So my account was hacked on Oct 31st at 3:31 PM CST by someone in Kyiv, Ukraine. They bypassed my phone apps security token and stole the vast majority of my gold. I didn’t notice until Nov 1st so I submitted an Account Hacked ticket. I have the security token app installed.
Now thankfully my account wasn’t fully hacked, I just lost all my gold. But you’re telling me that if I had lost full control of my account, my average wait time to get my ticket looked at is almost an entire month?! For a HACKED ACCOUNT? You would think using the Hacked Account support option would get my ticket looked at faster.
I understand - a lot of new games came out, you’re on the verge of a new expansion, but the blame is on your superiors for not hiring additional staff when they know that around these times you’re bogged down with so many tickets. The average wait time should NOT be 23 days.
When I got the email confirming my ticket was submitted an a GM would be contacting me soon I was relieved. But SOON is 23 days late. When my gold has exchanged so many hands it’s probably untraceable and the hacker will have gotten away with it.
I’m trying to be patient and considerate to the staff on support, but I feel like “Account Hacked” submitted tickets are lobbed in with “My characters stuck” or “I need an item restored” tickets and it’s a little upsetting. You would think with using the “Account Hacked” form your ticket would be processed soon because of the severity of the issue.
What upsets me more is the fact the hacker BYPASSED my SECURITY TOKEN APP to log in. I hate the fact that you removed the ability for me to use my physical token because I do not trust Security Token Apps and now my fears were realized. That the app itself can be hacked or bypassed. PLEASE BRING BACK THE ABILITY TO USE PHYSICAL TOKENS!
I feel bad for the people who got their full accounts taken over by hackers having to wait nearly an entire month to get their accounts back. This system needs to change.
Account security remains your responsibility first and foremost. Sure the 23 days is based on the longest ticket in the system and they will help you sooner then that. Either way any damage done by the hacker can be fixed.
In the mean time you will want to scan your computer for malware and viruses. Secure your email account and consider making a new one for your account. I know your current one is compromised. No other way they could gain control with out it. How they bypassed then authentication I have no idea.
One step ahead of you in every direction. I’m about to attach my new email to my account, did a full system wipe on my phone, did about 3 different scans on my PC. I’m still worried because I don’t know how they managed to do it so I’m asking myself “Did I do enough?” And I just don’t know what else to do.
That is strange, the authenticator app is one of the most secure methods you can use. Usually the only way to by pass it, is if they had the Authenticator Serial number and restore code themselves. There have been what was called a “man in the middle” attacks before, but I don’t think I’ve heard of that happening for a long time now.
We do, Ravij, the volume we are experiencing goes above and beyond the normal influx of tickets we see based on an expansion launch.
It is a priority, always has been. All categories are taking longer than normal at the moment. Your compromise will be looked into as soon as possible.
I just miss being able to use my physical token. I still have it but apparently after I came back from a 3-4 year hiatus in 2018 it was no longer useable despite still being attached to my account.
Please accept my apology then. I’m just severely frustrated and worried this might happen again and as a result I never want to hold a lot of gold despite needing the gold to purchase fun stuff for me. I just feel like my account won’t ever be safe again after this.
Edit: Ok so I checked the restore code on my authenticator app. It had been switched to an EU based authenticator code. I just did a reset and I’m back to US. So somehow the hacker removed my authenticator and reapplied the authenticator so that it was under their region. It still does not explain how the hacker gained access to my account in the first place.
I don’t know if that had anything to do with it, Ravij. Your Authenticator had been on your account since 2018 with no updates until you just did that.
Probably doesn’t hurt to have removed and reapplied it anyway.
I think someone has access to my account again. I woke up to a text saying my security question had been changed at 9 AM CST and my passwords weren’t working. Thankfully I’m able to log in with my google account and checked my latest logins but it’s not showing all my own past log ins.
Edit: OK I’M DUMB! Was able to log into the game, it was just Blizz. phew.