Blizzard: Battle.net account theft increase normal, hacking not issue

By on May 22, 2012, 4:00 PM

Blizzard has responded to the recent upswing of stolen Battle.net accounts since the release of Diablo 3. Although critics might be tempted to point the finger at Blizzard's security, the game company says that every complaint it has investigated has led to a single conclusion: the thief had the user's password.

Although the true origins of recent account intrusions remain a mystery, it is safe to assume the usual suspects have been at work: phishing, untrustworthy third-party software and poorly protected passwords. Battle.net has had a long history of routine account thefts, most notably through phishing attempts and keyloggers. Blizzard admits that with the release of any new game, there is always an increase in compromised accounts and that's exactly what they expected.

We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. Historically, the release of a new game -- such as a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III.

Source: us.battle.net

Blizzard provides a detailed security checklist on their website and offers a "Help, I got hacked!" page for less fortunate Battle.net users.

If you're concerned about the safety of your Battle.net account, consider the following:

  • Install a virus scanner, if you don't have one already -- I recommend the free and well-regarded Microsoft Security Essentials.
  • Get a second opinion. Scan your computer for malware and viruses with a scanner other than the one installed on your PC -- Try ESET's or Kaspersky's online scanners.
  • Once you're clean, change your Battle.net password -- make sure to include numbers, capital letters and symbols for maximum protection.
  • Use a Battle.net account authenticator. You can download the Battle.net Mobile Authenticator app or actually buy a physical dongle (really) here for $6.95.
  • Sign up for Battle.net SMS Protect.
  • Don't store your passwords in a Word document or share them with anyone.



User Comments: 17

Got something to say? Post a comment
ikesmasher said:

its true, and although they should be taking as many measures as possible to prevent it, many times there is some way to get past the system. I mean, look at the XBL accounts getting stolen, using something to do with fifa 11.

psycros psycros said:

I get WoW phishing emails almost daily but I've never even <b>heard</b> of anyone getting a DIablo-themed phish attempt. I call BS on that excuse. Meanwhile Wal-Mart has quietly pulled every copy of Diablo III from their shelves because people are just opening the boxes and getting the codes, and then going home to download a pirate copy. The real money AH will insure that Diablo III is the most criminally infiltrated game in history.

dennis777 dennis777 said:

<p>I get WoW phishing emails almost daily but I've never even <b>heard</b> of anyone getting a DIablo-themed phish attempt. I call BS on that excuse. Meanwhile Wal-Mart has quietly pulled every copy of Diablo III from their shelves because people are just opening the boxes and getting the codes, and then going home to download a pirate copy. The real money AH will insure that Diablo III is the most criminally infiltrated game in history.</p>

their are no pirated copy since you can download the installer on the Blizzard server itself. noob

avoidz avoidz said:

Please don't ever redesign your great site like Ars Technica just did. I love that this design is pleasing to look at, use, and is quick to respond.

Marnomancer Marnomancer said:

avoidz, it'll probably be nice of you if you make it clear who you are addressing.

I'm happy assuming it's TS.

Kibaruk Kibaruk, TechSpot Paladin, said:

Dudes... blizzard offer authenticator and sms lvl security, besides your password protection, if someone gets hacked is because they are 1) too lazy to set up the security lvls, 2) they just leave everything around and click on every mail they get into their spam folder.

Camikazi said:

<p>
<p>I get WoW phishing emails almost daily but I've never even <b>heard</b> of anyone getting a DIablo-themed phish attempt. I call BS on that excuse. Meanwhile Wal-Mart has quietly pulled every copy of Diablo III from their shelves because people are just opening the boxes and getting the codes, and then going home to download a pirate copy. The real money AH will insure that Diablo III is the most criminally infiltrated game in history.</p>
</p>

<p>their are no pirated copy since you can download the installer on the Blizzard server itself. noob</p>

Well it might not be pirate but it's not 100% legit when you steal the activation code without paying for the software.

Marnomancer Marnomancer said:

Dudes... blizzard offer authenticator and sms lvl security, besides your password protection, if someone gets hacked is because they are 1) too lazy to set up the security lvls, 2) they just leave everything around and click on every mail they get into their spam folder.

I'd add too-obvious passwords, and leaving passwords on stickies to their desks to that list.

Guest said:

I get WoW phishing emails almost daily but I've never even heard of anyone getting a DIablo-themed phish attempt. I call BS on that excuse. Meanwhile Wal-Mart has quietly pulled every copy of Diablo III from their shelves because people are just opening the boxes and getting the codes, and then going home to download a pirate copy. The real money AH will insure that Diablo III is the most criminally infiltrated game in history.

Well, seeing as how you use your BNet password to log in to both.....I'm pretty sure you can do the math on that one, right?

NTAPRO NTAPRO said:

Lmao I hate emails like "Your Blizzard account has been stolen" I don't even have one but get emails all the time :|

treetops treetops said:

Id like to note the phone authentication is free and the sms protection.

9Nails, TechSpot Paladin, said:

I used to get a lot of emails that my Battle.net account needs to be verified, has been stolen, etc. The links would go to a fake site, which had the exact look of Blizzard website, but in different domain name. I used this email account for family to get a hold of me. Nobody else knew of it.

This leads me to believe that someone farmed email addresses from Blizzard.

Once you know the address, it's just a matter of guessing passwords.

Since then, I've changed my email address with Battle.net, and I've not had a single spam mail.

I really do think that Blizzard was hacked, and they're not admitting it. I don't know of any other way someone could have guessed that the one email account that I had linked to a Battle.net account a valid login to their services.

Kibaruk Kibaruk, TechSpot Paladin, said:

I used to get a lot of emails that my Battle.net account needs to be verified, has been stolen, etc. The links would go to a fake site, which had the exact look of Blizzard website, but in different domain name. I used this email account for family to get a hold of me. Nobody else knew of it.

Are you serious? They just spam whatever mail they see any-and-everywhere! Since you made a new mail you don't get spam cause it has not yet been used on any of the spam saving sites.

9Nails, TechSpot Paladin, said:

Are you serious? They just spam whatever mail they see any-and-everywhere! Since you made a new mail you don't get spam cause it has not yet been used on any of the spam saving sites.

I have over 10 email accounts. Some for business, some that I only use for registrations, and some for private use. Many are on Google. The chances that they guessed to spam that one account linked to Battle.net is next to nil. It was targeted. I've never seen a Battle.net spam on any of my other email accounts.

treetops treetops said:

I have a account without a wow account attached to it that also gets wow phishing emails. The sad thing is its probably because I had to sign up for a site to download a addon. I haven't played in forever but I had like that boss helper addon and dps meter thingy. I thought those sites were legit but looking back....

Guest said:

someone used my credit card to buy games on this web site, that was unauthorized. I have been trying for a week to call these people to ask who this person is that used my card .The automated teller keeps saying all lines are full, try back later. What happened to me is fraud and I want everyone to hear what I am saying, so this will not happen to you! Why are ALL lines FULL every hour of everyday? What kind of company/scam are they running?

Guest said:

I've had a Battle.net account for years with StarCraft II, so when my kids got me Diablo III for fathers day, I thought nothing of adding that to the account.

I've never shared my login info, I've never clicked on a phishing email.

But someone sent in to change my account to their email address, before I had set up the SMS as I'd planned.

Played one day, next day login not working, right after a patch downloaded.... hmm thought maybe it was the patch.

Checked things out and found the email that was telling me 18hrs ago the change was made to new email xxxxx@hotmail.com (not my email either)

So now how do you fix it? I called the 800 number, they are full not taking anymore calls, so they refer you to create a ticket.

YOU CAN'T Create a ticket, because the account no longer lets you log in! It's and endless loop, every link comes around to calling or ticket system.... the only hope I have now is I forwarded the email to hacked@ email address and hope they respond, been 2 days nothing yet....

Not sure if I can get a refund on D III but - that's really what I'd like to do at this point. I'll just wait for SC III and get the SMS before any play time...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.