So I recently had my account hacked, 12/8, and just got it back this morning. Once I logged in I was able to see any tickets that had been opened while I didn’t have control of my account. And on nice little ticket, US88860353, was opened by said hacker requesting an email change and authenticator change. This person nicely attached an ID with it. TOO BAD IT WASN’T MY ID! GM Jayodyno replied thanking said hacker for this and proceeded to let the change happen.
The only thing u will be compensated with is the restoration of your toons. Id be more cocerned about the id tho.
3 Likes
I’m concerned that a GM accepted an ID of someone else.
3 Likes
Usually this means the hacker had way too much information to go on to create said ID, I would also be suspect of your email account security as well, make sure they did not put email forwarding.
This is just a friendly reminder though, GM’s are humans, not bots as the internet would proclaim and can make mistakes.
14 Likes
It may have also been an EU GM who was unfamiliar with North American IDs. EU and NA cover each other over each others’ night hours.
Edited to add: Please keep in mind, as well, that for security and privacy reasons, Blizzard does not keep a copy of your ID on file. At all. They don’t know what you look like and they don’t have access to any national database to compare it, because they are a videogame company.
If an ID looks legit, and the names match, a Game Master, no matter their country of origin, will not know it’s not yours.
9 Likes
A problem could be that they want you to cover the picture on the ID you submit, which seems very counterintuitive
Coming in here calling GMs ‘incompetent’, ‘idiots’, and ‘stupid’ is not really helping things.
8 Likes
You currently have 2 tickets open.
Are you in fact currently in control of the account?
Was the current authenticator placed by you?
Have you found the source of your compromise?
Unless you’ve found the source of this - it MAY happen again, although this one is pretty heavily notated.
You need to be certain that both your system AND your email are secure. Better yet - make a fresh unrelated email for use only with Blizzard - but only after you are certain your system is secure.
16 Likes
I mean I opened up the ticket in question to ask wtf happened there, and the one that fixed my account to at least leave a comment because this is BS. I’ve scanned my PC, changed all my PW’s, I set up a new email for bnet and will be changing that over. But none of that explains how an ID check skated through your people so easily. The ONLY time I’ve ever taken a picture of my driver’s license is when my account had been hacked years ago before I had an authenticator on the account. But like my tickets originally stated the authenticator didn’t ping at all when this person logged into my account to push the changes, and then your GM just pushed it through without any other questions apparently. Like what happened to the security question, or text authentication? Because all that was on the account before yet none of them seemed to be required.
Maybe it’s harsh to call the GM incompetent, but what else would you call that HUGE miss? And I get that mistakes happen, but when they are done by the company providing the paid service usually they comp the payer for said screw up.
I wouldn’t say it skated, Alokar.
Do be aware if we need to dig into this deeper, you are going to likely be asked for a picture of your ID - next to your face, with something with a date on it, like a newspaper.
When accounts get into a position where we cannot be absolutely certain who the real account holder is - it’s very difficult sometimes. We do our upmost to preserve security on our end, but if someone gets too much of your information - it’s not impossible for them to be convincing.
11 Likes
But in one of the links I received from Blizzard, the proper ID pictures are supposed to have the ID photo covered up, but then you send that in with it held up to your face… so you cover your face on the ID but hold it up to your face, how does that make any sense??
Providing Government-Issued Identification - Blizzard Support (battle.net)
If they have to go to those lengths, better to be uncovered. Those instances are extremely rare - but in the case of a persistent contested account, may be necessary.
We don’t have your picture. In common account issues - it’s not necessary. When there is some question if someone else may have possession of your ID - it may be.
6 Likes
If you are currently in possession of the account - and everything is yours - you might want to close these two open tickets. The more this get worked - the easier it will be for someone else to make a mistake.
If it’s in your possession and you can change the email - that should go a long way to keeping it secure.
9 Likes
So I’ve done all the steps needed to resecure my account, but still nothing from anyone on how they avoided the authenticator in the first place, let alone the ID fiasco. Lotta deflection going on here.
No deflecting, Alokar.
They had enough info to convince a GM they were you - and remove it.
Really isn’t any more complicated than that.
10 Likes
Is there a way for me to see the ID they used to get passed the security? I’d like to know if that was the issue? For me to compare what they sent in versus what the State issued ID looks like? Or as one user above suggested, was it an EU GM who did the change and just didnt know what the ID should look like. Since the authenticator was switched to a EU version.
No, Blizzard doesn’t keep those on file, like I said. Attachments to tickets get auto-deleted.
7 Likes
Maybe it would be helpful to explicitly spell out what the Blues are being diplomatic about.
If someone was able to contest your ownership of the account to the point that Blizzard accepted it, they submitted a picture of an ID that had the home address listed on your account on it.
If you log in to your account, you can’t see your home address in your account settings. It’s starred out. You can add a new one in your account settings, but you can’t see what’s there already. So they would have had to have had more than your account password. That suggests a deeper level of compromise of your personal information that couldn’t have happened at the Blizzard level.
If there’s someone out there with that level of your personal information, it goes just beyond your WoW password. Somewhere along the line, you’ve either had other accounts or systems that did have access to that information compromised that need to be secured or someone that knows you is trying to get control of your account. Probably it’s the first one, but Blizzard has no way to rule out either scenario if someone is requesting control of your account and they have every last piece of information about you that they obtained somewhere other than from Blizzard, because they couldn’t have gotten it from Blizzard.
It’s frustrating I’m sure but you need to figure out how the compromise happened to stop it from happening again.
14 Likes
If an account is bought and/or sold, this is basically what ends up happening. The others here are correct, apart from your account I would say the bigger concern is your identity potentially being compromised. There really is no deflection. Account security is the responsibility of the account holder, not Blizzard. If the authenticator was removed, that’s quite the red flag.
I would say follow the advice of the posters here, and Orylia. They have been around a long time and know what they are talking about.
2 Likes
There isn’t. The information is deleted on their end as soon as they verify what they need to verify.
Consider, though, that it wouldn’t take an average person (with no criminal experience but a fair amount of photo-editing experience) more than 15 minutes to download a picture of a state ID (whichever state you live in), load it up into PhotoShop, find a matching font, and then change the name on the ID to anything they wanted.
Face revealed or covered doesn’t matter. If covered, great. If revealed, then the picture probably came from a random Google images search. Find a face, cut it out, put it on a blue background (well, in CA at least).
Change it to all of your personal information, since they clearly had that. Fifteen minutes. So, if I can come up with that idea, so can they… since I wake up thinking about caffeine and sunshine, and they wake up thinking about scamming and crime.
Nothing against Blizz at all, but I think that if someone went to the trouble to falsify an ID, they might have done a fair-to-middling job on it and fooled whomever looked at the picture of the ID. It’s reaching (more than I’d say most criminals would go through to steal a WoW account) but the remaining possibilities are limited.
I’ve had many fake IDs (and fake credit cards, and fake checks) handed to me over the years as payment or verification. I’d like to say I caught them all, but I’m only human. Some of them are very, very good.
5 Likes