Steam-Link Hack Compromised My Account Even With 2FA

Blizzard Arcade Collection General Discussion
1

Hello,
I have been a paying Overwatch player since the original release, for about nine to ten years.
I am not a professional player, but I enjoy collecting skins and supporting the game through purchases.

Recently, my account was permanently closed due to gameplay and payment activity that I did not perform.
An unknown Steam account was linked to my Battle.net account, and what is even more concerning is that this happened even though my Authenticator (two-factor authentication) was fully enabled.

Summary of the Incident
• Two-Factor Authenticator was active.
• Gameplay and payment records appeared at times when I was not logged in.
• An unknown Steam account was linked to my Battle.net.
• I have never played Overwatch through Steam or linked my Steam account.
• No Authenticator alerts or login notifications were received.
• I submitted three tickets to Blizzard Support: one received a macro reply, and the other two remain unanswered.

Detailed Timeline
• October 19 – Last time I personally played. Logged in via the Battle.net launcher on my own PC (auto-login) and purchased the Battle Pass.
• October 26–29 – Someone accessed my account, spent my Mythic Coins and Credits, and played multiple Competitive matches.
• Early November – I received an email saying my account was permanently closed.
• After that, I filed three appeals and a hijacking report, attaching proof such as Steam in-game purchase history, Steam launcher logs showing Competitive point activity, and my PC’s IP address.
• To this day, I have received only one automated reply and no detailed review.

Verified Facts
• The Steam account that was linked is not mine (it has been unlinked).
• In June, while traveling abroad, my account was temporarily suspended for an unusual login from a Hong Kong IP. I changed my password and enabled 2FA afterward.
• During this latest hack, no 2FA notification appeared, which suggests a possible bypass through Steam linking.
• Payment logs show that someone accessed the account via Steam, earned Competitive Points, and spent Mythic Coins and Credits while I was offline.
• I had 2FA enabled, yet my account was compromised through Steam linking and permanently banned.

I have never completed Competitive placements, but after the hack, my profile suddenly showed a Diamond rank and statistics for heroes I rarely play (Pharah, Widowmaker) with unusually high accuracy. I am normally a support main.

Requests to Blizzard

  1. Please review my account logs, including login IPs, devices, linked platforms, and payment records.
  2. Investigate and disclose the potential structural issue where Steam linking can bypass two-factor authentication.
  3. Assign a real support representative to review cases like this instead of sending automated replies.
  4. Provide a clear restoration and appeal process for players affected by this issue.

Advice to Other Players
• Check your Steam ↔ Battle.net connection status (Profile → Account Settings → Connections).
• If you see an unknown Steam account, unlink it immediately.
• There are already multiple reports of hacks that exploit the Steam link to skip 2FA.
• Regularly check your login locations, payment history, and security settings.
• If you notice any suspicious activity, save screenshots, Steam IDs, and timestamps immediately.
This is not an isolated case; many similar incidents can be found online. Please verify your accounts.

Personal Statement

I have never completed Competitive placements and had no rank.
After the hack, my account suddenly showed a Diamond rank record played through Steam, clearly by someone else.
I confirmed this by checking the Wallet → Ecosystem page, which displayed Steam-based Competitive point activity.

Because of this wrongful ban, I lost nearly ten years of progress, money, and memories from Overwatch 1 to Overwatch 2.
If a player with 2FA can still be compromised so easily, this is a system-level security flaw, not user negligence.

Furthermore, my other two Battle.net accounts, which have been inactive for over a month and do not even use 2FA, remain completely fine.
If 2FA is meant to enhance security, how is this possible?

Blizzard should not dismiss this as user responsibility.
Please recognize and fix the security vulnerability involving Steam linking and the Authenticator loophole that allowed this to happen.

Please excuse any grammatical errors, as English is not my first language. I only hope that my situation can be understood and reviewed fairly.

1 Like
2

I got permanently banned by Blizzard for the same reason, and even after submitting an appeal with detailed evidence, timelines, and the suspicious activity, they just sent me a generic copy-paste response and ignored me.

They say phone or live chat support isn’t available, but if they only send automated replies, how are we supposed to resolve anything?

If similar cases happened multiple times around the same period, it’s clear that Blizzard’s own security is weak, which is probably why these incidents occurred.

Blizzard, if anyone from your team is reading this, please at least pretend to investigate or show some effort to improve the situation instead of just punishing hacked users and ignoring their cases.

2 Likes
3

I have never used Steam even once. However, my account, which is linked to Steam, has been permanently suspended on the grounds of using a hack that I have never used in the past 10 years.

I contacted Blizzard Korea regarding this issue, but I only received a macro-style response saying they could not help. I have since submitted an additional appeal.

Currently, South Korea is suffering from serious personal information leaks, which I believe stem from issues within the government. However, it seems that the Korean government is unaware of the seriousness and importance of these incidents.

I sincerely hope that the U.S. side will also take this matter seriously and help restore the accounts that have been unfairly suspended.

Even when Overwatch lost its popularity for a time, many Korean players continued to love Blizzard and never stopped playing Overwatch. Please, help us overcome this unfair situation.

Thank you.

1 Like
4

Hey, I’m really sorry this happened — that sounds frustrating and stressful.

This forum is for Blizzard Arcade Collection discussion, so Overwatch account issues don’t get proper visibility here. The best way to get real help is:

  • Submit or follow up on a Blizzard Support ticket here: https://us.support.blizzard.com/en/

  • Make sure to clearly select Overwatch → Account & Security when submitting, and attach all your logs/screenshots as you’ve done.

  • You can also post in the Overwatch forum for visibility: Overwatch Forums

It’s not your fault — 2FA can’t prevent every exploit if there’s a system-level issue. Reporting it through the official channels is the fastest way to get a review.

5

I posted on the US Overwatch forum like you said, and I’ve already submitted a ticket. thx

1 Like