My account got hacked 1 month ago while I was on vacation, I don’t really know how it happened, must’ve been a phishing scam link I clicked somewhere. Well, I managed to recover my account (thank you for the fast work, Blizz) but they transfered my character and changed the nickname, some of the gold and items was lost aswell.
I can’t transfer back to my old server despite raiding and having a guild there for almost 3-4 years since Classic/TBC. Not sure what to do, I’ve tried opening a ticket and contacting support but they said it isn’t possible for them at the moment even though all my stuff/guild/friends are on said server. Am I just doomed now?
My first ? is and its the most important other then did u find the source do u have a authenticator other wise it could happen again.
2nd If the realm is locked A GM woudlnt be able to circumvent the lockout.
I wouldn’t say doomed, per se. Though it does sound like you’re trying to get transferred back to a realm that is currently closed to some iteration of new characters, which they are unable to circumvent, unfortunately.
The best you can do for now is keep an eye on that specific realm and see when it opens back up for transfers.
1 Like
While we do try to repair all the damage that is caused by an account compromise, there are times when we are not able to do so 100%.
At the moment the realm is locked for transfers and I’m afraid even we are unable to circumvent that status. I imagine when the restriction is lifted, we’ll likely be able to help move you back if you contact us again.
Sorry, Naxxrama.
7 Likes
welp thanks anyways
2 Likes
im honestly surprised this isnt the one and only exception for locked realms. The customer didnt make the move.
i know, i know, feedback in general etc, but i cant be the only one thinking this.
1 Like
Maybe not directly, but they did leave their account open to hacking. Whether that’s clicking a phishing scam link the OP, having an insecure password, reusing passwords from other sites, or not having 2FA on, they did leave their account vulnerable.
It’s a tough lesson to learn for sure, but you can bet the people who get hacked make their WoW, and hopefully other online accounts, more secure going forward.
If you’d like to pass that suggestion on to people who can maybe implement it, you’ll want to post in general (like you mentioned) or even the in game suggestions panel.
6 Likes
The realm lock is hard coded. The CM team literally can’t over ride that to make an exception. The Devs would have to change the coding of how the locked realm feature works for that exception to occur.
Once the lock is no longer on the server, someone could ask again to have the char moved back and a GM may be able to help them at that point.
3 Likes
there are zero day exploits out there, data breaches, etc so its not always the customers fault in that sense.
i know they cant, again, more im surprised this isnt the one exception thought of when they made the locks and built in so cs could in this one type of instance.
not trying to change it or argue it, i know it cant be done, just sharing my thoughts
edit to add - i know its ok for us to discuss this as long as it stays polite and on topic and all 
2 Likes
Yes, it is.
I think you kind of explained the “why” portion yourself
You noted that this is the ONE type of instance it might be reasonable to have an exception. A very rare circumstance that may impact a super small fraction of people. Unfortunately fringe cases very often don’t make it into software as features, esp initially. Later additions depend on use cases, impact, and costs to change to accommodate those fringe cases. It is not often that players get compromised and transferred (although it certainly happens!) and it is even less common that the servers are locked. Having both happen falls into that tiny little category that they did not plan for.
These cases certainly are VERY frustrating for the player who was compromised - and for the GM who would love nothing more than to return the player to the pre-compromise state. No argument there at all. Again though, the good news is a ticket to a GM when the lock is gone is likely to get the situation fixed. Not ideal, but it does eventually get it resolved.
7 Likes
Just to touch on this:
Yes there are. Blizzard is required by US Law to inform all stakeholders of any breaches within 48 hours of detection else they face very stiff penalties. To date, there have only been two breaches at Blizzard.
I know of one. It was in 2012 and involved front facing login info. Email address, secret question, mobile auth serial number, and encrypted salted hash password. Blizzard reported it promptly and had us all change our info. Because it was both encrypted, and announced fast, it did not result in compromises.
What other data issue did they have besides that?
3 Likes
A recent report came out that on December 4th, an employee was phished and the hackers gained access to internal employee and game data. It wasn’t reported until last weekend… That’s the other one I know of aside from the 2012 one you referenced.
Thought there was once around 2017/2018 but really not going to remember exactly when. Could well be mistaken of course.
I have to look this up, but that is very different than Customer Data. Blizz does not keep things together, which is why the private info and financials were not accessed in the 2012 hack, nor apparently this one. Blizz does not allow most staff to access customer data even.
I feel bad for staff though who might have had their tax and paycheck info accessed Same for any devs who had proprietary info accessed
Will keep an eye out for more on it though. Thanks.
2 Likes
An activision employee was phished and compromised. I don’t remember seeing anything about Blizzard game data being breached, just COD and Activision employee data.
4 Likes
Ah! Thanks for more data. That shall help with my Google fu.
Yeah the two are quite separate.
4 Likes
oh i wasnt meaning blizzard, but i didnt specify. more the subset that uses the same password across multiple services.
it wouldnt surprise me to see it in a future update
Which falls into the users responsibility to use separate passwords for stuff.
Though yeah, not trying to argue or anything and obviously this is a muuuch bigger topic (account safety) than this the scope of this thread.
I took think it might be a nice tweak to staffs capabilities to allow, but I just don’t know if that’s feasible. Changing the coding to allow transfers in this instance would give room for other people to say “but you CAN do it you just WON’T do it for me! That’s not fair!” in other situations. I feel it best to not open that can of worms personally.
1 Like