Not just any YouTuber either… It was one that does tech for a living (like as a company, their YouTube channel is secondary), they are huge on internet security and have shown their firewalls and server set up.
1 Like
yup and he went on how if they made simple changes it could have helped. but alas the hackers have ways to get what they want.
requiring auth code on every login would be a good thing.
2 Likes
Interesting.
So a couple of things, after the full lock down and comp/phone/account(s) resets, reinstalls etc…
How did they get the account info? Given how rare this appears to be from the outside–2 possible examples in 6+ months–perhaps this is not a bulk situation where the bad actors reel in a random load and sift through for nuggets. That tends to be (more) noisy I’d guess, so maybe this is targetted or more bells would ring. If targetted, how did they know to target?
On the back end, if this is a very interesting case, how do they solve it? Maybe some high priority work going on before the methods gets further out in the wild, and the few bad actors multiplies into many.
Again, if this is very rare and unusual–we don’t have all the info obviously–I would not be surprised if the usual methods and results also do not apply. Try to be patient, and stay on it.
Finally, sometimes interesting is not great to experience.
TBF they also get a lot of emails about sponsorship deals and explained how exactly it all happened, not just by not opening the attachment, and how it could have been prevented. For most of us we would not even be using our email, let alone opening some lucrative looking attachment.
Yeh well now you have at least 2 more in the last 6 months where they bypassed the auth completely, and in both cases only stole gold and done nothing else? That’s the strangest part, they didn’t do what you would expect of them or what you have read in other examples.
Requiring an auth code period would be a good thing, you have myself and the community council member in recent times both having the auth just, bypassed. I could probably find more examples, and there are almost certainly many more who have not posted about it also.
I doubt we will ever know this, and in this situation as much as it matters, I don’t think it matters to this specific issue, they bypassed the auth, for more than one person who made a post. We all know there are people in game who don’t frequent these forums, or any forum, and many who would never admit they were hacked, just scroll up and see all the garbage I had with all the “You are wrong” and “It’s your fault responses”, people don’t want that.
No doubt it’s not just 2 people, how many only Blizzard would know, how many accounts get hacked where the person doesn’t even come back?
The question now is, what can be done? We can only do so much, remove and reinstall our auth on a regular basis, change our password regularly, maybe even make a new email every so often just for this game, short of changing our phone number there is not much more we can do.
But what Blizzard need to do is what Gmail and others do, if they detect any unusual sign in activity, even if it’s just you using a VPN or you going to another location to login, they need to lock down the account and force the account holder to recover their account.
It is still a concern, and even though I got my stuff back and have changed all my details I still worry it’s not enough on Blizzards part and it needs to be changed.
You noted it looked like my account was logged in twice to a different location in the same country, but my IP sometimes shows me as being somewhere I am not, but you also noted it looked like I was logged in to another country twice, even if a false report, that should have all triggered my account and just lock down no questions asked.
On top of this we should be given the option to have an SMS code on top of the auth to log in each and every time, not just on a new device, not just when we reinstall or change password, but every single time we attempt to login, be it to the forums or Bnet or the game there needs to be an option to have the auth EVERY SINGLE TIME, and on top of that, an SMS code just for double security.
They can bypass the auth, but unless they have your phone, can they duplicate your device and receive the same SMS as you on top of having the same auth access as you?
1 Like
If they cloned your phone they probably have access to everything you do with your phone including seeing what you are doing and hearing everything and seeing all communications. Short of doing a full factory reset on the device is only way to clear away unwanted software.
Impossible, I barely head out these days and always have my phone on me, haven’t visited a friend or relative since the start of covid and am almost never working in the office.
Plus what are the chances in the minimal amount of time I do head out that somehow someone got a hold of my phone and was able to clone it without me realising AND that person was to somehow be a hacker who wanted to hack my WoW account?
And even so, every time I tried to log in after resetting my password my phone was pinged on the auth app, you would think if my phone was cloned and it had an auth on 2 devices that both would ping at the same time, mine never pinged, and yes, it really didn’t ping, and no, I am not the only person this has happened to.
Plus I have checked my phone, no apps or anything unwanted currently installed.
Just the simple idea of phone cloning is such a bad excuse.
And no, my phone is not connected to my Windows even though it keeps asking me to.
Look, this has gone on for two days now. I’m not sure what you are getting out of completely rejecting every helpful suggestion people are giving to you. Quite frankly, this “I have done, am doing, and will never do anything wrong” is really the base of how something like this happens in the first place.
All things considered, you’re lucky the only thing that has happened is correctable damage to a game account. Next time, it could be your bank accounts or even worse, which can destroy your credit and cause problems for decades to come. Why would you keep rejecting things that can only make your info more secure?
In the end, however this compromise happened, there was something lax on your end. That’s a fact. It may not have been intentional, it doesn’t mean you deserved it, and it’s not a personal insult to you. But if you don’t take steps to be more secure, it will happen again.
8 Likes
Yes it has gone on for 2 days and only one other person in this thread, and one person in the CM threads has even believed what I have said, they bypassed by auth. Why is it so hard to believe that hackers can hack things and that they can bypass the auth? I’m not the only person this has happened to.
No one doubts what they did, especially since a Blue poster has told us what they did.
Yes, and the only way they can bypass the auth is by having your information somehow. Cloned your phone? Well, they had access to your phone. Man in the middle-style attack? There was software on your computer and/or phone to pull it off. Contacted Blizzard to remove the auth? They had a TON of your personal information to fool the GM who answered the request.
Somewhere, somehow, their ability to bypass the auth was (unknowingly) helped by lax security on your end. Until you take reasonable steps to prevent it, it will happen again. You’ve been given great advice for how to prevent it from happening again. That’s not “we don’t believe you”. That’s “we’re trying to help you prevent it from happening again”.
7 Likes
To put it bluntly: What we believe means absolutely nothing in the end.
This isn’t general, the CS forum users, like myself, want to help folk and want to get folks back to being on even ground. We’re not here to point fingers, trying to ignore things in favor of personal takes on things. Saying Blizzard let someone in, or the authenticator isn’t useful isn’t helpful in the least.
1 Like
I think the OP knows now that the hacker did not contact Blizzard and have Blizzard bypass anything. There is no “let someone in” button for CS. They would have to remove the Auth.
He also knows that the Auth is normally very very helpful and has detailed a lot of the useful functionality.
Reality is that this is VERY strange and it has happened to two people. Both only lost gold and both had the Auth on the account since 2018, and it was ON at the time of the gold removal. Both showed logins from other places and somehow someone in that place was able to get in.
Not sure what is going on… A VPN could make it look that way, but it does not seem that is what happened? If there is a sneaky way to trick the system into thinking that the hacker has a valid authentication session already open with the launcher - that would be scary and new. The way the system works it should detect a new IP, or even device, and throw an Auth challenge (or account lock for verification if no Auth).
This is something that the Hacks team would need to dig into and I doubt they are going to tell us much. I REALLY don’t blame the OP for wanting to know more, even though they did get their gold back, have followed instructions to remove the old Auth, put a new one on, reset pass, and change email.
13 Likes
best thing you can do is scan your system 10 ways from sunday. even doing so after a safe boot with no internet on. i bet you have some sort of malware.
2 Likes
No no, the blue posted said you CAN duplicate an authenticator, but to do that they either needed to clone my phone, and that has not happened. Unless some restaurant I have been to has had a device built into every table to duplicate peoples phones, it’s just not possible.
And if that happened, why only my WoW account? Why not take all my bank info and steal my actual money?
I just checked the forgot password page, it has 4 options.
- My Battle.net Account is locked - This sends an email code and then places you back to the login screen, it does NOT log you in, so even if they had my email access, got the code, typed it in and deleted the email, they will still have to log in with my password.
- Remove my authenticator - confirmed to not have been done.
- Forgot email address - This requires SMS protect, which would have sent an SMS code, assuming someone magically stole my phone and cloned it, can you even clone the sim card? Yes, but no, the last registered sim would be the one getting the notices, however my sim still works, still receives text messages and calls, so no, that never happened.
- Forgot password - This is basically a password reset option, it asks for your auth code and does a password reset. I was still logged in to Bnet and was still able to get back into the game when I got home, without typing in my password. When you do this option it kicks you out of everything you are signed into, the forums, Bnet, the game, everything, that never happened so my password was not changed.
Even if assuming I done a breach, every time I have tried to log in to a new device, or after a password reset and relogging into this one, even when I done some testing and tried to login to the forums using incognito, it ALWAYS pinged my phone first and then gave an option to use the code.
The ONLY place this game has a spot to place the code without a ping is the password reset page, everywhere else you attempt to login EVERY SINGLE TIME will ping your auth, that never happened.
Even if I deliberately gave out all my details, gave out my email, password, date of birth, answer to my security question, my auth restore code and let someone try to login, it would have pinged the auth on my phone, even if I didn’t answer the ping it would have had a notification that I was pinged, that didn’t happen.
And it should have happened, because confirmed my auth that I did have until yesterday was the same one since 2018, they did not gain access to my account and remove my auth, so there is obviously an issue on Blizzards end if someone was able to login with changing my password, removing my auth, or having an SMS message sent.
to clone your auth they just need the serial number and restore code
6 Likes
The Auth can be cloned by writing down the Restore code and Serial number. Then you go to your new phone or device, download the app and go to the Restore settings. Put in the restore code and serial number. Then you have YOUR Auth app on two devices. People do that a lot just for convenience, when they get a new phone, when their phone has a software reset, etc. That way you don’t get locked out if you have a new device.
You are right though, as far as I know, even if you have the Auth on two devices it should send the Code request to BOTH, not one. So if a bad guy had cloned your Auth and did something that triggered a code to be sent, you should have seen that request on your phone too.
8 Likes
Yeh well not believing that someone bypassed the auth isn’t helpful either and that at the end of the day is what happened. And again, I am not the only one this happened to.
For someone to access all my personal details and only take gold from an online game and not anything of actual value, yeh they obviously didn’t have access to my phone.
And to get that they would need access to my account, and to log in to my account guess what, they need the auth to begin with.
Yes.
And yes this is possible.
But no, because like I have made note of many times already, when I reset my password I got an SMS notice saying so, that didn’t happen AND I was able to stay logged into my Bnet the whole time, my password was not changed.
When I did change my password and tried to log back into Bnet and the forums, it pinged my auth. So even if they had an auth duplicated both of them should have been pinged at the same time.
And you can try it, go incognito and try to log in, it will ping your auth. So even if they took all my details, fact that my auth was active the whole time and was not pinged means something went wrong that was not my fault. And who in their right mind would press allow on anything when they did not request it to begin with? Even if they had a duplicated auth, why was I not pinged?
1 Like
How do you know this? There’s not some giant warning on your phone that it’s been cloned. They wouldn’t want you to know they did it, and again, saying things like “it’s just not possible” is not helping you solve it.
Is this definitely the way it happened? Maybe not. But it’s one of the few possible ways it can happen, so why are you not willing to take a modicum of steps to possibly correct it?
Do you really think someone broke into your account using the “Forget Password” page? But let’s pretend that’s how they did it. Why only you? Well, I’ll address that below…
This is already an odd situation, but quite frankly, you’re responses make it a whole lot weirder. You are actively dismissing any suggestions in favor of “this is Blizzard’s fault”. You asked the question yourself:
And I add one: why only your gold? That’s not a hacker’s normal MO. Maybe they felt their access was going to be very short, so they ransacked what they could and left. But the hacker’s actions are very strange. A lot of work to gain access to just your account, and just to remove gold?
To me, coupled with the facts given by Orylia and your complete dismissal of any safety suggestions, leads me to believe that there is more happening here that you aren’t telling us. I don’t like to make accusations, but this truly sounds like account sharing. I certainly hope I’m wrong about that.
But if you’re not going to listen to the suggestions given, there’s nowhere else we can go from here. Continue to work with Blizzard to get your gold restored, if they can. Good luck to you, and I certainly hope you take some of these suggestions to better secure the account.
6 Likes
there was a recent big tech youtube channel that was hijacked with out them even knowing the password. look up about linus tech tips on youtube. possibly how this happened. note not advertising his channel but might show how this can happen.
looks like this has already happened.
i’m sure there will be some investigation going on back-end here, in an attempt to find out what’s actually happened.
if there is any chance that peoples accounts are at risk of compromise with an active authenticator, blizz will want to get on top of it as quickly as possible.
11 Likes
Because I work at home, and the only times I go out are to eat, and the only times I have my phone out of my pocket is when I am browsing the internet waiting for my food, after that I might keep my phone on the table while I watch some sports, otherwise it stays in my pocket, I am very careful about this.
Or the minimal times I go to work in the office, which has been maybe a dozen times since Covid began, and I have never left my phone at my desk for any reason, it always comes with me.
Since the start of Covid I have been working at home, I have not visited ANYONE, not friends, not family, I have slept at my own house every single night since Covid began, no way possible someone could have accessed my phone without me knowing. I have had at times my mother-in-law visiting, she is in her 70’s, and my dad has visited twice who is almost 70. You want to now blame my MIL or my dad?
Short of someone breaking into my home while I have been asleep, no one has had access to my phone, and even if there was some cloning device built into a restaurants eftpos machine, do you really think they can clone a phone in 3 seconds?
I don’t know, why did the other person who got hacked in the same way only have their gold taken?
I’ve said this before also, if you asked me for my password, I could not even tell you. And it’s not just here, on every sight I need to log in to, Gmail, my gas and electricity provider, Telstra and whatever else I use, if I am not already logged in, I press forgot password every time.
I honestly used to use the settings in my browser where it saves all my passwords to check what my passwords are because I have so many I forget them. But this time when I went to check what my password was, the one that had been saved was not the right one, I didn’t even update my saved password when I last changed it. When you do a password reset, when you are logged in, it will ask for your old password, my old password that was saved was not the right one.
This time I went even further, I let Edge spout out some random password, I copied that into Bnet and the forums and that is it, no idea what my password currently is, it’s not saved into my browser and it’s not written down anywhere either on my computer, and not even written down on a piece of paper.
Which means now if I need to log in to my second PC if my son wants to play again (who is 13 and autistic, last time he played was prior to DF) then I need to reset my password AGAIN. No my kid doesn’t use my second PC, he doesn’t know how unless I turn it on and give him access.
Yes I know about that, but some of you are still missing one point that you are all either ignoring on purpose or just don’t understand. Assuming this happened, assuming they got my login details in the same way and were able to use that to access my account on a random browser somewhere outside of my home, assuming they were able to duplicate my auth, why was my own phone not pinged?
After I was hacked, and after it was confirmed my auth was the same one since 2018, when I done a password reset, yep you guessed it, it pinged my auth on my phone. Assuming a duplicate auth, this means they were able to get a ping only to the device they wanted, and not allow a ping to be sent to my own phone, how?