Good news everyone ! New Automated Account Recovery System!
 

Just come out for us.battle.net

Not sure if you European chaps have it yet

http://wow.joystiq.com/2010/09/22/bl...for-hacked-ac/
http://forums.worldofwarcraft.com/th...Id=26859148968

As a lot of you know when you get hacked one of the things that make the whole experience distressing is getting through to someone to reset your password and start the whole recovery process. Yes they've improved things over the years yet the fact remains that if you do see someone on your account it often doesn't matter how quickly you get through to someone on the phone or via a ticket - the damage is done within minutes :(

Now no longer. Blizzard have made an automated recovery system. Using this system you can get in quickly and lock your account down. A reset password email is sent out and a ticket is automatically generated.

https://us.battle.net/account/suppor...-computer.html

Is the URL to bookmark.

Now in the interests of science I had a little play with it. My account has not been hacked btw. Here's how I went :

Page 1

Very large prominent disclaimers on making sure you have scanned your computer for every possible keylogger , tips on keeping your account secure , recommendation for getting a authenticator etc etc

Big Orange box with a checkbox that won't alllow you to go any further without making doubly down sure you're secured your end. "Is this computer secure? - During the next steps in the account recovery process, you will be providing us with detailed personal information to verify your identity. Thus, it is extremely important that your computer is secure before proceeding."

Very nice , very clear

Page 2

Asks you for your Battle.net email , First name and Last name. Gentlemen this is why you don't do account trading. Or account buying.

Page 3

Gives you a choice between answering your secret question or putting in the serial number off your CD Case thingy. You know the number that was on the front

Page 4

It's either this page or the page before where it recommends changing your email password as well. Or it could of been about changing your battle.net email. Either way another recommendation to change your email password as it could be compromised is very very nice.

Last Page.

Tells you exactly what's going to happen and what time frames to expect. Very nice.

Also has a few very detailed paragraphs on account security and how to follow everything up. By the end of all this your account is locked with an email sent for a password recovery. A ticket for the recovery of your items is also put in the queue and you get a ticket number for it.

I like how you get the ticket number right in the email to you. It means the rep you get on the phone can locate your recovery request. It could also mean in the future Blizzard may consider changing the automated phone system to add an option to put that in .... and automatically be forwarded to the spe******t involved with your case...or automatically read out a status report on your ticket.

Seriously putting the ticket number in on the email is awesome. I would love a system where you ring up , put in your ticket number and get an automated update on your recovery. Something like someone going "Your support ticket has been assigned to ______ They can see x items to recover. Recover has been in process for x days with an estimated y days left for z items. If your still wanting to talk to an operator please stay on the line now. if you get a message to say all lines are busy please redial until you get in the Queue. Have a nice day !"

*ponders on putting in a suggestion for above*

Here's my thread on my experiences :

http://forums.worldofwarcraft.com/th...741312&sid=1#8

PS Yes I've deleted my ticket out of the queue. And my account is unlocked now. The whole process was very fast and all happened in minutes. Yes you can now lock your account down in minutes assuming you've cleaned your computer out and your email has not been compromised

Thanks for posting this! Just spread the word on my guild forum, we've had several people get hacked recently.

:D And thanks for doing the 'Oooo, shiny button, must press' bit so I don't need to.

Wish people would quit saying that they "were hacked".

Their accounts weren't hacked. They were just stupid.

Glad to see Blizzard making it easier for stupid people to get their accounts back - hopefully make them smarter.

That's a tiny bit arrogant of you isn't it ?

Blaming the victim for the crime isn't it ? Like saying there's no burglary or robbery in the world today - clearly the victims asked for it by having a particular brand of lock on their door! Genius !

Tell me have you ever been hacked ? Known people that have been hacked ?

I do know people that have been hacked. I know people with extremely stringent security measures that have been hacked. I know people hired by the NSA and CIA that have been hacked. These are people that get paid to specialize in computer security. None of them were necessarily hacked for being stupid.

Sometimes its just simply having the bad luck on being lax in some aspect of their security. It doesn't make you stupid it merely means having bad luck.

Also there is no security system in the world that is 100% hacker proof. You can't guard against Zero day exploits. It is flawed reasoning to say everyone who gets hacked is stupid.

This is just plain ignorance. Plain and simple. I was [s]hacked[/s] compromised. It ended up being a hack embedded in the flash of a popular WoW information site where people go to get information about quests and items. No virus, no buying gold, to selling/buying accounts, no clicking on spam emails from nefarious sources pretending to be Blizzard.

Sure, I didn't have an authenticator at the time - but excuse me if I was pissed because the last authenticator I purchased died in 6 months and Blizzard said "so sorry, buy another one". OF course I have one now tied to my phone.

I don't expect you to understand - until you yourself get hacked - but it is NOT as cut and dried as you suggest.

Don't be so quick to judge, you may be next.

In the world of languages, words change. It is a fact. While it is true that the vast majority of account compromises are not actually hacked and and the login information was learned via some phishing method, the term "hacked" is a nice quick simple term that people use to identify what happened. And it is not going away.

There are thousands of words in the English language alone that are not used today in the context of their original meaning. Take the word "decimate" - this word meant to "reduce by one of ten" and came from the practice of a punishment in the roman armies where if a unit did not perform they would kill one solider in ten as negative reinforcement. Today, we use the word to indicate that something has been utterly destroyed.

If someone says "My WoW account was hacked" and you know exactly what they meant, then the job of using language was successful in that communication occurred successfully.

OK - lemme put it this way.

Someone whose account is compromised for WoW, didn't happen because someone "hacked" Blizzard or Blizzard's databases. If someone were to have done that, there would be massive numbers (and when i say massive, I mean MASSIVE) of people reporting their accounts being "hacked". Not the trickle there is now.

To answer your questions - no, I've never been hacked. And I've never had a virus on my computers. Because I use my head. I know not to go to links from Blizzard-looking emails. I verify the site I'm going to is actually the site I'm wanting. I don't click on random links to the WoW Armory and enter in my credentials.

Being lax MEANS you're stupid. The definition of lax (not strict or severe; careless or negligent:) shows that you're lazy, inattentive, not caring.

People using the same password everywhere. Going to random links, seeing a battle.net-looking login screen and entering in their credentials. People falling for fake emails, where just a cursory bit of attentiveness easy show they are fake, etc = stupidity.

I'm sorry if you don't agree, but it is.

Do people deserve their accounts to be compromised? Of course not. But them shunting responsibility off on someone else, for their ignorance and lax-ness, is more wrong, than them doing whatever caused their credentials to get compromised to begin with.

That's fine - if you wish to continue doing the interpretation in your head, you can. I do it too. When they say "I was hacked" my brain translates it to "I was stupid, did something I shouldn't have done, but I refuse to admit any fault of my own - so I'll blame someone else and say "hacked"."

My interpretation is the correct one, and you know it.

I can quote things, too.

That would be hacking Blizzard's servers. Not someone's account.

These are not the only ways to have your account compromised. Read above for an example about flash ads and zero-day exploits.

I would say that those two words have different meanings... Not to mention that calling someone stupid on these forums goes against our rules: 1. Post with respect and courtesy. Debate is fine ... so long as when you disagree with someone, you respond in a civilized and constructive manner.

I am sorry for the way in which you see the world. Yes, I agree that some people simply do not think before risking their account. But to think that everyone who has their accounts compromised acts this way is just naive.

Just because you think your opinion is the only correct one, does not make it so. ;) That's a great lesson to learn and carry through life.

__________

Now. This thread is not about how people can get hacked or who gets blamed. It is about a new feature that enables you to lock your account quickly in the event that it gets compromised. I'm tempted to just delete everything here that's off-topic, but I hope that some people can learn something from the discussion.

Win :cool:

(extra stuff so the forum can let me post)

Nice little back pedal you got there. Yet this isn't what you said above. You said above "People don't get hacked they are just stupid"
And I trust your not lax in your security methods? Not even once ? You've never been hacked therefore your smarter then those other guys who do.

I haven't been hacked either. And I don't do any special security steps other then not giving out my password to silly whispers or going to funny sites from an email.

But this does not mean that maybe one day I might get hacked. I'm not arrogant enough to say they I won't get hacked. I'm only Human and I might slip up once.
Lax ≠ Stupid

The 2 definitions of the words having nothing to do with the other :

http://dictionary.reference.com/browse/lax
http://dictionary.reference.com/browse/stupid
This is also covered in detail on the form. Also in the security page they recommend you go to.

O.o

Not the response I was expecting, that's for sure. As Maul's post mentioned, I was using 'get hacked' as shorthand for 'have their accounts compromised in one fashion or another, which may or may not have been their fault'.

Still, this will be an excellent tool to help people who do lose access to their accounts, whatever the cause.

I'm glad they finally added this feature. I hope it helps people moreso than having to just open a ticket and such, and I'm sure the response time will be faster! Also, GM Ticket wait times should go down immensely!

There is a difference between being naive and being stupid, just as there is a difference between reasonable debate and being an arrogant know-it-all asshat who thinks they're smarter than the rest of the world. I'll leave it at that.

The feature is great and I look forward to my simple tickets being answered sooner because of it. My last one was for a couple of AH spammers who were flooding Strange Dust x1 for pages on end. Took 3 days before they got to it. :rolleyes:

*agrees*

+100 points in life lessons.

Congratulations! Your life lessons knowledge has increased to level 95!


:banana:

There really tends to be no sympathy for people who have their accounts compromised. One of the fella's from The Instance had is account compromised in the past - and he never got to the root of it either.

Having the authenticator is the key. Would not surprise me if one day that is not enough.

I apologize for getting so defensive in my previous post - but it really irks me when people ASSume you are an idiot - or naive - and those are the only two paths that can lead to account compromising. FLASH WAS HACKED - didn't last long, it got 100's of 1000's of people. My brother got hit - he turned off his authenticator for 1 day because he got a new phone, and was transferring the authenticator to the new one - BAM - compromised - same deal - no email clicky, no gold or account buying or selling - SIMPLY VISITING A WEBSITE. Did I mention this happened to more than a hundred thousand people? I might have ;)

Hacked, compromised, whatever - keep up the smugness and karma will come around and chop off your head, hold it in its hands, and laugh at you.

Troll away, I am finished.

Flarin, even an authenticator isn't enough. Several months ago, already, it was discovered that there were some man-in-the-middle style password stealing compromise methods in use. They could only get into your account in a single, approximately 30-second, timeframe, but once in they could do what they wanted.

They were running a keylogger with active communication, it detected WoW starting, recorded your username, password, and auth code, and immediately transmitted that to another computer that then logged into your account while the authenticator code was still "active". Having an authenticator is MORE secure, but is not completely secure.

Truly scary stuff - not so much for my in-game characters or whatever, just brings to light how dicey the net is for any personal data.

"While you are entitled to hold an uninformed opinion, you are not entitled to make stuff up and call it a valid argument."

I said that that was enough off-topic posting. :p

KK I'm sorry for starting "something" then.

Back on topic.

I gave this a go so you guys wouldn't have to. So please no playing around with this form just to see how it works.The poor overworked Blizzard peoples don't need to be going around deleting tickets :)

I have also not found anything about it being possible on eu.battle.net yet ... anyone found anything on them bringing it out for the European guys and gals ?

I think this is a great service that will hopefully improve response times - it has to be quite a difficult task to support this large a user-base.

I've been hacked some months ago (more than 1 year ago probably) and I still don't have a clue how.

I consider myself a pretty competent IT user. I'm 28 years old and I've been using computers since the Spectrum and so on. I'm a Computer Engineer, I do some programming, use constantly more than 1 OS (Windows 7 right now and several versions of Linux since Mandrake was still alive), don't use iE for years since version 5 (currently using Chrome and Firefox sometimes), always use a Antivirus on Windows Systems (Microsoft Security one right now) and even so I was hacked. Don't have a clue how. Never bought gold. Didn't give my password to no one. My WoW password changes from time to time and it's not equal to any other password I use anywhere. It has several type of chars and numbers. I only go to common websites like MMO-Champion, WoWhead, Curse and WoWInterface. I had upated some addons from Curse the day before I was hacked. Was that it? Will never know...

After that I go an authenticator, was before Blizzard started offering the pet as a reward for having one. But in that week I took noticed of several people I know that was also hacked.

So calling someone stupid for being hacked don't knowing how and taking all security measures one can is offensive. After I was hacked I did an Internet AntiVirus scan, scanned with several searching tools, including spybot, adware, malbytes, etc, etc, no results.

Bought an authenticator and since then had no problems.

My case took about 1 week to get solved. Recovered everything at least. But scared me a bit.

That's the thing, Neverg, you just never know what type of vulnerabilities out there that those keylog creators are taking advantage of. Adobe Flash is just one I can think of off the top of my head. Not to mention advertisements.... I hate ads to the point that I'm anal about it. I've got ads blocked so I don't see a single one. Not one. Sad thing is, some sites need the cash flow that advertisements bring, but on the other hand none of those ad companies can promise that a keylogger or other form of nasty will never get in. Better to be safe than sorry and just block them all. Sorry, I'm rather passionate about the subject... /end rant.

On another note.... a keylogger will be on your machine for weeks, sometimes even months, before the attacker actually goes into your wow account. Having said that, I doubt you got anything nasty from Curse. I think they are just as picky about what gets uploaded to their servers as the great people here at WoWI.

No offense, but I find it kinda sad that people still wait until after they've been hacked to purchase an authenticator. I was one of those idiots that kept the wow authenticator store page open in my browser for days, and kept hitting refresh until they were restocked lol. Got mine within the first week after they were announced.

I feel you and went through the same. You did nothing wrong. Something slid in via Flash most likely. I have not had the problem either since I turned on the authenticator on my phone. The key-fobs tend to die, and after 6 months Blizz makes you buy a new one, so be warned. i was unlucky, plenty of people have been lucky and theirs is working fine after a year or more. I have reimaged my machine and will most likely ONLY visit wowwiki and other info sites now from a virtual machine as I believe it was one of those info sites that had the offending flash for me. Even with the authenticator I don't want the code lurking - my brother turned his off for 1 day yo transfer his authenticator from iPhone to another phone - he got hit while it was turned off!

I'm not saying it was curse, it just the last thing I remember doing before I was hacked. Went to bed, the next morning I couldn't access my account anymore. It was blocked because it was probably used by the hacker to advertise gold or something.

I never bought an authenticator because didn't find it necessary since I considered myself someone responsible. And the only ones available were the normal ones, after the mobile ones appeared I bought one right away. :)

I don't have a clue how they did it, bruteforce was not for sure, because I Don't think Blizzard allows that anyway. Most probably it was some kind of add or flash like you said. Can't see anything else.

Anyway, I have one authenticator on one of my Mobiles, a Sony Ericsson, but it's even available for Android now, so I'm set, even tho it's not 100% secure even with an authenticator.

No matter how smart or computer savvy one might be, zero day attacks are a threat to everyone -

http://en.wikipedia.org/wiki/Zero-day_attack

These will often go undetected and when your security software finally issues an update after it has been discovered, the attack could have deleted itself by then. Some of these viruses are smart. They will often only be active while wow is running or even delete themselves when they get the job done, so as to make it harder to follow the forensics.

The days of it being just basement dweller just messing around with computer attacks are over. Many of these newer attacks are very sophisticated and some even have certain sovereign nations backing up the research financially on these attacks. Not because the nations want WoW accounts, but stealing something that is "inconsequential" is good "war games" practice.

If you get your account stolen and/or never find the source, it is hardly because of stupidity. Phishing scams are one thing and can be attributed to not being savvy enough to identify them, but other attacks are just downright amazing in their sophistication. Some Zero Day attacks can exist for a long time before being discovered by the security community.

We are. The server does its own virus-scanning, but Ackis and I still manually check anything that's an executable and we require source code as well.

This is a awesome move by Blizzard, I myself have YET to have my account hacked (im not naive enough to say it will never get hacked) and I dont use a authenticator. because I scan anything I download and i run regular virus scans of my PC.

And in regards to the post about the authenticators, while they are a good safe-guard they are not full proof, I remember reading a post about people with them getting hacked.