Battle.net account hacked. Reaction: Apathy or Urgency?
December 11, 2013 10:22 AM Subscribe
I have a Diablo III license. I beat the game a couple months ago and haven't been on at all since then.
So recently I have received a few emails from Blizzard Entertainment (noreply@blizzard.com) containing links which seem legit (going to: https://us.battle.net/account/support/password-reset.html) which I (stupidly?) have ignored up until now.
Nov. 1, received an email of "account locked" due to unusual activity.
Dec. 2, received a "your password was changed" email
Dec. 10, received an email of "account locked" due to hacking type behavior / cheats being used.
Dec. 11, received an email of "account locked" due to unusual activity.
Given that my log-in is my gmail address (used as log ins on multiple sites) and I used my "lite" password for this account (which for some dumb reason I had as my amazon password, though since changed), is there any additional reason to be concerned other than an account for a game I don't play being locked?
I can't access my battle.net account as the password I had doesn't work/was changed, and I don't remember the answer to the security question. They want me to scan in and send a copy of my Driver's License for identification purposes, but I really don't want to do that. To be honest, I don't even know if the emails I am receiving are truly legit.
I don't really plan on playing this game again, and as I am certain as I can be the only computer I played this on is virus-free, I don't think I'll be buying any additional games which use battle.net. However, I don't want someone getting access to the card information I used to pay for this either (I downloaded this) through my battle.net account or be liable otherwise.
As of now, there is no unusual activity on my bank account, and I pay for the million dollar fraud coverage on my checking account. My amazon password was changed (with no illicit activity), but I'm still worried that I might be missing something.
So...
1. Has anyone has experienced anything like the above with battle.net or something similar, is this OK to just ignore?
2. Due to Blizzard's exceptionally shitty contact methods through the site above, I can't even communicate anything to them without creating a case, which requires a log in, which requires me to scan and send my ID, which I don't want to do. Is there an actual e-mail address to send anything to?
Nov. 1, received an email of "account locked" due to unusual activity.
Dec. 2, received a "your password was changed" email
Dec. 10, received an email of "account locked" due to hacking type behavior / cheats being used.
Dec. 11, received an email of "account locked" due to unusual activity.
Given that my log-in is my gmail address (used as log ins on multiple sites) and I used my "lite" password for this account (which for some dumb reason I had as my amazon password, though since changed), is there any additional reason to be concerned other than an account for a game I don't play being locked?
I can't access my battle.net account as the password I had doesn't work/was changed, and I don't remember the answer to the security question. They want me to scan in and send a copy of my Driver's License for identification purposes, but I really don't want to do that. To be honest, I don't even know if the emails I am receiving are truly legit.
I don't really plan on playing this game again, and as I am certain as I can be the only computer I played this on is virus-free, I don't think I'll be buying any additional games which use battle.net. However, I don't want someone getting access to the card information I used to pay for this either (I downloaded this) through my battle.net account or be liable otherwise.
As of now, there is no unusual activity on my bank account, and I pay for the million dollar fraud coverage on my checking account. My amazon password was changed (with no illicit activity), but I'm still worried that I might be missing something.
So...
1. Has anyone has experienced anything like the above with battle.net or something similar, is this OK to just ignore?
2. Due to Blizzard's exceptionally shitty contact methods through the site above, I can't even communicate anything to them without creating a case, which requires a log in, which requires me to scan and send my ID, which I don't want to do. Is there an actual e-mail address to send anything to?
(To clarify, the messages that I got were that the account password had changed and that the account was locked.)
posted by mochapickle at 10:29 AM on December 11, 2013
posted by mochapickle at 10:29 AM on December 11, 2013
Best answer: I had my Warcraft account hacked a couple of years ago, though I was lucky enough to recover and change my password before they changed the e-mail on the account.
I just logged into my Battle.Net account legitimately with my authenticator and went through the "I've Been Hacked!" steps for Diablo. The request for your government ID is legitimate-- in the sense of, this is a request that Battle.net legitimately makes in an attempt to release a hacked account to its true owner.
It asks for your ID, whether you use phone, online ticket, or live chat. If you don't want to recover the account, then I would change every password related to that e-mail address, and cancel whatever credit card you may have had on file. Otherwise, go ahead and scan your ID and send it to them.
posted by headspace at 10:32 AM on December 11, 2013
I just logged into my Battle.Net account legitimately with my authenticator and went through the "I've Been Hacked!" steps for Diablo. The request for your government ID is legitimate-- in the sense of, this is a request that Battle.net legitimately makes in an attempt to release a hacked account to its true owner.
It asks for your ID, whether you use phone, online ticket, or live chat. If you don't want to recover the account, then I would change every password related to that e-mail address, and cancel whatever credit card you may have had on file. Otherwise, go ahead and scan your ID and send it to them.
posted by headspace at 10:32 AM on December 11, 2013
Best answer: you can submit a ticket via this link: https://us.battle.net/support/en/help/
D3 > Can't log in > Account has been Locked > blue button should appear at the bottom that let's you submit a ticket > submit a ticket without logging in.
But in instances like this, you want to call them.
posted by royalsong at 10:35 AM on December 11, 2013
D3 > Can't log in > Account has been Locked > blue button should appear at the bottom that let's you submit a ticket > submit a ticket without logging in.
But in instances like this, you want to call them.
posted by royalsong at 10:35 AM on December 11, 2013
This happened to my husband. The only reason he cared was that in the future he may want to use his battlenet account. Sometimes when new games come out Blizzard will give a bonus to previous players.
So yeah, go ahead and send them your ID.
posted by MadMadam at 12:15 PM on December 11, 2013
So yeah, go ahead and send them your ID.
posted by MadMadam at 12:15 PM on December 11, 2013
You say the email is legit, but I would suggest double checking once more.
The spoofing is generally quite good, and the email showing up in your email client is no indication that it was from noreply@battle.net - check the message headers. Some more information is under 'Spoofed emails' on this page.
Does the email address you by your first name (or a name you used to join Battle.net)? If it doesn't, and calls you 'customer' or uses your email address instead, or just says greetings, fake.
Regarding this kind of spam, I used to receive ~3-4 emails like this a day. Gmail filtering is excellent for deleting nearly all the dodgy ones and letting the legitimate ones through - if this email was sent to gmail, it's 10x more likely to be legit.
Should the email address you with the right name, go ahead on sending an ID through the official Blizzard site - this is standard.
posted by Ashlyth at 12:05 AM on December 12, 2013
The spoofing is generally quite good, and the email showing up in your email client is no indication that it was from noreply@battle.net - check the message headers. Some more information is under 'Spoofed emails' on this page.
Does the email address you by your first name (or a name you used to join Battle.net)? If it doesn't, and calls you 'customer' or uses your email address instead, or just says greetings, fake.
Regarding this kind of spam, I used to receive ~3-4 emails like this a day. Gmail filtering is excellent for deleting nearly all the dodgy ones and letting the legitimate ones through - if this email was sent to gmail, it's 10x more likely to be legit.
Should the email address you with the right name, go ahead on sending an ID through the official Blizzard site - this is standard.
posted by Ashlyth at 12:05 AM on December 12, 2013
They want me to scan in and send a copy of my Driver's License for identification purposes, but I really don't want to do that. To be honest, I don't even know if the emails I am receiving are truly legit.
Your instincts are sound. Don't ever hand out identifying details in response to a communication you didn't initiate. Never, never, never. Just don't do that.
Call them after looking up their number in a reliable public directory.
and I used my "lite" password for this account
This is 2013. You can't afford to be thinking about passwords in any way that makes a "lite" password seem like a useful idea. If you're not using password management software (KeePass, 1Password, Password Safe, LastPass, whatever suits) you're Doing It Wrong.
posted by flabdablet at 4:19 AM on December 12, 2013
Your instincts are sound. Don't ever hand out identifying details in response to a communication you didn't initiate. Never, never, never. Just don't do that.
Call them after looking up their number in a reliable public directory.
and I used my "lite" password for this account
This is 2013. You can't afford to be thinking about passwords in any way that makes a "lite" password seem like a useful idea. If you're not using password management software (KeePass, 1Password, Password Safe, LastPass, whatever suits) you're Doing It Wrong.
posted by flabdablet at 4:19 AM on December 12, 2013
This thread is closed to new comments.
posted by mochapickle at 10:28 AM on December 11, 2013