I forgot about that! Has OP checked that?
1 Like
Inyour account settings is the option to require Authenticator for every login? This will require the use of your authenticator every time you log in and remove the option to use an SMS security code in its place. If it’s ON
Better advice than what I got from my ticket.
ATTENTION: The account owner is responsible for the security of this account. If the account is compromised again in the future, we will not restore in-game property. To avoid this, we ask that you attach a Battle.net Authenticator [https://support.blizzard.com/article/000010363].
Yes, that was part of the answer from my ticket “Please add an auth”.
And just in case you all need reminding.
The dudes who run the ticket are telling me to add an auth to an account that already has an auth on it and has had one now for almost 5 years.
- I don’t use my email for anything other than reminders on bills that have arrived.
- The last Blizzard emails I have received before this debacle are all the usual “Summer Sale is ending” and “One Punch Man Overwatch 2 skin!!!”, junk.
I highly doubt they could have taken my info from my email, off the top of my head I couldn’t even tell you the last time I sent an email from that account, I had to go to my sent items to find out, it was sometime last year.
And yes I did go check my forwarding, last time I set it up myself to an alternate email address of my own choosing, that email is still there, but the rule is disabled.
They do, the blue dude here confirmed my account was logged in from 2 locations inside Australia not of my own, and nowhere near me, and 2 locations outside Australia. That’s how they caught all the cheaters during the SL Mage Tower debacle, they could see someone logged into your account from outside your normal location, obtained the MT achievement, and then your account was logged back in at your usual location, I know this also because I know people who done just that.
Different story if you logged in say in Sydney, then a day later logged in in Singapore multiple times over the next week and then a day later back in Sydney, but they seen people logging in Sydney and hours later back and forth through different countries AND the MT having been done.
In my case that happened, the multiple country thing on the same day, but all I had was my gold taken, and the first time this has happened (that I know off) where my account has been logged here, this time I know because something happened on my account that I did not do myself.
I did just now check, only showing 2 logins from today, nothing shown from prior.
I also checked yesterday on my account security, my email and phone number were still the same, so that was never changed. Plus if you need to change those details you have to either use the auth or get an SMS sent with a code to change it, no one in their right mind would click an auth they didn’t request and an SMS code is pointless, if I got some random SMS code what would I even do with it?
Yes this is on. So the question still remains, how did someone get into my account and just bypass the auth? The answer from my ticket gives nothing, they just said “We have restored your account, now go an add auth and we may have turned off your RealID”.
May have? Excuse me? Can they not even tell me if they did or did not change something on my account?
All I know is for certain they changed my password (or I assume they did, and didn’t tell me) because today when I turned on my PC it asked me to log back in and my password I set yesterday was not working. I did have an email notice about an hour after my ticket was closed telling me my password was reset, I can only hope it was the GM who changed my password and didn’t tell me, because it would be super concerning to login, find a ticket response and then have someone other than a GM try to change my password shortly after.
But I think now it’s time to get a new email for this game and redo my auth.
It would have been nice to know how they bypassed the auth, but apparently you can’t, so if Blizzard did in fact let someone in I doubt they will tell me.
2 Likes
Nobody here is going to be able to answer that for you beyond what has already been speculated. Needless to say, your authenticator, account login and your password have all been compromised and it unfortunately sounds like it was the result of some sort of possible account sharing.
Since you insist your security is not the culprit here, it means that at some point you shared enough information with someone that they were able to get logged in. Their account may not have been as secure as you say yours is.
They also could have further shared the info.
The fact that only your gold was taken is also very odd. Typically speaking, hackers will run a script and literally sell off everything you have to get every last piece of copper from your account. The fact that they didn’t do this, means it wasn’t a normal compromise either.
Hackers don’t care about anything but gold. They swap out your account info and cause as much destruction along the way to provide them with as much time as possible to use your account for other illicit things like selling gold in trade chat.
Without question it is.
The only thing Blizzard would have been able to do would be to remove the authenticator. That’s the only way they could have provided anyone access as they don’t have access to produce the codes from your authenticator to someone trying to access the account, nor would they ever be allowed to even if they could.
It’s good to hear that you’re updating your account info and putting on a new authenticator.
Best of luck Akapally.
7 Likes
There is no point in trying to explain this to you any further, you seem to be set on telling me it was something I have done that has compromised security. But the fact they bypassed the auth, which was confirmed by the blue dude in this post as being active since 2018, should by all means be enough proof that they bypassed the security.
But since you keep ignoring that fact I don’t know what else to say.
I’ve been following this with great interest. The fact that you have an authenticator on your account, and this still happened, is concerning. It reminds me of something that there had been rumors about happening, years ago. So, I am keeping an eye on this to see out it unfolds.
Did you manage to get back in to your account?
That was my first reply to your thread. I’m not ignoring anything. The ONLY way they bypassed that authenticator is either by some extremely malicious software on your phone or computer, or through account sharing. That’s it.
Thankfully, you’ve taken steps to prevent further access in the future.
11 Likes
Gonna be frank on this overall; there isn’t much point in trying to pick fights with others on the forums. No amount of ‘X shouldn’t have happen’ or Blizzard gave the account info away won’t change the fact that there’s a deep rooted route in this event and someone has real deep info about you and should be looked into on the user end to find the crack in the system.
1 Like
As I have said before, even if I did give out all my details, even if they did get my login info, even if they had access to my emails, logging into a new PC or location would ping the auth and the fact that my auth has been active for some 5 years now and I didn’t get a ping on it, that should tell you they bypassed it.
And unless I jail break my phone and install software that is not from the app store, that’s just not possible to get access to my phone unless there is a security leak on one of those apps.
But what are the chances an app store app is going to have a security leak that will leak my personal details to so rando who just so happens to hack my bnet? Not even the lottery would have those odds.
Yeh I got all my gold back. The GM answer was garbage though, some copy paste response telling me to install an auth, makes you wonder if they even bothered to look into the issue.
Even if they had all my personal details and Bnet password, which I doubt, based on the SMS trail from Blizzard the last time prior to this I changed my password was October 2020, even assuming there was a key logger installed since than and only now they decided to use my password from 2.5 years ago, whenever you attempt to login from a device that has never been logged in before, it pings your auth.
Even when you use Incognito and try to log in, it pings your auth, I just tried it.
Regardless if they have my birth certificate and licence number and all my personal info, bypassing the auth should just not have happened, that’s supposed to be the entire point of using it and when I test it myself, both before and after I reinstalled and reattached a new auth, it would ping the one on my own phone.
So even if they went as far as logging into my account and using my restore code from my Bnet account to install a new auth on a different phone that is not mine, when you even just attempt to log in the first thing it does is pop up with the Check your Authenticator for request XXXX. and a link down the bottom that says Use Authenticator Security Code, there is a way to login using the code, but there is no way to attempt to log in without the auth ping happening first.
They couldn’t even log in to the website without the auth, so they couldn’t get in and remove my auth, I would have received an SMS telling me a security feature has been removed.
Regardless of what you all think or want to tell me, bypassing the auth is the most concerning part of all this and shows it’s not as secure as Blizzard make it out to be.
1 Like
Yet if that’s the case - where are all the other players complaining of the same thing happening?
Even a blue reply stated this is the first time they’ve heard of this happening.
So how about we let Blizzard investigate further before any more speculation.
11 Likes
And the blue also noted my auth has been active since 2018.
Based on the response I got from a GM, I doubt any further investigations are going to take place. It’s also worth noting that if you scroll up, post number 22 here, someone else made note of a post they read the other week where someone was hacked. That example was of a GM removing the auth access entirely.
But I read a post the other month where the person said a GM had given access somehow, and the only reason they knew this was because a second GM disclosed that information to them. It might not happen all the time, but it can happen.
It’s worth noting that all you need to do is a quick Google search and you will find many other examples of people being hacked even with an authenticator active, with the common denominator being that a Blizzard employee allowed someone else to gain access.
The post you’re referring to was vaguely talking about a post that thought they’ve read, as denoted by them saying they’d try to find it and didn’t returned. Probably isn’t best to base ideas on something that haven’t been linked to or provided in any shape or form besides hearsay.
5 Likes
Yes I have heard of authenticators being removed completely by GM’s, and each time this happened after enough ID was produced by the 3rd party posing as the account holder.
Often happened due to a man-in-the-middle compromise, but rarer these days now due to the SMS alert system put in place.
7 Likes
No, that is not even possible. I realize people speculate who don’t understand how it works. The Auth has to be REMOVED for that to happen. If they can trick the Blizzard staff into removing it with fake ID, then a person can get in. They can’t actually let someone log in with the Auth on it. That is impossible. There is no button to over ride it and let someone in. Not even if you lost your auth and needed in and could prove you were the account holder. They have to remove it first.
What Orlyia was basically saying, I THINK, is that it appears that someone logged in from another country to your account using your login credentials AND either there was no Auth requested (failure of the Auth system to request it) OR that other person had a clone of your Auth and was able to get a valid code.
This is highly unusual. Hopefully a Blue can look more into it today.
10 Likes
First paragraph, same exact issue I had, they hacked my account, bypassed security and stole my gold.
And that’s part of the issue here, I didn’t get anything, no auth ping, no SMS, nothing to tell me something had happened. At least when researching this issue you find other companies have better security in place where if they detect any unusual account activity they will suspend your account and stop ANYONE from having access until it can be recovered.
Well go check that link I just found and go tell the community council member they are also wrong.
Even if they did, when I tried to log back into my own account after a password reset, multiple times, and when I just for lols tried to login using incognito it pinged my auth. Even if you have 2 or more phones with an auth, it still should ping them, every time I tried it pinged me, every, single, time.
If someone else did have my password and a duplicated auth, it would still have pinged me also, there is a way to log in with just the code, but there is no way to log in without ever being pinged.
I see the thread…excellent research on your part. I had missed that when it was first posted.
So then the theory that the app can be somehow bypassed from outside has a second supporter. I am not saying you are wrong that someone got in. That is the same exact scenario as yours and in that case the Blue also stated that the Auth was not removed, yet the gold was taken.
I can say nobody at Blizzard “allowed” someone in. I do not dispute that someone took your gold or that the app was still on the account as verified by Orly.
Maybe with a second data point that will help them figure it out.
Glad you put a new Auth on the account, changed the email, and changed the password.
I still use my keychain and will until it dies.
4 Likes
It’s unfortunate that more people are getting their accounts hacked despite having the authenticator app.
Something to check though that I’ve noticed is that when I looked at my Bnet security on the account information page, the option to require a code to log in every time was not selected. I enabled this. I also reset my authenticator by removing it from my account and resetting the link through the app itself through in app menu.
While I’m unsure if this will help in any way shape or form, they are steps I took to try to make it harder for the same person to hack me again.
I’d also like to mention that you should see where the unverified login was from. When I made the post you linked I was able to see through recent log ins that the hacker was in Kyiv, Ukraine. Be sure to write the date and location of the unverified login in your report. While I’m sure it might not mean anything, any information you can provide to the CS rep is helpful.
9 Likes
Not long ago a well know youtuber had his channel hijacked. how? someone opened
an attachment and it sent the hacker a copy of their auth files for youtube. enough for youtube to not see a problem.
1 Like
Over the years, the best security professionals I’ve encountered would add the caviar “asfar as I know” if asked if their system was secujred.
As soon as something is foolproof, a better roll shows up.
SFAIK the last successful attack involving an authenticator took place several years ago. Aa “man-in-middle” attack where malware replicating the Blizzard authenticator authorization screen was presented. Info collected there was sent to an attacker who used it to remove the old authenticator and. Add a new one.
6 Likes
This sounds like what I remember reading about a while back, too.