I received this email earlier this evening and initially thought nothing of it - I figured it was a phishing scam as usual so I ignored it. That is, until I tried to log in to Diablo III for the first time in about a month. Invalid password...hm, that's weird.

I went to Battle.net and tried to log in...no such username/password combination. I tried to tell Blizzard that I forgot my password, but now my Battle.net registered email doesn't exist, so I had to go for the "I think my account got hacked" route. Oh, guess what...the answer to the secret question now isn't working either, and all of my Blizzard games were purchased digitally so I can't even give them the first six digits of one of the game codes to verify who I am.

What am I left with? I opened a support ticket and sent them a scan of my US Passport.

Here are some details:

• I recently changed my information when prompted to do so after Blizzard's most recent security breach. I did this my opening a web browser and going to Battle.net...on a Mac.
• I changed my password yet again about two weeks ago to something that I don't use for anything else that was a combination of letters, numbers, and special characters.
• I had an Android authenticator and SMS authentication attached to my account and have since the day I purchased D3.
• I am extremely careful about my computers and information. There is virtually no possibility that my login information was stolen with either a keylogger or trojan. I also am well aware of phishing scams and the like and have never revealed or even typed in any of my security information, and no one I know knows my password or could have guessed it, either.

So, there we are. I have no idea how this happened and I was as protected and careful as I possibly could have been, yet was still hacked. I haven't even played Diablo III in over a month. Great job Blizzard - get your crap together.

Bah, that sucks man. :(

I only lost my battle.net account once, way back when I was playing WoW. I didn't have an authenticator back then, and it took me almost two weeks to get my stuff back. Didn't help that I was the Guild's second main tank, and we were deep in progression in Hard Mode 25-mans. Once I got the account back I got a physical authenticator, and now I've been using a mobile version for Diablo 3. Hope it's sorted out for you.

I'm sure I'll get the account back eventually - the question is, what about the real money balance I was carrying of about $40? That's probably long gone.

Dude, that sucks ass!

@MB:

we're all thinking it

I'm just saying it

it was probably hitman,

he finally got you

he probably knows where you live.....

run

EDIT:

In all seriousness though, this whole blizzard security thing is pretty shit, but it must be lucrative to the people willing to do this much work to breach security measures, right?

Man, that sucks. Hopefully you get your account back soon plus the 40 bucks. Best of luck!

Man, everything I've read about DIII makes me glad I stayed away. Good luck on getting your account back man.

One day Steam is going to run into the same problems isn't it?. Any site/service with that amount of personal information gets hacked eventually.

Bad luck man. Hopefully you can salvage your account and your cash.

Good luck on getting your account back, I've gotten hacked once not that long ago, but Blizzard was nice and quick to act.

I logged out for dinner, then I got an Email ten minutes later that my account had been banned for suspicious activity involving gold selling, I finished my dinner, went to the Blizzard account recovery website and 15 minutes later I was playing again.

I was secretly glad when my WoW account was hacked, kept me from wasting hours and money. Regardless, I hope Blizzard gets your account sorted out swiftly, always no good when your property gets stolen.

@wordfalling: I know what you mean.

Before this, whenever I read about someone's account being hacked, I thought..."Oh, they probably fell for a phishing scam or had simple passwords or something." Now I realize that is simply not the case.

While I'm not exactly ready to boycott Blizzard games over this, I'll certainly never trust them with my money again.

@MB: Oh wow, you should not have ignored that email. If it says it's from "battle.net" and isn't "via" something then it's the real deal.

@Chavtheworld: By the time I got that email, the account was already stolen. There weren't any before it...that was just the notification that my email address had been changed.

@MB: That "click here" link would have at least cancelled the email address change, no? Also you might not have left it another month or so for them to fully change your recovery questions etc etc. But who knows, best of luck getting it back.

EDIT: Just realised I read that month thing wrong, my bad. Yeah that sucks :(

I had my WoW account hacked a couple of years ago and the recovery process was actually really painless. All my items and progress was restored, the guy who helped me out didn't fuck about or ask a bunch of stupid questions. Quick and easy.

Sucks man, i have fears of this happening to me, so in got that authenticator thing.

@Chavtheworld: not really hard to overlook emails like that, seeming i have an email account that gets like 30 blizzard phishing scams a week i've just learned overlook crap like that.

This is still pretty shitty, even if you go though all the hoops and think your covering your ass shit still happens. Guess i should check my account.

@MB: You didn't get an SMS when someone tried to login to your account? All these hacked accounts topics are really making me paranoid.

@valrog: Nope. The only SMS I ever got from Blizzard is what I verified my phone number for the SMS "protection."

One thing I will say about Blizzard, they sure make it easy and quick to get your stuff back. My WoW account was hacked and all I had to do was take a picture of my driver's license with my iPhone and e-mail it to them. My girlfriend's was hacked shortly afterwards and I think all I did was tell them it was hacked and she got it back. I had a mobile authenticator, she didn't. Doesn't seem to make a real difference.

If you were ever going to expect certain companies to manage your security correctly due to their experience in the online space, you'd think Blizzard would be right up there.

When blizz got hacked the hackers also got the mobile authenticators so those weren't safe, some famous WoW player also got hacked recently, they hacked him by calling blizzard and sending them a fake ID to recover his password and then they disbanded his 3v3 and 5v5 teams which he had rank 1 with.

@MB: I lost my copy of Diablo 3 (although not my Bliz account with SC2 luckily) due to it being hacked and Blizzard locking me out for gold farming/abuse of the game despite the fact that they had sent me emails warning that my account had been compromised. It got sorted out in the end but I've still yet to create a new account/email addresss etc. and show proof of purchase in order to reactivate it. I just don't care enough about Diablo 3 to do so but at the same time the fact that my game just disappeared is somewhat annoying. I'll get around to it eventually.

I don't play online, I'm in it for the singleplayer but even I'm not safe from this. It's nice that they're secure but the inconvenience so far outweighs my interest in the game that I can't bring myself to do all the necessary steps right now.

I was about to call you an idiot for not using an authenticator but now I'm just worried. I've got an Android Authenticator aswell.

I'm pretty goddamn sure that if there wasn't a way to make very real money off of this game all of these hacks wouldn't have happened. This isn't typical MMO gold-farming numbers, either. The amount of hacked accounts being stolen is fucking alarming.

@Chavtheworld said:

@MB: Oh wow, you should not have ignored that email. If it says it's from "battle.net" and isn't "via" something then it's the real deal.

When using telnet or whatever to send emails, you can just type whatever you want as the sender e-mail address. So unless your email provider cross checks the address with the IP address (which not all do, Google does though), I would not be that convinced about the authenticity.

My revenge on you for moving the Wrestling Discussion thread out of Wrestling Ring is complete!!

But really, that sucks balls. I dread to think about the day that Steam is truly compromised.

@RustySanderke said:

@Chavtheworld said:

@MB: Oh wow, you should not have ignored that email. If it says it's from "battle.net" and isn't "via" something then it's the real deal.

When using telnet or whatever to send emails, you can just type whatever you want as the sender e-mail address. So unless your email provider cross checks the address with the IP address (which not all do, Google does though), I would not be that convinced about the authenticity.

I'm fairly sure when you do that to fake the email address it comes up with the via thing, no? Plus Blizzard can track that shit right?

@adam1808 said:

One day Steam is going to run into the same problems isn't it?. Any site/service with that amount of personal information gets hacked eventually.

Bad luck man. Hopefully you can salvage your account and your cash.

This is what happens when we jump head first into "the future" in an unnatural speed. We begin relying on the INTERNETS to buy our games even though it's not nearly as safe or stable as it should be and next thing you know our entire game "belongings" are nothing but software that can be taken away and our wallets can be hacked and emptied out.

I really dread the day when Steam gets hacked and people lose their games and get their credit cards stolen. I hate steamworks for forcing me to have Steam games rather than real games on a disc that no one can get to.

Sorry to hear about it my good man, I remember the feeling of having mine hacked. At least mine wasn't stolen, the thieves had the good faith to leave my password; they just stole my stuff and fucked off.

@AhmadMetallic said:

@adam1808 said:

One day Steam is going to run into the same problems isn't it?. Any site/service with that amount of personal information gets hacked eventually.

Bad luck man. Hopefully you can salvage your account and your cash.

This is what happens when we jump head first into "the future" in an unnatural speed. We begin relying on the INTERNETS to buy our games even though it's not nearly as safe or stable as it should be and next thing you know our entire game "belongings" are nothing but software that can be taken away and our wallets can be hacked and emptied out.

I really dread the day when Steam gets hacked and people lose their games and get their credit cards stolen. I hate steamworks for forcing me to have Steam games rather than real games on a disc that no one can get to.

Steam was already hacked and... Nothing happened. Besides, didn't Gabe give out his password when they introduced Steam Guard and no one could access his account? Maybe Blizzard should take some notes.

Anyway, just added a Mobile Authenticator to my phone (Now that I finally own an Android), but I'm still worried.

@AhmadMetallic said:

@adam1808 said:

One day Steam is going to run into the same problems isn't it?. Any site/service with that amount of personal information gets hacked eventually.

Bad luck man. Hopefully you can salvage your account and your cash.

This is what happens when we jump head first into "the future" in an unnatural speed. We begin relying on the INTERNETS to buy our games even though it's not nearly as safe or stable as it should be and next thing you know our entire game "belongings" are nothing but software that can be taken away and our wallets can be hacked and emptied out.

I really dread the day when Steam gets hacked and people lose their games and get their credit cards stolen. I hate steamworks for forcing me to have Steam games rather than real games on a disc that no one can get to.

I don't have the same issue with relying on the internet to deliver my games but you know what's awesome about physical games? Ownership. Yes I have no more space but I like reading those shelves and telling myself I'll go back to them all at some point.

If you have an authenticator and didn't go to battle.net and update your info, do it now. Blizzard got hacked awhile back (2 weeks? a month?) and one of the things they got a hold of was the serial numbers for the mobile authenticators. They also got our security questions / answers. Logging in to battle.net prompts you to update that info and essentially get a new mobile authenticator.

@Oldirtybearon said:

I'm pretty goddamn sure that if there wasn't a way to make very real money off of this game all of these hacks wouldn't have happened. This isn't typical MMO gold-farming numbers, either. The amount of hacked accounts being stolen is fucking alarming.

There's a way to make very real money off every MMO and any online game with an economy. Blizzard gets so many of these, because they have an exponentially higher amount of players than any other game just with WoW and now they have WoW and Diablo III. It's an easy target because a lot of casual gamers play Blizzard games and use bob123 as their password.

Happened to me back in the WoW days, one of the amazing things about Blizzard (as many have mentioned above) is that their customer support is amazing and they help really fast when it comes to account info theft and any sort of in-game hacking. Best of luck with it all!

Same thing happened to me, although I'm probably not as careful with security as you are. Got my account back real quick, now I use an authenticator.

So this can by no chance be related to the recent breach? You updated everything? Password, secret Q&A and updated the SMS authenticator info?

That truly sucks and I don't like anyone getting hacked, but it's just one more tally in my book of reasons I'm done with Blizzard products. Also so glad authenticators don't do shit anymore to stop these pricks :(

I can't even log into mine because my authenticator was on my iPhone that broke :'(

The exact same thing happened to me. Blizzard had my account back to me within an hour. And my RMAH balance was the same.

My fiancee's battle.net account was hacked about a year ago. I call shenanigangs. Her password was secure, a combination of lowercase, uppercase, numbers and special characters and it wasn't a word. She never posted in any forums or anywhere about playing WoW ( so it'd be impossible for a hacker to link her email address to her battle.net account ) and she didn't share her account with anyone. At that point, she hadn't even played wow for a good 6 months. Yet sure enough, she got a email about being hacked. Her password still worked though but all her gear was missing. The hacker had put a 1-month timecard on the account.

We got all her missing gear recovered by blizzard in about 2-3 days, but I still believe that something about this is fishy. See, her computer's OS is in german, yet she doesn't speak german ( she speaks english ), so she does not install any software without checking with me first. So I know for sure that she didn't accidentially download any malware ( coupled with the fact that she hadn't played wow for 6 month and doesn't use the password for anything else ). She also only uses a updated firefox as her browser, so no ActiveX stuff either.

All these facs together leave me relatively stumped. A Blizzard employee wouldn't be able to divulge the information as their customers passwords are probably encrypted. Even if hackers would have gotten access to their database, they also would have only gotten the encrypted passwords, so I have no idea what happened.

I got an email saying my battle.net account was locked due to suspicious activity. I haven't logged in since shortly after the release of Diablo III.

People who do this need to get a life

I wonder if it's due to social engineering (isn't that what they call it when they get your info from Facebook, etc?). Like with the whole Fifa fiasco; didn't they find out it was people calling CS and pretending to be the person who's account they wanted access to? All they needed was some information from Facebook or something and they could get access?

I keep getting e-mails from Blizzard, and recently ArenaNet, mentioning a change to my account. I typically mark them as spam since I know I didn't do anything, but I do check them from time to time and it's usually a link masking some unknown site (i.e. not directly to blizzard), so yeah, this stuff really sucks. Thankfully, I haven't been interested in Blizzard or Guild Wars stuff in years. I know I still have access to my Blizzard account, not so sure about ArenaNet, but I really don't care about Guild Wars stuff right now.

Edit: I checked my ArenaNet stuff. Looks like I'm still good.

I tried to log in and hit up the account management tab in Battle.net, but apparently it's down for maintenance right now. So... I just have to wait here with my feelings of paranoia until I can go in and change my secret questions/password for the third time. Shit is annoying, man.

I just got this today:

Seems legit. I kind of want to accept it due to curiosity.

This has actually happened to me multiple times in the past and yes, it sucks. But to Blizzard's credit, they are usually pretty quick on getting the account back under your control. Just hope that the hackers don't steal all the gold off your WoW character with over 1000 hours played and leave it in the middle of nowhere with no gold and your equipment broken with no way of fixing it or recovering...fuck.

Just changed everything. Ahhhh. Feels good. Now I can rest easy. Hopefully.

@MB: I had my Gmail account hacked a few years back and they used that to hack my Battlenet account. I have no idea if that loophole still works or not but I would say change your passwords for your email just in case.

Hah that reminds me of when my runescape got hacked when I was 12, I cried like a little bitch for 2 days, at least I learned how to deal with that kind of stuff I guess