So my account was hacked and email changed

#1 Posted by Fobwashed (1896 posts) -

I just got an email notifying me that I changed my contact Email address. So I tried to log in, password/username incorrect. Tried to submit a ticket. . . but you have to log in to do so which I no longer can do -_-;; Sooooooo. . . . I dunno. I guess I'll try calling tomorrow but I was sorta done with the game anyway, this is just the fork that's telling me it's done.

I'll try to recover my account because I want access to my blizzard games but really, I don't play em anymore. That being said, this is pretty bullshit. I guess I should just be thankful that I tend to use different passwords for all my online services so the jackasses can't get access to anything else. I hope I didn't have my credit card information in their system anywhere. Blizzard has been pretty cool up till now, but this kinda shit is just awful. Thought I'd just add my story to the online consciousness that people should prolly change their passwords when companies tell you "hey dude, our shit got hacked."

#2 Posted by Selftest (71 posts) -

There was a news story about this a few days ago.

#3 Posted by adam1808 (1372 posts) -

Blizzard should get themselves some kind of authenticator.

#4 Posted by Zomgfruitbunnies (745 posts) -

I suggest scrubbing your PC for keyloggers and whatnot. Always good to be sure.

#5 Posted by Fobwashed (1896 posts) -

@Selftest said:

There was a news story about this a few days ago.

Yea, but I figured I'd play the odds that they wouldn't get my shit. They got my shit. -_-;;

@adam1808 said:

Blizzard should get themselves some kind of authenticator.

Yea they have an authenticator but I don't wanna use it because it's a hassle. Up until now, I haven't had any issues nor do I have any hot items that I'm afraid hackers are gonna sell on my account since I don't play WoW. I guess I had some stuff on Diablo III but again, I don't tend to play to late game so none of it was worth anything. Dunno. . . I don't use a second layer of protection on any of my other online accounts so I felt it a bit much to do it for a game.

@Zomgfruitbunnies said:

I suggest scrubbing your PC for keyloggers and whatnot. Always good to be sure.

Yea, just in case I'll go ahead and run antimalaware and spybot.

Really, I shoulda just changed my password after they announced they were hacked, but I was lazy. I'm throwing this up in hopes that other lazy people like me go ahead and change their password so they don't have to deal with this crap.

#6 Posted by adam1808 (1372 posts) -

@Fobwashed: Sorry I knew that, I was just being glib. My sympathies anyway, I don't play Blizzard games but having to think twice before entering your information sucks at the best of times.

#7 Posted by Shirogane (3563 posts) -

@Fobwashed: It feels a bit much cause nothing else uses it at first, but Blizzard accounts are just so sought after that it's justified. I mean, considering the amount of spam i get which are just phishing scams for Blizzard games...

#8 Posted by ReyGitano (2467 posts) -

That sucks man. I played the odds and didn't change my stuff until yesterday, but then I changed my passwords for EVERYTHING.

It feels like everything has been hacked into in the past two months so I just decided to go for it.

#9 Posted by Alexander (1721 posts) -

I don't see why it's so hard for authentication a la Steam. So long as your email is locked down it's pretty hard to hijack a Steam account. Also 2-step authenticate your Gmail everyone, it's no hassle at all.

#10 Posted by Grillbar (1795 posts) -

not to rub salt in the wound but you should have bought an authenticator. you can log in somehow just really cant remember since its extremly complicated. blizzard saw some suspicious activity on my account to they change my password or something like that so i could not log in and i had to log in to do anything. and i had allready waited 2 weeks on my authenticator and it would not arrive for another 2 weeks.i did not call them i did something else. if i remember ill write you.

oh and sorry man that really sux

#11 Posted by Loafsmooch (300 posts) -

@Fobwashed: You should be able to get your account back.

E-mail them and explain the situation, they'll ask for some sort of ID verification. Either a picture of your ID (they should keep logs of your contact info even if it was changed), or a picture of your cd-key if you bought a retail box. Shouldn't be much harder than that, though it might take a few days.

#12 Posted by Fobwashed (1896 posts) -

@adam1808 said:

@Fobwashed: Sorry I knew that, I was just being glib. My sympathies anyway, I don't play Blizzard games but having to think twice before entering your information sucks at the best of times.

No prob, didn't take any offense =)

@Shirogane said:

@Fobwashed: It feels a bit much cause nothing else uses it at first, but Blizzard accounts are just so sought after that it's justified. I mean, considering the amount of spam i get which are just phishing scams for Blizzard games...

Games wise, yea, I've noticed more blizzard phishing scams more than any others. I blame WoW for this -_-;;

@ReyGitano said:

That sucks man. I played the odds and didn't change my stuff until yesterday, but then I changed my passwords for EVERYTHING.

It feels like everything has been hacked into in the past two months so I just decided to go for it.

Went ahead and swapped out my important pws (credit cards, bank accounts) but just left my other email/game related ones alone. All my passwords for the most part are different so if one gets hacked, there's no real connection to any other. At least I've got that going for me =P

@Loafsmooch said:

@Fobwashed: You should be able to get your account back.

E-mail them and explain the situation, they'll ask for some sort of ID verification. Either a picture of your ID (they should keep logs of your contact info even if it was changed), or a picture of your cd-key if you bought a retail box. Shouldn't be much harder than that, though it might take a few days.

I plan on calling their service center tomorrow when they're open and if that doesn't work, I'll try the email route. The websites are effed because at every turn, they want you to log in to retrieve or reset your password and I think the email address associated w/my account has been changed at this point. So I have neither the email or the password. You'd think if this were a pretty common problem, they'd have some kind of online set up to deal with accounts who've had their email altered in addition to pw.

#13 Posted by Fobwashed (1896 posts) -

Just an update. I've been calling support since this morning and their support queue is full so I can't even get on hold for the next representative *face palm*

I'll prolly keep trying sporadically throughout the day.

#14 Posted by Silvergun (297 posts) -

@Alexander said:

I don't see why it's so hard for authentication a la Steam. So long as your email is locked down it's pretty hard to hijack a Steam account. Also 2-step authenticate your Gmail everyone, it's no hassle at all.

I'm going to be honest, I didn't know (but probably should have) that Gmail had 2-step authentication. I'm totally setting this up when I get home, thanks!

#16 Posted by Alexander (1721 posts) -

@Silvergun said:

@Alexander said:

I don't see why it's so hard for authentication a la Steam. So long as your email is locked down it's pretty hard to hijack a Steam account. Also 2-step authenticate your Gmail everyone, it's no hassle at all.

I'm going to be honest, I didn't know (but probably should have) that Gmail had 2-step authentication. I'm totally setting this up when I get home, thanks!

I held off for a long time because I thought I'd be relying on my mobile always working, but you can even print out 1-time use codes to be used when signing in, say you're on holiday and don't have data or network coverage. What did it for me was reading about the horror story for Wired's Mat Honan. It's well worth a read but to summarise the hackers knew his Gmail because it was on his personal site, figured out his secondary email (or recovery email) because it showed *****@me.com and the number of characters matched his Gmail, they knew it was an Apple ID with it being @me.com, got into that email address by adding a credit card to his Amazon, getting the last 4 digits on his existing credit card, using that in conjunction with his home address they got by looking up his personal website to call Apple, pretending they were him (at the time that's all you needed to get access to an Apple account). They reset his Gmail, got access to that, wiped out his Mac, iPhone and iPad because he had that reset service enabled in iCloud. They then deleted his Google Account. They did all this just to get his Twitter.

All this wouldn't have happened if he had 2-step authentication. Of course he was targeted, and you or I are less likely to be targeted but better safe than sorry.

#17 Posted by Fobwashed (1896 posts) -

@SoothsayerGB: Thanks for the info. If I can't get someone on the phone today, I'll most likely try what you're suggesting. Also, it's not that I'm choosing not to stay in the queue, it's that the queue is full and they aren't taking any more people =( If it were a matter of waiting to get a hold of someone, I'd do it.

I really just don't want to jump through that extra hoop to play what little of the blizzard games I play. I could understand use of the authenticator if I were playing WoW and had a bunch of shit I really cared about but as it stands, I don't play anything anymore but I also don't want to not have access to my games which is why I'm going through this process. I haven't touched SC2 since a month or so after its release and I only rarely log into Diablo 3 to do a quest or two with a new character maybe once a week. Honestly, if I'm not giving out my PW, and it's complex enough that it'd be terribly hard to brute force it (it's a 16 character with varied upper/lower case and numbers), blizzard would have to be hacked for me to be in trouble. . . which they were =( Hell, if there were anything I'd want an autheticator for, it'd be Steam since that's where all the PC games I play exist and so far, I haven't had any issues with them. Balls! Balls I say!

Btw, been trying a call every say half hour since 7 and the queue is still full. I'm guessing a whole lotta people got hacked =\

#18 Posted by Demoskinos (14559 posts) -

@Fobwashed: Well that sucks duder. Unfortunately this is the world we live in now. Constantly having to monitor every account you own and changing passwords for things left and right. At least you were smart and had a separate password from other services.

#19 Posted by Silvergun (297 posts) -

@Alexander said:

@Silvergun said:

@Alexander said:

I don't see why it's so hard for authentication a la Steam. So long as your email is locked down it's pretty hard to hijack a Steam account. Also 2-step authenticate your Gmail everyone, it's no hassle at all.

I'm going to be honest, I didn't know (but probably should have) that Gmail had 2-step authentication. I'm totally setting this up when I get home, thanks!

I held off for a long time because I thought I'd be relying on my mobile always working, but you can even print out 1-time use codes to be used when signing in, say you're on holiday and don't have data or network coverage. What did it for me was reading about the horror story for Wired's Mat Honan. It's well worth a read but to summarise the hackers knew his Gmail because it was on his personal site, figured out his secondary email (or recovery email) because it showed *****@me.com and the number of characters matched his Gmail, they knew it was an Apple ID with it being @me.com, got into that email address by adding a credit card to his Amazon, getting the last 4 digits on his existing credit card, using that in conjunction with his home address they got by looking up his personal website to call Apple, pretending they were him (at the time that's all you needed to get access to an Apple account). They reset his Gmail, got access to that, wiped out his Mac, iPhone and iPad because he had that reset service enabled in iCloud. They then deleted his Google Account. They did all this just to get his Twitter.

All this wouldn't have happened if he had 2-step authentication. Of course he was targeted, and you or I are less likely to be targeted but better safe than sorry.

Yeah, I'd heard that story, and I have a friend who got his Gmail hacked and it was a miserable experience for him. Also, I know with my WoW account, I had an authenticator and never had an issue. Then, when I got a new phone, I had it removed but didn't get a new one put on until the next day. In that less than 24 hour span of not having one on, I got hacked. After getting things restored, I put a new one on and haven't had an issue since. This has made me a big fan of authenticators.

#20 Posted by Subjugation (4718 posts) -

Meanwhile my authenticator lets me sleep soundly at night. Unfortunately I don't care all that much about Blizzard games. However, it was a good investment for back when I did. It was only a few dollars if I remember correctly. Just press a button, generate a six digit code, type it in and voila. Takes no more than 10 seconds and you don't have to worry about nonsense like this.

#21 Posted by Fobwashed (1896 posts) -

Okay. So I got my account back as I got through to the support phone lines. The wait was around 20 min and then it took maybe 10 min to clear things up.

I logged back into Diablo 3 expecting all my characters to have been deleted but something else happened during the half day I didn't have control of my account. I think someone was actually playing the game. My friends list is barren except for 2 new people that I may try to contact later on. In addition to that, while all my low level characters were pretty much untouched, my lvl 60 barbarian is wearing a completely different set of gear than he had on him when I last played him. I THINK it's better than what I had considering the gear I had before was pretty much Hell difficulty stuff while I was in Inferno.

Also, I had around 100k gold last I logged in and now I have well over 2 million. My friend told me that 2 mil is not much, but it's a hell of a lot more than what I had before. So I guess, aside from being locked out of my account and having to deal with the shit of getting it back, my Diablo 3 account came out ahead somehow. Freaking weird.

#22 Posted by stinky (1543 posts) -

they're free.

@Grillbar said:

not to rub salt in the wound but you should have bought an authenticator.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.