Battlenet Account Theft and Prevention

I wanted to remind everyone that your Battlenet Account is valuable to criminals. Why?

  • Taking all your items and selling them for real money via shady third party sites.
  • Using your account to bot to farm items to sell for real money.
  • Using your account to spam adverts to sell items or services.

Botting, using third party services, and spamming adverts for those websites is all against the Blizzard EULA and will get the account banned :exclamation: :hammer: - even if YOU did not do it.

While Blizzard does have some support for Account restorations of hacked accounts in WoW, they have never offered that for D2. So if you get hacked and someone sells all your hard earned gear, runes, etc - you are (probably) out of luck. You are also possibly banned and will have to hope an appeal proves compromise and you can get it overturned. Appealing a Silence, Suspension, or Ban - Blizzard Support

There are many ways to get your username/password from you if you are not careful with it. Those include:

  • Sharing your account. Do NOT give out your account password to anyone. Blizz does not allow account sharing except in the case of one minor child using an account registered to a parent or legal guardian.
  • Phishing scams via websites, email, in-game messages. Don’t. Click. Links. Blizzard will NEVER threaten to suspend or ban you then have you “verify” your account. NEVER. They ban first and you appeal later.
  • Malware on your machine. Websites can be vectors as can malicious advertisements. Installing “apps” and things can too.
  • Using the same email/password on other games/websites. The more you use it the higher the risk ONE of those sites gets compromised and the hackers just try your combo on all the popular games. Do not ever use the same password on multiple sites.
  • Giving your Account or financial information to third party sites to buy items or services for games. DON’T DO THAT!

Many here may be used to playing via the old Bnet system for Diablo 2 (2000). Modern Bnet does not work the same way. Modern Battlenet Accounts actually have a lot more security options for you. There are also things you can do to keep your account safe.

  • As required by Blizzard, use your real name and address for account registry and keep it updated. Regaining access to an account or using various account services, requires proof you are the registered account holder. Normally via Govt ID.
  • Use an email that is ONLY for Bnet. Select a service that has secondary authentication that you can set up. Gmail is one example. If someone strange tries to log in it sends a code to your phone and locks the account.
  • Keep your computer locked if you are not using it and have housemates/kids/guests.
  • Battlenet Mobile Authenticator App - this is FREE Battle.net Authenticator - Blizzard Support (does require you to link it to your phone though which only accepts certain types of numbers. It won’t take VOIP or pre-paid).
  • Phone Notifications - set up usually with the Authenticator . Can be used to unlock an account, remove an Auth, verify account holders, etc. Battle.net Phone Notifications - Blizzard Support
  • Bnet internal login tracking pays attention to where you log in from and if there are changes it can lock your account to protect it from a possible compromise. You will then have to change the password from your new location. Having an Authenticator on the account greatly reduces the lockouts. Instead you just have to enter the code, not change a password.
  • Bnet accounts will also lock if you enter the wrong password too many times. Sensitivity on how many times it takes to trigger that varies. Trying it a few times from your normal login location is not the same as getting it wrong when you are magically 1000 miles away. That is sus.
  • DON’T CHEAT/bot/hack! Blizzard's In-Game Code of Conduct - Blizzard Support More details are in the EULA. What could be done with D2(2000) is largely against the Bnet terms for the online version of the game.

Bnet Security Article Securing a Battle.net Account - Blizzard Support

What to do if you are compromised Account Hacked - Blizzard Support

Providing Govt ID Providing Government-Issued Identification - Blizzard Support

EULA Blizzard End User License Agreement - Legal – Blizzard Entertainment

18 Likes

I would like to add to the idea that you are basically out of luck if you get hacked and you recover your account.

Blizzard will not perform rollbacks for lost items because they have no way of proving the person that stole your stuff isn’t a friend trying to help you make a quick buck.

You are ultimately responsible for your password strength and the actions you take to ensure you don’t get hacked.

2 Likes

Great informative post, MissC.

Absolutely… If you haven’t already, add the mobile authenticator! It’s a great stopgap to prevent unauthorized access to your account.

3 Likes

I have that in there :slight_smile:

BUT you are right to repeat the message. People need to realize that there are bad guys targeting them and they have to be careful. Blizz can’t fix it for you.

We saw SO MUCH of this when D3 released with the AH and RMAH. The criminal groups had been phishing for over 6 months pre-release with fake beta emails, malware on websites, etc. They had a whole bunch of stolen account info that they massively utilized after game release.

A lot of D2 gamers who came to D3 were not ready for it, did not have Authenticators, etc. It was a mess :frowning: I don’t want to see it happen again.

4 Likes

Ah, so it is indeed. Don’t mind me, I just woke up and also have a blaringly bad headache, lol.

It’s all in your mind… There is no headache. These aren’t the droids you’re looking for.

:slight_smile:

2 Likes

my whole world has been a lie…

1 Like

thanks for the reminder.
BTW, I really hope Blizzard will deal efficiently with botters. It was the real big problem of D2.

I am going to be 100% honest. They can’t totally stop it. Nobody can yet.

They do have anti cheat software that we agree to allow to run, as well as server side detection. But, those have to learn to detect the individual bot or behavior. So work more like an antivirus program. They also can’t scan our whole PC for privacy reasons. Just the specific game processes or look for specific already verified bot software.

Bot makers work really hard to mimic realistic enough playing to evade the detection. Or through other methods to hide it.

Blizz uses several aproaches to combat it:

  • Designing games/features to make things harder to bot for rewards. No reward means less bot incentive.
  • Anticheat software
  • Ban waves. Often they spend time detecting and analyzing before they issue a mass ban and break the bot.
  • Legal actions against bot makers. Blizz has won Millions in judgements and shut some down.
3 Likes

I also meant to say earlier, that I agree with this. D3 has rollbacks (3 for the life of the account), WoW has restorations if it is caught in time and the logs are still there.

I don’t expect D2R to have any support at all for in-game issues or loss of items/chars/ etc.

I would be VERY surprised if they did. That is a big reason why I posted this.

1 Like

I think i have a suggestion for that.:smiley:

I am not sure I want to know that that is…

Some of the features in D3 for example are set up to discourage bots from being programmed to do specific runs - which is why you can’t farm bosses and so much is randomized. It lowers the return on investment for botting. All they get is paragon from “easy” things or maybe GR keys? No real money to be made either anymore. They they sued the heck out of one of the main bot makers. There are always more though.

I worry about D2R. I will be honest. The real money to be made highly incentivizes the bad guys.

As do most of us.
But i do not really see the problem with detecting bots as they are running in D2.
Just today i heard of a person running 16 (!) instances for himself. How can such a thing be undetected? Maybe the smart people use vpns, but surely not the broad crowd of botters.

Just filter the potential botters by pattern matching. If you are unsure, observe their games manually.
I am sure people would even volunteer for such a thing.
Of course you need to combine multiple such functions to make safe against too many false positives. But reducing the number of bots noticably should be the easiest trick in the book.

It is allowed. BUT they can’t use any means to artificially coordinate or run them - at least in WoW. But those rules tend to get applied to all Blizz games so we shall see. Policy Update for Input Broadcasting - May 2021 - Wrath of the Lich King Classic Discussion - World of Warcraft Forums

There are millions of people who play Blizz games and the number of bots is insane across them. They filter out SO MANY each day but it can be hard to get them all. They don’t have time for manual observation usually. Exceptions have been made. Watching a cheating streamer go down can be sort of fun.

So, what we see is that gets through, not that they are not doing anything. I also expect that as time goes on they will refine the detection techniques. If they screw up D2R then it will reflect really bad only on Blizz, and D4.

That said, the existence of bots is like trying to remove all flies from earth. It is a bit hard.

I am not saying it is not allowed. I am saying how is that not a big indication to check these accounts for botting?

Community moderators? Report flags? (all combined with other indications ofc)

Agreed. Speaking of which, what happened to the hacker who streamed on twitch yesterday?

See edit :slight_smile: They have been banning people for it left and right in WoW. This is a recent change. I linked it above too.

1 Like

Community moderators? Report flags? (all combined with other indications ofc)

Agreed. Speaking of which, what happened to the hacker who streamed on twitch yesterday?

I would not know. Blizzard does not tend to announce any account actions publicly unless required by law on that country/region. They also don’t tend to brag in private chat about it either.

I know about things after the fact usually when it becomes public.

The Community Managers handle many things engagement related on the internet - esp influencers. I can’t talk more about that I don’t think. They do NOT ban people though. That is handled by the “hacks” team after investigation.

Not Managers. Moderators. Like those referree guys in league of legends.
Yes, it can become a scape-goating thing, but if it is vouched and taking other factors in consideration it might help weed the problem out.

Could have been that you poked about it. :zipper_mouth_face:

No, it was not. I don’t tend to watch a lot of gaming streams and did not know the people in question.

I mostly watch cooking streams and cat related stuff.