Authenticator Didn't Prevent Unauthorized Access

Hello,

I do apologize, as this will be a rather lengthy post.

On Tuesday, the area where I live was hit with a storm which resulted in me losing power until Friday morning at 10:30-ish AM. After the stress of trying to setup my generator, and basically finding a place for my dog to stay while I was at work (since WFH wasn’t an option) I was pretty stoked to get back to grinding professions and renown levels with my guild.

Finally get home on Friday at like 3:30 and hopped on. Did a Heroic and then started helping my GM with his alchemy tree. While helping him, I figured I would also work on my alchemy and noticed something strange. My warlock had less than 30k gold…which is odd, because as my longest running toon, I usually just consider it my main and most of my gold is on that character. I chalked it up to maybe not remembering that I sent one of my other profession alts gold or something.

I hop on my actual main, my Hunter, and realize he also has sub 20k gold. Mention in Discord with my GM that I think my UI is bugged, or it’s an elvUI bug or something because it says I only have 90k (something much less than 5-6+ million) gold across all of my characters.

I actually laughed, because I 100% know my mage has exactly 4.8m gold because he’s the bank for my guild’s Fantasy Football League, which is a 12-team league with a 400k gold buy-in. I even keep the mail receipts for when people sent me the gold so that I had a record and that Blizzard wouldn’t think anything suspicious was going on by 11 other people mailing me so much gold in a 2-3 day period.

So, as I am a little freaked out, I log off and log into my Mage and then realize he only has 4,900 gold on him. I immediately start with a very long ‘uhhhhhhhhhhhhh’ in discord and tell me GM I think something happened to my account gold. His immediate response is ‘oh ****, the gbank’.

I am the crafter for my guild and 3 of my characters have access to the Gbank and have a 1 mil/day withdrawal limit since we provide all consumables, and crafting resources for everyones gear/consumes/etc. He immediately checks and sees our gbank went from 8.3m to 2.3m gold.

I now start freaking out, and immediately open up a ticket in-game and go to my Battle.net account and see if something happened.

When I went to the ‘recent login activity’ portion of the account information, I realized what happened. While I had no power, no internet, and at my work because it had air conditioning…my account was accessed from Ukraine.

I immediately clicked on Log Out From All Devices and changed my account password.

I tried to explain the situation to a GM through the in-game support system, but after 4 automated responses riddled with broken English and spelling mistakes saying they can’t help, I got a real answer (I think from someone named Lythricks) saying they had a chance to look over my tickets and the previous responses from the other GMs and stated ‘nothing was missed’.

I then replied again and was threated with account termination if I continued to request support for the 10-14 million gold that was stolen from my account.

What I don’t understand is how the Blizzard Authenticator allows someone to access my account from a completely different hemisphere, not getting any approval from my phone, and then proceed to drain my entire account of gold, including my guild.

This isn’t me getting caught in a phishing scheme, or entering my account information somewhere. This is the Blizzard tool that we are required to use to protect our accounts not working properly.

If it’s Blizzard’s policy to not return stolen game currency, that is one thing…but I want to know what assurances can be given that it won’t happen again?

I have to try and recover $1,400 USD worth of WoW Tokens now, but it seems awfully futile if someone can just do this again.

I do hope whomever reads this can respond with any details as to how Blizzard considers this my fault, and while I do know that this can be considered a violation of the warning I received in-game, I really do hope my account won’t be terminated after 18+ years.

Regards,

Krunk

2 Likes