new hack involving un-merged (bnet) accounts

[Ughmahedhurtz]

Your arguments don't pass the smell test.

Skip to the bottom for the TL;DR blurb.

Before the "Blizz can't be hacked" band wagon jumps on board.

along with the majority of users in the mob mentality that believe blizzard is the only company in the world that can't be hacked

These sorts of "if you don't agree with me you must be stupid" editorials do not reinforce your point. They simply make you look like a royal asshole who thinks he knows better than anyone else. Furthermore, misrepresenting peoples' arguments via the strawman fallacy also makes you look like someone who's trying to bullshit your way to a bigger e-Peen or influence someone else's opinions and/or behavior for personal gain.

There are a large number of accounts (with and without authenticators) that are canceled/frozen that are being enabled and used by gold farmers. They are using these account to pillage your belongings for gold, and if you have 80s, they are farming them out or transferring the toons to sell. They use stolen credit card info and game cards to reactivate the account. The email address that was tied to your account may not be hacked, but it will be on their list and you may or may not start getting spam

Blizzard will tell you that your account was compromised and its all your fault, you must have logged into a Trojan infected PC with your account info at some point in your life.

These are facts we have all known for quite some time now. What I'm not seeing is what bearing they have on who the "enablers" are if, as you claim, it's an inside job.

you may or may not start getting spam that is identical to blizz's own account info emails that a person normally can get, and the only way to tell them apart is to trace the IPs of the email servers the message came through.

Uh, unless you're seeing something the rest of us aren't seeing, there is ALWAYS a way to tell the emails apart. Or do you have an example email that is a perfect forgery except for the originating IP/sendmail server? It might be worth noting that most of the "spam" emails you get (even the forged ones) are the kind of emails that direct you to a link to a server that is either A) hosting a trojan or B) hosting a fake logon server that saves your login credentials for later nefarious usage. I have yet to see a single email that was a perfect forgery of a blizzard email because there is absolutely no money to be made in telling you to go to the official site and login to verify your account.

I honestly believe after several weeks of research that there are one of two things going on here.

Weeks of "research," eh? Care to share your methodology and empirical data? Otherwise, it's just an opinion. Possibly a well-informed opinion but we really have no way to know that based on you having 9 posts here and providing no correlating data.

1. Someone (or a group) in Blizz's customer service department is compromising the accounts or selling the info.

2. Blizz's authentication servers have been compromised.

I really think option one is what is happening. A lot of the accounts I have looked into have been in canceled or frozen status or recently canceled with game time still left active. Only someone with access to customer service could know this info, a hacker would have to guess your security answer after brute forcing your password. Someone at customer service can also easily change your password as well.

Did you really think this through? Why would someone need your secret answer? I've changed credit cards and passwords several times, and even changed my mailing address of record and I never ONCE had to provide my secret answer. Including when I merged accounts and added/removed my authenticator. The only time you need it is when you're attempting to recover an account. If you already know the password/authenticator info (which advanced trojans can easily get, without your knowledge, regardless of how secure you think you are), you can do just about anything you'd like to an account.


TL;DR = nothing new to see here. If you ask a better question rather than jump right in with the BS, you might get some folks to explain why your two possibilities (only two, right? Not more than two, surely) have been rather exhaustively debunked. There are other possibilities but I'm just one of the mob mentality so I might as well not even bother, AMIRITE?