Account hacked using Blizzard's Password Reset Utility

My account was hacked yesterday morning. Although I was able to regain control of the account before the gold seller who did it could sell off all my characters' gear or gain access to the bank, the guild bank and the auction house, he managed to make off with nearly all of the gold that my toons had on hand.

I was tipped off by a series of emails confirming requests for a lost password. Blizzard obligingly gave the hacker a new password to my account and even changed the email address on the account to that of the hacker. I have no idea what other account information was given to the hacker by Blizzard.

Blizzard insists, despite email evidence to the contrary, that this is my problem: I must have a virus, or a key logger, or perhaps some add-on was logging my password and sending it somewhere -- never mind that an add-on could not possibly have access to your password as it is entered before the add-ons are loaded. A thorough scan of my system shows no viruses, no key loggers, and even no problems with add-ons.

Blizzard is unwilling to face the real problem -- they claim that their database has never been compromised, but the fact is no one has to compromise the database at Blizzard when customer service there is perfectly willing to give a new password to any account to anyone who asks for it.

Be that as it may, account security at Blizzard is probably not nearly as good as they think it is.

I am convinced that gold sellers are the primary force behind this. They may even be bribing someone at Blizzard customer service. I think anyone who considers buying gold from these guys should know that the gold may well be stolen from other players -- and that the gold you buy could just as easily be stolen back and resold to someone else.

Yes, in case anyone asks, I have a Blizzard authenticator on order.

--
Waddling Eagle
World Famous Flight Instructor

.

Quantcast