Hi there,
There was a suspicious log in on my account from an IP that I don’t play from. That person traded about 800k gold off my account. I reached out to customer support and they are not helping me get any of my gold back. Is there anything else I can do or try?
Did you file a ticket to have it investigated and explain the situation?
Yes, I spoke to two separate GM’s and neither helped me and said it was a legitimate trade.
Odd. Do you have an authenticator and perhaps mistakenly granted someone else access to your account? If so, that might explain GMs thinking it was legitimate, but other than speculating, there is nothing players can do.
The best I can do is tell you to wait for a moderator to enter the thread, and see if they would be willing to look into your account details. It’s not guaranteed but they’re willing to at least point people in the right direction.
I have always had 2FA, for some reason I never got a notice about the unusual log in and only noticed once I logged in and realized my gold was missing. I have re-enabled it, changed my password and remote signed out of all locations.
Remember they can see a lot, More then just the IP address. They also see the computer id that is logging in. So they can tell pretty well if your account was compromised or not.
Plus if they did compromise your account why did they only take the 800k or did they take every last gold. Sell all your stuff and leave your characters naked?
Did you report your account compromised?
Hm, considering the information GMs have access to, I just find it strange that two of them would tell you that there was no problem. If there was a sudden change in IP login location then they would easily notice that, and if I’m not mistaken, massive gold transfers and trades get flagged in the system.
Was your authenticator disabled when they logged in? And did they clean house or just take the gold?
Again, it’s only possible for players to speculate about what happened, and is best if you either mark your existing ticket as “I still have a problem” if that is still an option, or file a new ticket, and also you can wait for a moderator to jump in while you do that. Though, the mods might be home for the night already and wouldn’t be back until tomorrow morning.
The second GM I spoke with acknowledged the account was compromised, but wouldn’t restore any gold due to their new policies that changed. Only the gold was taken and all of my items were fine. The GM also stated the issue was resolved.
(post deleted by author)
"I understand that your account was recently compromised and you were looking for gold restorations.
I can understand where you are coming from on this, but there have been changes made to the account recovery process. We’ve restored all we can restore."
Nothing was restored and the ticket was closed.
I do see some claims on the internet of GMs stating that a policy change prohibits them from restoring gold for compromised accounts.
Oof, that’s a rock and hard place for sure.
I also saw one person on the site I refuse to name stating that one of the reasons they may have implemented this policy is because people would sometimes trade off their gold to a friend and then report their account hacked and ask for their gold back, effectively getting the other person free gold. Though, this doesn’t really make sense since I though the gold would be removed from the second account and simply returned to the first.
Either way, that’s a hard one.
Hmm, if they did admit to a compromise and nothing was actually done that’s disturbing.
Yes, it’s possible that they will not return gold that has been stolen due to a compromise. They have never guaranteed the return of gold or items when an account is compromised. It is our responsibility to keep our accounts secure and if they were able to get in while you had your authenticator active, then you might have a very nasty situation and unsecure computer or phone.
I’d be much more worried that they’re going to get back in if you have not yet taken the correct steps to secure your computer, authenticator and account.
I’d be using something like malwarebytes to start looking on your devices for any sort of key-loggers or man-in-the-middle attacks.
Additionally, I’d be securing your email with an authenticator and consider even starting a fresh e-mail (using something like Gmail for authenticator protection) and using it for nothing other than your battle.net account.
Security is our responsibility when it comes to our accounts.
Just to ask, because I don’t believe you’ve address it:
Did you took off your authenticator for some reason?
That may have been misspoken by me, I meant I rechecked everything for security reasons.
Yes but also no. Even the best systems fail and just having a company wash its hands of every issue with too bad so sad is not a good look to have.
While it’s nobody else’s business since this is your account situation, it seems like you’re intentionally avoiding the question about the authenticator. Whether or not you had that active during a compromise is a huge factor.
Now, that’s between you and blizzard, but what I’m saying is that if you didn’t have the 2FA active on your account, then a GM would definitely look at that and consider it a lapse in player responsibility.
The authenticator was active on the account before the compromise.
Did you find your breach of security? They did not hack Blizzard servers which means, if your authenticator was active) that when they attempted to log in from a very different location that you would have had to allow them access via the authenticator too.
In this case, solid yes. Blizzard would have to, legally, advise it’s customers of a compromise of their system (as they have done in the past). In this case, a single account was targeted. Otherwise, the forums would be literally flooded with thousands of posts about accounts being compromised.
In this case (no I’m not going to get into whether a major corp can be compromised as it’s not what we’re addressing here), the compromise would have had to have been on the players’ end, especially if the authenticator is and was in place.
If you had it active, then unless the hacker somehow bypassed your authenticator, you would have received a ping on your mobile app and would have had to allow the hacker to access the account by accepting the prompt. That would be a problem, as the mobile authenticator tells you where the login attempt is coming from.