Keep in mind I haven't played WoW for months now.

Ok, so I get an email recently saying my account has been suspended, followed by one that says it is terminated due to "use of automation software". It's one of my accounts.........and I try to login to my Battle.net account to see what's going on. I can't.......it says there is an authenticator attached to it.............which I never did. My other 4 accounts don't have it, but this particular one does.

Now I know you might be thinking I was hacked on my end. But here are some points:


Since I quit WoW, I have a new computer that doesn't even have WoW installed on it.
I used different passwords for my battle.net account than anything else
My payment was terminated months ago....how did they login?
The account that was hacked was NOT used for anything other than that WoW account (I'm a hardware boxer), and has not been ON since I quit WoW.


Considering my password was not easy in the slightest, how do you figure this happened? Should I even call Blizzard to get the account back or is it a waste of time? I was going to try out Cataclysm, but now I'm left with 4.

What do you all think?

there was a report not long ago that a huge list of game accounts was uncovered. that was collected over time. Probably had your info in it. I'd scrub all your WoW comps to be safe.





















scrub them FROM ORBIT!

Those computers haven't even been turned on since March. I sent an email about it disputing the account closure.

Do you have any details on the accounts uncovered? Any link with info?

Since this last patch I've been having crashes randomly with a DEP message. Data Execution Prevention... I've scanned and there's no virus or malware so I've been at a loss. Only thing new since this started was the patch and updating some addons off Curse. Never use their client- always manually install.

Keep in mind I haven't played WoW for months now.

Ok, so I get an email recently saying my account has been suspended, followed by one that says it is terminated due to "use of automation software". It's one of my accounts.........and I try to login to my Battle.net account to see what's going on. I can't.......it says there is an authenticator attached to it.............which I never did. My other 4 accounts don't have it, but this particular one does.
Every multiboxer should have an authenticator. Beside the wait time for logging in, there's little excuse.

Since this last patch I've been having crashes randomly with a DEP message. Data Execution Prevention... I've scanned and there's no virus or malware so I've been at a loss. Only thing new since this started was the patch and updating some addons off Curse. Never use their client- always manually install.
I have never ever had a problem with data execution prevention that I can remember.

Every multiboxer should have an authenticator. Beside the wait time for logging in, there's little excuse.

I have never ever had a problem with data execution prevention that I can remember.

Every time I tried to order one, they were out of stock. While I said I played in March, that was again after a long hiatus prior to that, before the authenticators were available.

It MUST be an inside job. RITE?

On a less tongue-in-cheek note, hackers do not immediately use account information when they keylog/hack it. It sometimes sits for months before someone tries to take advantage of it. Rest assured that one of the PCs you used to logon to that account was trojaned, you "loaned" your account to a "friend" or you have a really, really weak password.

I would get it back. Why let them get away with it. Also if you do decide to come back, you will kick yourself for not doing it. It would be like coming home to find someone took something of yours, but because you haven't used it in a couple of months you don't care.

The patch has memory problems. Official tech support forums have a lot of information about screens going black and crashes to desktop with storage errors etc.

It MUST be an inside job. RITE?

On a less tongue-in-cheek note, hackers do not immediately use account information when they keylog/hack it. It sometimes sits for months before someone tries to take advantage of it. Rest assured that one of the PCs you used to logon to that account was trojaned, you "loaned" your account to a "friend" or you have a really, really weak password.


Again, the computer that the account was used was not used for ANYTHING other than that WoW account.........I never visited a single website, ran a single program, or anything of the like. I don't use software like Keyclone that talk home.

I have turned that computer on, and run packet monitoring software, as well as a scan for files (even hidden, archived, or the like) that were created AFTER the computer was originally created. Nothing other than WoW updates.

I know it's easy for people to say that it was my computers, but being a network security specialist for 10 years, I feel I have the ability to check for these things.

Let's say that for some reason, my main computer has been compromised. Why would an account that was never even logged into that computer be hacked? Also, why would it not be the account hacked that was on the computer I use for something other than WoW?

My password consisted of uppercase, lowercase, non alpha-numeric characters over 10 characters in length. It was not guessed.

I have never had anyone log into my accounts, friends used my computers, not even my wife.

Now, I have worked for companies where an exploit was used. When an exploit is successful, I have never seen people "wait" to use it. It's the same as in the study that was released this year stating that changing your passwords on a regular basis is a futile point. If someone gets your password, they are going to use it then and use it as much as they can before the security breach is found.

I even have a hardware appliance in place that sends me reports of daily web traffic, it reports TCP and even UDP traffic for any website, any port, any protocol used for communication through the box. No where does it state any communication out of the ordinary. No IRC communications, no CuteFTP exploits, no telnet communications, nothing.

I would be arrogant to say that it isn't 'my fault, but I'm not some kid that can't use a computer. I have several safeguards in place that can notify me if something is unusual. If it was my main account, then I would highly consider it to be my computer at fault. But companies do make mistakes, just as I could make mistakes. A good example is how Mythic was overcharging on accounts that were closed for years causing thousands of people getting overdraft fees.

http://www.symantec.com/connect/blogs/44-million-stolen-gaming-credentials-uncovered

Is this the story of the accounts you're speaking of?

Not that I am accusing you of buying gold, power levelling or buying accounts but from what I have heard, including from several first-hand sources, "hackers" are, most of the time, actually power levellers or account sellers who wait a few months after the transaction/service to hijack the accounts. Even if you were only buying gold, you would have had to have given them your email address, which gives the hackers the first of two pieces of information required to hack your account.

Have you freely given your account details to anyone?

Not that I am accusing you of buying gold, power levelling or buying accounts but from what I have heard, including from several first-hand sources, "hackers" are, most of the time, actually power levellers or account sellers who wait a few months after the transaction/service to hijack the accounts. Even if you were only buying gold, you would have had to have given them your email address, which gives the hackers the first of two pieces of information required to hack your account.

Have you freely given your account details to anyone?

I have never purchased gold, never paid for powerleveling, or bought an account. I busted my ass making 5 of every class, all through work, and not shortcuts. I never got any phishing emails, I never posted my details anywhere.

I've never let ANYONE even on my computer period. My 2 year old even has his own computer so he can't use mine. My wife has her own computer.

People who buy and sell gold upset me as it's a great disservice to other players. I've played MMO's since UO and haven't purchased anything, only worked my way up.

Just on the point of reactivating the accounts, the hackers are using stolen CC info, when mine was hacked a few weeks back, they transferred 4 toons to other realms using stolen CC info. Blizz caught the transfers later that day.
I do believe though, that the hacks being implimented are quite sophisicated and it took me a week of multiple virus scans with multiple different scanners, all of which came up empty. Resetting my cable ip address finally got me clear and over that period I changed my Bnet email 3 times on the afffected account. VERY frustrating.

Just on the point of reactivating the accounts, the hackers are using stolen CC info, when mine was hacked a few weeks back, they transferred 4 toons to other realms using stolen CC info. Blizz caught the transfers later that day.
I do believe though, that the hacks being implimented are quite sophisicated and it took me a week of multiple virus scans with multiple different scanners, all of which came up empty. Resetting my cable ip address finally got me clear and over that period I changed my Bnet email 3 times on the afffected account. VERY frustrating.


Well that's the other thing, not a single charge has been placed on my cards since March.

Perhaps they re-upped my account with someone else's stolen CC info?

I guess that's a possibility.

Something that I found unsettling in my hack was that my notebook, which I formatted as part of my nuke from above clearance kept giving me an error when i tried to connect to my desktop using remote desktop, it kept telling me I had a connection already running. This happened both times I formatted the notebook, then unplugged it and pulled the battery, even the BIOS had it's date reset due to no power, then on the 3 rd format I disconnected my modem so that it would get a new IP and only then was I able to connect to the other desktop remotely after that fresh install. My suspicion is that the original trojan had captured the ip address of my network and so they were able to still connect to my machines remotely using some other hack.
ALL VERY SCARY

I know it's easy for people to say that it was my computers, but being a network security specialist for 10 years, I feel I have the ability to check for these things.I can see how that might lead you to believe you're not the one in error here but if there's one thing I've learned over the years, it's that hackers are an ingenious lot. I know it's hard to believe but the alternative theory goes beyond the pale. I just cannot fathom that Blizzard has some security hole where accounts get hacked regularly for 5 years and NOBODY has found out about it yet. It would not be a normal hack, either, because they're not entering your logon/password for any trojan to sniff. /shrug

Long time no see, MBox forums.

I recently tried to log into my BNet account to add a Diablo 2 CD-KEY, and had found that my account was gone. This concerned me as it had 7 WotLK boxes on it. I hadn't accessed it for around 1 year.

I called tech support and the guy was incredibly empathetic and helpful. He informed me all my accounts had had their 7-day free trials used up and were banned for accessing too many nodes in a given time frame (harvest botting).

He suggested I scan my comp with Malwarebytes. It found...........TROJANS!

I suggest you do the same to your comp. Good Luck with this.

Could it be possible that you entered the credentials of that account on another computer just once ?

For example, I know i've already logged into the official forums from work. And I also once checked something on the account management page for both my two accounts. I'm supposed to be the only one to use this computer at work but I guess I'd be screwed if any trojan was there for some reason.

scrub them FROM ORBIT!
It's the only way to be sure.

I've seen numerous people who were very cautious about computer security (and WOW security in particular) get hacked and not have a clue how it was done. It's one of the reasons that I got an authenticator. I'm pretty cautious and pro-active about my computer's security, but I no longer take for granted that I know enough to be safe.

Still, there could be other ways that these guys are getting this info. I can't imagine that it's due to Blizzard's own security, if these guys had access to that kind of information, I doubt that they'd be careful enough not to tip Blizzard off about it. If it *is* an inside job in any way, that could be catastrophic for Blizzard as a company.

In the end, who knows? The people who work to steal accounts have become ridiculously aggressive and seem to be using everything from the most basic social engineering to more sophisticated ploys. I get the feeling that if we ever understood the scope of what these guys are doing, we'd hang ourselves in distress.

Ok thanks to this and the many other threads like it ive finally broken down and bought an authenticator.

ARE YOU PEOPLE HAPPY? I swear there are blizzard reps on here hussling the product =P

I kid i kid. Anyways, I am pretty sloppy about security and I think if my b.net account got haxxored and people jacked all my stuff that id likely just stop playing, so yeah... was the right thing to do.

Anyways,

Good luck getting your stuff restored.

I had this happen as well. They illigally used a credit card to reopen my accounts, and got one of them banned. Make sure you get blizzard to cancel the Credit Card otherwise they may but a negitive balance on your account.

I also had not touched the account for months. I believe my account details had been sitting in cyberspace for close to one year before being activated.

Best thing to do when putting wow on hold. Get into a secure environment, ie Work PC's etc, and Change your password.

Two years ago this happened to me.

I know how it happened, I opened an email that was not from blizzard and they put a trojan on my computer. I had to wipe it completely to get rid of the virus. It was a key logger trojan that not only took my wow information, but all my banking information too, which they waited on for about three months then started going to town on that. It was quite a mess for awhile.

They hacked my four wow accounts, took all the gold off of 28 toons, sold all their gear and left them all naked. I was at least thankful they didn't delete any of the characters.

Blizzard was amazing, but slow. They were very helpful and sympathetic and their research took about one month of total time, but I got ALL my gear back and ALL the gold I had at the time, which wasn't much. It was helpful that I knew the exact hour the hackers struck, because I logged off. Tried to log in an hour later and all my passwords had been changed.

Since then I have an authenticator and only access WoW on my playing computer. I changed all my wow accounts over to a wow-only email account (and b-net).

I didn't want to lose my orignal email account because I've had it for over 20 years, so since the time of the hack, I get tells every day to my main toons from chinese farmers trying to sell gold and at least 15-20 emails a day from "blizzard". I just report them all as spam and never open them.

One thing Blizzard needs to do is what EQ2 has done. Allow you to turn off tells/whispers and all chat from anyone of certain level groups. In EQ2 I turned off everyone under level 20, so that I never got the spam in cities from gold sellers and the numerous level 1 toons they made over and over couldn't /whisper me any of their spam either.

Since this last patch I've been having crashes randomly with a DEP message. Data Execution Prevention... I've scanned and there's no virus or malware so I've been at a loss. Only thing new since this started was the patch and updating some addons off Curse. Never use their client- always manually install.

This is caused by a bug in the patch. Not to say you shouldn't be vigilante about virii, but in this case it is a memory leak that is overwriting some code and causing a jump to memory that is not supposed to be executed. There are about 3-4 major bugs in the latest patch, and this is just one of them.

- Souca -

Blizzard =/= Security I could not log on after last patch, tried all the "fixes" posted here and on Blue posts. Finally read someone saying it was their firewall software. Turned off my 3rd party firewall and on I went to play. I also have WoW loaded on a laptop. Can't play on it as the GPU sux but it will log on. Started Wow ON that, after the patch got the same cannot connect message. Turned off the firewall (same product on both) and off it went. On the Main system I did try to open the "Blizzard" ports with no luck. So until things are fixed I play WoW with no firewall. Blizzard =/= Security :D:D:D:eek::eek::eek:

Blizzard =/= Security I could not log on after last patch, tried all the "fixes" posted here and on Blue posts. Finally read someone saying it was their firewall software. Turned off my 3rd party firewall and on I went to play. I also have WoW loaded on a laptop. Can't play on it as the GPU sux but it will log on. Started Wow ON that, after the patch got the same cannot connect message. Turned off the firewall (same product on both) and off it went. On the Main system I did try to open the "Blizzard" ports with no luck. So until things are fixed I play WoW with no firewall. Blizzard =/= Security :D:D:D:eek::eek::eek:

Totally - Blizzard is 100% responsible for teaching you how to properly configure your firewall, thus they've got no security because you decided to turn it off completely in order to play games rather than take it as an opportunity to learn how to use your software properly. Players are _never_ responsible for the security of their systems. After all, the name of their company *is* "Blizzard Entertainment and Security Services of North America, Inc."

totally - blizzard is 100% responsible for teaching you how to properly configure your firewall, thus they've got no security because you decided to turn it off completely in order to play games rather than take it as an opportunity to learn how to use your software properly. Players are _never_ responsible for the security of their systems. After all, the name of their company *is* "blizzard entertainment and security services of north america, inc."

<3


.

Totally - Blizzard is 100% responsible for teaching you how to properly configure your firewall, thus they've got no security because you decided to turn it off completely in order to play games rather than take it as an opportunity to learn how to use your software properly. Players are _never_ responsible for the security of their systems. After all, the name of their company *is* "Blizzard Entertainment and Security Services of North America, Inc."
I followed their directions for opening the ports on the firewall. I saw that there was an issue and tried that "fix". It solved the problem, so did I do it wrong? Maybe, but others have the same problem? I never had to play with the firewall before this last patch. So I guess that would be my fault. Give me a fucking break :mad:

edit: After reading my post without that red rage in my eyes, I can see how people got confused, hell it doesn't even make sense to me. I meant every fix Blizzard posted was tried and failed.

Turned off my 3rd party firewall and on I went to play.

Turned off the firewall (same product on both) and off it went.

So until things are fixed I play WoW with no firewall.

I followed their directions for opening the ports on the firewall.

One of these is not like the others.

One of these is not like the others.

"One of these is just not the same."

I had a Capt. Kangaroo flash back.... made me lol.

I followed their directions for opening the ports on the firewall.


One of these is not like the others.
Taken out of context, I meant that I tried their fix for my firewall blocking WoW access. That fix did not allow me to connect.

Edit: Might be best if I just shut up and go to the corner for a time out.

I had all 10 of my accounts hacked, It was a trojan keylogger. Which I'm certain was from visiting websites for my rogue and researching info about dps etc in IE.

I got keylogged after reopening 5 of my accounts through account mgmt. 2 hours later the hacks started, and I woke up the next day cleaned out. Now, I have read that some of you had your CC info hacked, and they actually used it. What exactly did they use your CC on?

I'm quite sure they probably got my CC too since I entered it 5 times. They were in my facebook, from a location in Poland... Which could have been spoofed. But my CC it hasn't been touched in a month. I figured these hackers would stear from using that sort of crime, as its punishable in other countries, unlike hacking wow accounts.

Let me know, I may go ahead and say there stolen to get new ones.

Sorry to hear your loss, I would get the CC on alert at least and changed if it doesn't include other problems like automactic bill pay.
IE is your first mistake, a hack waiting to happen. Using one computer is always a problem, but you can prevent some things like keyloggers if you out smart them. Try a virtual machine and do not use that for WOW. Try linux. A live CD will stop some of the baddies. Get a netbook and use that for all but WOW.

I'm quite sure they probably got my CC too since I entered it 5 times.
I would strongly suggest that you report it and have a new number issued. It's not a major hassle to have your CC info stolen these days (assuming you have a card with a reasonable liability limit and good monitoring) but I don't think it's ever good to have that info sitting out there in someone else's hands. At the least, you can limit the damage that the CC company/bank is liable for, because over the long haul that increases costs for everyone.

Something that I found unsettling in my hack was that my notebook, which I formatted as part of my nuke from above clearance kept giving me an error when i tried to connect to my desktop using remote desktop, it kept telling me I had a connection already running. This happened both times I formatted the notebook, then unplugged it and pulled the battery, even the BIOS had it's date reset due to no power, then on the 3 rd format I disconnected my modem so that it would get a new IP and only then was I able to connect to the other desktop remotely after that fresh install. My suspicion is that the original trojan had captured the ip address of my network and so they were able to still connect to my machines remotely using some other hack.
ALL VERY SCARY

That would possibly be done using a hack attack using the nice little NSA port (port 60).

They can use that to download and edit your registry to add a run_once key that tells your machine to access a particular webservice and download the application at the far end and run it to register your new root kit.

From there they then have the capabilities to make a remote desktop request and connect to your computer.

The worst part is... that you never see a thing.

Taken out of context, I meant that I tried their fix for my firewall blocking WoW access. That fix did not allow me to connect.

Edit: Might be best if I just shut up and go to the corner for a time out.
Heh, BAD KITTY! NO COOKIE FOR JOO!

On a more serious note, if you tried opening the ports Blizzard specified and it did not fix your problems connecting, you either A) did something wrong, B) have something else interfering like a hardware firewall, or C) are using a really, really shitty software firewall like Norton's Internet Security, which has like 15 different "smart firewall" parts that sometimes tie together in strange ways causing things like RDP or file sharing to stop working when the parts that say RDP or file sharing are set correctly.

Norton.... /wrists /shotgun /C4enema

Heh, BAD KITTY! NO COOKIE FOR JOO!

On a more serious note, if you tried opening the ports Blizzard specified and it did not fix your problems connecting, you either A) did something wrong, B) have something else interfering like a hardware firewall, or C) are using a really, really shitty software firewall like Norton's Internet Security, which has like 15 different "smart firewall" parts that sometimes tie together in strange ways causing things like RDP or file sharing to stop working when the parts that say RDP or file sharing are set correctly.

Norton.... /wrists /shotgun /C4enema
you tried opening the ports Blizzard specified and it did not fix your problems connecting. This is true
a) can't be positive I did that right
b) why did it only happen after the patch?
c) I use Panda software suite, was very highly rated.

d) same result on both computers- one I played with the port settings; other I did nothing. Turning off Panda firewall worked on both computers

HOWZ ME GIT COOKEY?

Some firewalls cause more problems than they solve.

I too had an account compromised. the hacker had emptied my guild bank because I had access to all tabs, vendored all items except my gear (this I found rather odd because he kept the gear for my multiple specs).

I purchased an authenticator after this and I didnt even change the password. The next day I took the authenticator off of my account and waited to see if the account would be compromised again. (I am crazy like that) Well it never happened.

Me being the paranoid person that I am immediatly thought, "Inside job!" What's stopping a company from doing shadey dealings, such as faking a hacked account just to make you buy an authenticator, once they see you have one, they go to the next person. All items were restored of course.

Overview:

What does blizzard have to gain from compromised accounts? Sales in authenticators.

They have the information needed, the power, and a motive. And who is to say someone in the coorporate ladder couldnt be selling your account information to ammatures to "do the deed". Thus pushing you to purchase their new safety feature.

Highly unlikely, but hey it would be pretty hard to "catch" if everyone is so ready to accept that it could never happen. Maybe I shouldn't watch The Manchurian Candidate when drunk haha!

I have a feeling that there have been quite a few hacked accounts that led to people giving up the game. I just don't see Blizzard making a business decision to cause a huge amount of frustration to their players and risking losing subscription for the hope of getting a one time authenticator fee.

Well I mean, only they have access to those kinds of statistics*. If it worked out in their favor numbers wise, -shrug-

*You know the "why are you leaving me, i thought we were friends" survey you take when you cancel your subscription.

I too had an account compromised. the hacker had emptied my guild bank because I had access to all tabs, vendored all items except my gear (this I found rather odd because he kept the gear for my multiple specs).

I purchased an authenticator after this and I didnt even change the password. The next day I took the authenticator off of my account and waited to see if the account would be compromised again. (I am crazy like that) Well it never happened.

Me being the paranoid person that I am immediatly thought, "Inside job!" What's stopping a company from doing shadey dealings, such as faking a hacked account just to make you buy an authenticator, once they see you have one, they go to the next person. All items were restored of course.

Overview:

What does blizzard have to gain from compromised accounts? Sales in authenticators.

They have the information needed, the power, and a motive. And who is to say someone in the coorporate ladder couldnt be selling your account information to ammatures to "do the deed". Thus pushing you to purchase their new safety feature.

Highly unlikely, but hey it would be pretty hard to "catch" if everyone is so ready to accept that it could never happen. Maybe I shouldn't watch The Manchurian Candidate when drunk haha!


Quite a conspiracy theory lol. I think the hackers are doing a fine job by themselves to get players to use authenticators lol. I think if blizz wanted to sell authenticators they could just add it as a go forward requirement.

I believe it is simply a case that there is A LOT of money being made hacking accounts and selling gold, as I stated in my hack thread, the GM I dealt with that finally resolved most of my issues said that "there are between 2 - 3k accounts per day being compromised in the US and Australica alone" , now that is a serious amount of gold. The peon hacker is most likely being paid a few dollars a week and their bosses are making the big money, THIS IS BIG BUSINESS.

They have the information needed, the power, and a motive. And who is to say someone in the coorporate ladder couldnt be selling your account information to ammatures to "do the deed". Thus pushing you to purchase their new safety feature.




Why in gods names would Blizzard resort to something like this for a $6.50 per keyfob or $1 per mobile, most of which they don't even see as profit. Every hacked account costs them far more in terms of canceled subscriptions and man-hours for research to find out where the gold and items went, restores and customer service to deal with the hacked customer and customer service to deal with the spam/hack complaints about the compromised account. And that doesn't take into account the potential for multiple account loss in situations where one person gets compromised and quits, so other friends or family members quit, too.

If Blizzard wants to make money for nothing, they release a new vanity pet or mount or something through the store, they don't hack their customers.

I can see how that might lead you to believe you're not the one in error here but if there's one thing I've learned over the years, it's that hackers are an ingenious lot. I know it's hard to believe but the alternative theory goes beyond the pale. I just cannot fathom that Blizzard has some security hole where accounts get hacked regularly for 5 years and NOBODY has found out about it yet. It would not be a normal hack, either, because they're not entering your logon/password for any trojan to sniff. /shrug

If Bliz had been hacked, you think they'd be announcing it? Besides, it doesn't even need to be a "hack" since their customer service folks probably make nominally more than minimum wage, the class of folks working there is probably lacking.

The thing people forget is that you aren't asked for an auth code when you try to log into the wow forums, passwords are case-insensetive and there is no limit to the number of login attempts you can make.

All the hackers need to do is get a list of email addresses, feed them into a bruteforce password generator and throw each attempt at the wow forums until they find accounts that log in. They take that list and try to log into the account management and if there is no auth attatched then your account is now theirs.

To an extent Blizzard is at fault for their design decisions on passwords and forum log-in (eg limit it to 5 login attempts before blocking the account until user action, making passwords case-sensetive would increase time to crack etc) but there is almost no excuse for anyone to not have an auth attached to their accounts by now given they can be gotten either as phsyical or phone/ipod apps

[edit]
TBH, if I were in charge there I'd make having an auth mandatory along the lines of the change to battle.net logins

All the hackers need to do is get a list of email addresses, feed them into a bruteforce password generator and throw each attempt at the wow forums until they find accounts that log in. They take that list and try to log into the account management and if there is no auth attatched then your account is now theirs.



THIS

I recently had my account compromised, and it occurred to me after I swept my computer 50 times, finally reformatted it, and started it all up again - that battlenet is the dumbest thing on the planet, and that the way I use that computer, the chance of it being compromised through my actions were approaching zero.

Why in the hell, is my EMAIL ADDRESS my login name? Does that just not seem like an absolutely awful idea to anyone else? I mean, half of my login information is almost compromised by default - if you have your email visible to people on ANY wow forums, make it invisible now.

How hard can it be to go to gmail.com, make another email that does not contain any references to your name, use that one for either wow or for forums and set it to forward all to your main email address.

What I do is:

gmailaccount1 for forums i like/trust
gmailaccount2 for randomsites that require me to login
gmailaccount3 for msn
...
those are all forwarded (and emptied right away) to
gmailaccount4 which is like a collector,
gmail4 forwards to my main emailaddress

they all have crazy passwords that i dont have to remember since i never log them in
if they would hack one of the emailaddress, the tier system makes it such that the rest of my 'accounts/data' is not compromised

Following my hack, I changed my email address to a wow only address, the email is dedicated to my battlenet account and not used for anything else. I use Outlook and so just collect the email from it in the same way I get any other email but never use it for sending emails. The only issue I have with this setup is that legit gm emails got caught by gmail spam filers and so I had to add it to my safe list.

I agree that having battlenet as an email address does increase the chance for the regular user to get hacked, and in fact may have been a contributer with my old email which a month before getting hacked started to get a lot of random spam emails which I presume was caused by a forum or some such sharing that email with someone else and so got me spammed.

My real issue for those of us that chose to combine all their Wow accounts under one Battlenet account (pretty much the way Blizz wanted us to and designed it to work) have everything exposed once that single signon is compromised, THAT SUCKS!

How hard can it be to go to gmail.com, make another email that does not contain any references to your name, use that one for either wow or for forums and set it to forward all to your main email address.

What I do is:

gmailaccount1 for forums i like/trust
gmailaccount2 for randomsites that require me to login
gmailaccount3 for msn
...
those are all forwarded (and emptied right away) to
gmailaccount4 which is like a collector,
gmail4 forwards to my main emailaddress

they all have crazy passwords that i dont have to remember since i never log them in
if they would hack one of the emailaddress, the tier system makes it such that the rest of my 'accounts/data' is not compromised

While I totally agree this is a good idea, and I will in fact change my email and probably steal this idea, why do I have to go through this bs? What was so hard about just having a login name, that had absolutely nothing to do with anything?

Add to that the fact that blizzard doesn't ship authenticators to the country I live in, so your suggestion is the closest I'll get to an added level of safety.

While I totally agree this is a good idea, and I will in fact change my email and probably steal this idea, why do I have to go through this bs? What was so hard about just having a login name, that had absolutely nothing to do with anything?

lol don't shoot me, i might be a blizz customer but i didn't design their system, nor can i answer in their place


Add to that the fact that blizzard doesn't ship authenticators to the country I live in, so your suggestion is the closest I'll get to an added level of safety.

Well there is another one, but then i'm going to repeat myself and most people find that out of the question. However the link can be found in my signature.

Now, I have read that some of you had your CC info hacked, and they actually used it. What exactly did they use your CC on?

They didn't use my credit card for a few months. Then suddenly it was being used for purchases around the $50 dollar range... daily for about a week before I noticed it.

Called my bank got it closed that day and got the forms and was reimbursed all that I lost which was about $250 total. Took some time though before I got the money back.