On Episode Five of the Multiverse we discussed the impending decision by Blizzard to make their key authenticators mandatory. Our general feeling is that this is more of a cash grab than anything that benefits the players. Charging extra for these things and making them mandatory seems to be evidence of that. The justification for it is that Blizzard is spending a lot of money dealing with hacked accounts. If this is the case and the authenticators did make a difference, wouldn’t it benefit the company to give them away for free? This would reduce customer service costs and ultimately save money. Why charge for that?
The issue here is that Blizzard wants to sell peace of mind for an additional cost. They tell players that with this token your account will be completely secure (I was told 100% success rate) and that just isn’t the case. In the event you’re unfamiliar with how tokens work they add an extra level of security but are not hacker proof. Both the server and token generate a code at set intervals and when you enter them they need to match. It is a daunting task for the average hacker to break that but it is far from impossible. They will do a lot to stop someone from just grabbing your password and using it, though. Please don’t think I’m saying these are less safe than your account is now. They absolutely are better.
What makes this whole thing interesting to me, though, is that a friend of mine who plays WoW contacted me on Sunday to ask if I had logged in. I haven’t played WoW in over a year or two. I’ve not logged into the account page, registered anything, or interacted with Blizzard in any way. I’ve also never shared my account information and, had I, my account is now the Battle.net flavor so that original name is worthless. That leaves me to ask how someone got my account information to log me in, then? Blizzard claims it is mostly due to phish and social engineering. In my case that is impossible. That leaves me to question how secure the server side is. It is a lot easier to just sell an authenticator and claim it will be better than to take responsibility. At some point someone had to get my account name to try and brute force their password.
The worst of this is that I can’t even log into my account to change my password and check. Each time I try to do so on the website it asks me for my authenticator number. I have no intention of spending money just to see whether or not my account was hacked. I wonder who else will feel that way? This authenticator is now a new barrier to entry in the game that pioneered not having any barriers! It seems like an interesting change of direction. It has also ensured that I won’t casually pick the game up again. It is now a hassle and I don’t really want to wait on an authenticator to arrive when I feel like playing WoW again.
At any rate I am curious about how my account was hacked. If you happen to be the perpetrator please let me know! I swear I won’t turn you in or divulge your identity. I would just love a juicy story if you got the data server side!
(Update: 20Jan2010) My account was indeed hacked and the “new owner” purchased an authenticator for it. I called Blizzard to sort it out and really have to say their customer service was amazing. They were US based, helpful, polite and generally personable. Getting my account back was really quite easy. The representative did send me an email though which politely suggested ways for me to be more secure. As you might guess they all involved phishing and social engineering and in my case we know that wasn’t how my account was compromised. I was also told that if you have an iPhone the authenticator is free. You can authenticate with it. I got the app and tried it out. After all, I do want to keep my Battle.net account for Starcraft II and Diablo III. It works well and didn’t cost me a dime. I find it interesting that I’m subsidized but those without the phone are not.
At any rate I want to say I still think the authenticators are a sneaky way to lower Blizzard’s costs and make some more money on the front end. They’re a barrier to entry and pretty annoying. That said, huge props to Blizzard for customer service. I now get to log into the account (which has a 7 day WotLK trial) and find out if my gear has all been sold off!
All characters are © 2007 - 2010
Wow, this is really something. I’m really intrigued to know how they’d go about getting your information unless they were to brute force your password after getting the account email some other way. Have you logged into that one at all? I’m also surprised they’d put an authenticator on the account. That’s a tricky hacker. It makes me wonder if they weren’t planning on keeping your account for some reason, maybe as a gold mule.
I did log in last night. None of my gear was missing but I didn’t have any money. It might be in the vault, I didn’t check (not really concerned with currency). According to my friend they actually went out and got a few achievements for me. I believe the account was sold to someone. At any rate, they’ve lost it now.
I’m still interested to know how they got my account data though. The usual cries of “it was the player” just don’t apply here.
When this happened to me, it was because the email account I used was not secured. I’m pretty sure it went like this: someone broke into my hotmail account I use as a throwaway address, probably searched for WoW info, and found one of the old CS emails I had there. WoW’s CS emails helpfully give your account name, so they just reset my password and got access.
I’d double-check the email account of record you have with WoW. Change the password to something more secure.
Hope this helps.
That could be it for sure. I’ll have to check the original account. Now if they will just unban me!
Pingback: And then they baaaaaanned me! « Epic Slant – MMO Design and Guild Leadership
i had the same problem my account was hacked because i stopped playing wow for like a month and when i tried to log on it asked for the authenticator code any ideas on how i can get it back
I had to call Blizzard and prove the account was mine. That is your best bet.
I tried to call blizz about this problem…. it’s been telling me all day that their hold queue is full and to try back later… I’d rather hold for 3 hours then keep trying to call..
this sux