I am about sick and tired of Blizzard's unsecure crap. So I haven't played a Blizz game in some time but have had access to the new BNet since its inception. Over the last year I have occasionally updated my comp specs and made sure my beta opts were still checked. So I see this thread in the forums by "blue" about updating your spec's for the D3 beta as they changed the scan program and it now gathers more info. Okay fine, so I do it yesterday.

This morning I get this thing come across google mail stating my email had an attempted hijack and I checked the ping, sure enough overseas china etc... Well I had my Bnet setup with the same pass and forgot as I change it often and it is alpha/numeric and usually 8-16 characters long. I never get hacked, hijacked, etc...

So I change my goggle mail pass and I figure it has to do with Bnet because of the most recent change. I go to bent change the info and opt in for the security option that through text on my phone. Well now I just get an email from Blizz stating I requested a password change and if I in fact did not, to ignore the message.

How the heck does Blizzard expect to keep their RMAH safe, and ever other aspect of their stinking network and game (s) when this crap seems to be rampant and has been for years now? So now the new Bnet is not even safe. I don't get this with any other game or company.

It upset me so much I had to rant. Bahhh makes me want to avoid Blizzard all the more.

I have a friend who plays WOW, he is a guild master of a guild, but he has also got many hack attempts, even with a authenticator attached, he gets hack attempts a lot, so do other people, there are widespread hacks for SC2, he plays that too, he says you know when you play a cheater/s as there is a brief pause right at the star of the game, as they can hack the game and add loads of resources, there are map hacks that allopw cheaters to see the opponents bases, as he played a game with a few others, and they all concentrated on one thing, land, Air etc, and the opponents new exactly what forces to send to each base. there are other times when he plays, and one is gathering just resources which another builds only factories (and wall themselves in), then after a certain time, the person how is gathering the resources transfer to the resources over to the other player and quits, then the one with the factories pump out loads of units, and with such a heavily fotifaied base, he is pretty much untouchable

this is happening more and more, and blizzard don't do anything, they don't touch bots in WOW, as my friend reports loads of farmers in that and they are still there many weeks later, and its the usual BS from a blizzard GM

so blizzard saying bots and cheaters are a thing of the past with Bnet 2 is a complete and utter load of BS, as there are loads of bots and cheaters, so there will be bots and cheaters in D3,

but as for the hacking / hacked accounts, blizzard will always say, account security is up to the player, I thought they were going to make authenticators mandatory? and there was a similar post on Bnet, and I don't think they will, as some suggested that one should be included with D3, but I don't see that happening. so overall, account security is a problem, and Blizzard aren't up to the task of protecting them, as they always give the same old attitude everytime, so yes as there is now real money involved, the security will need to be raise, otherwise blizzard will get lawsuit after lawsuit, but blizzard can say, and will saw, its up to the player not us to protect their accounts, this has always been blizzard's attitude, and again now there is real money involved, its going to get very messy and other reason why I'm utterly against the RMAH, as blizzard won't care if peoples accounts get hacked, they won't care if thousands of dollars are taken, again they just say their usual BS and that's it

you do raise good points and its something that does concern me, I think ever since they made it that all their games,, including wow is under one master account, is why things are so bad with hacking, and its going to get much worse, much worse

My brother got an email from them a few months ago that was an online receipt for World of Warcraft: Wrath of the Lich King directly from them. He did not purchase this, nor does he have any sort of payment method set up to his account as he only used pre-paid cards from retailers. He went to Battle.net to see if this was just some kind of spam or something, and sure enough, he had a copy of Wrath of the Lich King on his account, which he never had before. We had no idea why he got this, as it wasn't a gift or anything like that since he hadn't played on his count in like a year and half prior to this incident. So he was just like, "Oh well, don't care, I guess I got a free game." A week later he had gotten an email from Blizzard saying his account was banned or something along those lines for selling his World of Warcraft account. Again, this was an account he hadn't used in about a year and a half, he played Starcraft 2 on this Battle.net account, but not World of Warcraft in recent time, and didn't plan to anytime in the near future, so he was just like "Oh well, don't care, I don't play WoW anymore anyway."

Also to add to that, I'd get the occasional email from Blizzard or Battle.net saying my account is suspended for whatever reason, I usually ignore them because I don't play Blizzard games much anymore, most recent being Starcraft 2 and that was around its release. Also I did what you did, changing password on email and Battle.net account, making it more secure with the text message option, I don't know, maybe a few months ago and I haven't had any of those emails since.

Yeah, Blizzard needs to work out their security. Maybe it's because their such a high priority target being so popular so they receive bigger security threats.

A week later he had gotten an email from Blizzard saying his account was banned or something along those lines for selling his World of Warcraft account.

All these emails are fake. They are not from Blizzard, but from scammers.

I get tons and tons of those emails (most are automatically deleted by the spamfilter anyways), and they all aim at having you login at a fake site (that only looks identical to bnet) so they get their password.

I have 4 email-adresses, and I get those scam-emails to 3 out of that 4 email-adresses on a regular basis. The funny thing is, the only email-adress that does not get these scam-emails is the address I used to register on the battle.net. So the only address that Blizzard knows, is not getting those emails, but all other my emails get them.
Those scammers use random email addresses - any they can get their hands on.

That's exactly how most WoW accounts do get hacked - people are tricked into giving away their passwords. And that's why there is an authenticator. The only thing that authenticator helps is, that if you give away your password accidentially, the scammer still can't login to your account.

If you choose a secure password, and never give it away - an Authenticator should not be necessary. There's many secure sites out there in the web, which don't need an authenticator to be secure.

There's nothing blizzard can do to secure the battle.net against people who give away their passwords to fake sites.

I haven't play WoW in a long time, and I also receive WoW phishing emails once in a while. They are usually just text, whereas Blizzard always sends out gorgeous HTML emails with their art. Once in a while I'm getting curious and click those links (feeling safe as I'm using NoScript (https://addons.mozilla.org/de/firefox/addon/noscript/)), but I always get an alert in my browser ... so I'm wondering how people can fall for them.

I get tons of e-mails form Bnet. stating that I got hacked or that I requested a password change. Only funny thing is I have never had a Bnet account, ever.

Just ignore those spam e-mails.

Yea the problem here is guys that I didn't get a phishing email and I have not been anywhere were I could remotely think of being key logged. This didn't happen until I downloaded and re-ran the blizzard scanner for my sys specs. I haven't played WOW in a long time and I am quite aware of phishing mail. I am also very leery about sites I go to and keep a clean system.

I am certainly not saying I am void from having an occasional virus attack, java hijack, etc.. it is not common with me but then anything is possible no matter how safe one is when we simply connect online. This problem didn't occur until I updated BNet information however. The time frame also points to BNet.

I never get phishing mail for my old WOW account either. Let's just hope the problem is resolved with the password change and the authenticator now. I have run several security scans on my system and have found nothing either. I run as secure a browser as I can and I don't accept cookies, etc... without my permission. I am quite convinced it came from logging into BNet.

sry for my off topic post ... that was what I had to say ;)

Some weeks ago I wanted to access my WoW account, but was asked to create a BNet account for that - WTF! ... I left it at that.

yes its mandatory that all WOW accounts get merged with the new Bnet 2 system, again not really a fan of that, and now that everything is under one roof so to say, this is where the problems lies, once someone is in, they have access to everything, to me this is a bad move, and should have kept things seperate

But if the attacker got your password - which was identical to your gmail password, the attacker could have just logged into your account normally.

No need for any sort of hijacking whatsoever.

I don't know what exactly google warned you about - but when it comes to logins to online accounts, the only thing that I can think of, is session hijacking / cookie hijacking.

That means you login on one computer, and then some other computer tries to use the same session (without logging in anew).
This can also happen if you stay logged in on two computers simultaneously - and use them alternately.

The core principal of this is, that user logs in himself, and the attacker than takes over the logged in session (hijacks it).

So the attacker cannot have had the password (because no hijacking would have been needed than).

So, how can an attacker get to your session id (which he needs to able to hijack you)?
Mostly this is dann by XSS (cross site scripting), which means through javascript.

For that to happen through the bnet (or the system spec checker), the battle.net homepage or the checker would have to have been infected by malicious third party code... Even if that was the case, they still couldn't access your gmail session id, even if you were logged in into gmail at the very same moment. (Well... maybe there is some security hole in IE which makes this possible somehow... but afaik this isn't possible with firefox or webkit...)

The whole scenario seems rather unlikely to me.

When you get those emails, make sure they're actually from blizzard. I've received a few phishers and other emails from "blizzard" that were actually NOT from blizzard.

I don't click on any links when I get any kind of email, either legit or otherwise, this goes for everything, unless I'm 100% sure I know where the link is going to, but I rather use my browser to go to the site, (blizzard site or other official site)

its good practice

If you go under Chrome tools you can get a journal of pings and IP logs to your account. It's not an email or anything its actually part of Chrome. Shortly after doing the Bnet2 ordeal, I received a warning through chrome with suspicious activity which you can set and access through Chrome tools, etc.

I didn't realize that I had accidentally switched my Bnet password to the same thing as my email account password several months back. However, I never had an issue (I'll state again) until I logged into Bnet, downloaded the new analyzer and uploaded my new specs. Now its obvious the only reason I found about this was the fact that the clown who did it checked my email to see if it was the same password or I would have never figured this out to begin with. So he/she logged into my Gmail account one time only obviously looking for mail or whatever pertaining to Blizzard I imagine.

Changing my email pass and my blizz pass (obviously not the same pass this time) seems to have resolved the issue so far. But I know without a doubt that the issue started upon logging in and doing what I did on Bnet.

All these emails are fake. They are not from Blizzard, but from scammers.

Sure, but the one my brother got about his account being banned was legit. His WoW account is actually banned, not that he cares or anything because he doesn't play it anymore.

Yeah, no links were involved in that email. I also never follow links on emails of the suspicious nature. Hell, I have little to no security set up on my computer, because I don't need it. All they do is just hog my computer's resources. I'm quite aware of what can harm my computer so I just avoid those things.