank losses.
I lost my authenticator! (or the phone it was on)
For assistance with a lost or stolen Battle.net Authenticator, or to request additional assistance, contact Billing and Account Services via telephone or email (US, EU). If you have written down the serial number from the back of the authenticator then this process will be much easier as that’s pretty much all they will need to remove it.
Is this email from “Blizzard” real?
1) Blizzard bans/suspends/warns first and then notifies you. Any email asking you to verify your account or in some way give them your password is a complete fraud.
2) Many Blizzard emails will address you by your first name (on the account).
3) All Blizzard emails will use proper grammar and punctuation.
4) Always go directly to http://www.battle.net or http://www.worldofwarcraft.com on your own, do NOT click on any links in the emails. If it is a fake it will take you to a site which can cause your computer to be compromised, even if you don’t enter any information. You can also hover your mouse over a link to see where it is going to direct you to, inspect it very carefully – they can use tricks such as two “v”s to simulate a “w”.
5) Be wary of any “special offers” including Alpha/Beta invites, usually they are too good to be true. You can verify it’s authenticity by doing all of the checks listed here and in the links. Usually Beta invites are now applied directly to your Battle.net account, so check there as well.
6) The from address showing @blizzard.com or @battle.net does not mean that it is really from Blizzard:
“It’s possible to change how a sending address appears in the “From” field of an email. The process is known as “spoofing” and may cause a phishing email to initially look like it’s been sent by Blizzard Entertainment. To determine the actual sending address of an email, you will need to check the email’s header information.”
See this page for detailed information on how to view headers.
7) You can check any emails you recieve against ones listed in this thread.
Heavily borrowed, copied, edited and summarized from several awesome Blizzard threads:
Blizzard Support – Account Administration
Account Hacked? Security Issue? Look Here!
** Account Compromise Info Center **
**Computer Security Recommendations**
►► Account Hacked/Stolen? CLICK HERE! ◄◄