Looks like my blizzard account was just hacked so I won't be playing Starcraft 2 anytime soon. I know I saw a suspicious email that came from a blizzard domain, but said I got into a cataclism beta for WOW. Looking at the mail it was some blizzard url that redirected to some other domain. I clicked it, but didn't actually enter in any data at anything other than battle.net.

Did blizzard just get cross site scripted and then they stole my password? What kind of stupid shit is this. What a stupid security hole to have, and as I understand it I will not be able to access my campaign save game until my password is restored, shit!

Anyone else get hit by this?

http://img836.imageshack.us/img836/7425/dsc09664.jpg

Lol...those fake emails are notorious, I used to get them every day. My WoW account actually got hacked a month ago and I hadn't even played for a year. Somehow they got my info and reactivated it. I have it back now...don't bother trying to call Blizzard, email them or post on their customer service forum.
The emails aren't the result of Blizzard being compromised. If you look at the real origin it's always from a Yahoo or Hotmail address. The links in the email might look like "http://www.battle.net/account" or whatever, but if you put your mouse over them you'll see the true address down at the bottom.
You also don't actually need to enter any info, some of those sites secretly install keyloggers that steal your account info when you log into the game. Most of it originates from China where they're constantly trying to make new ones that cant be detected so I reinstalled Windows just to be safe.

While I expect a little bit of blame heading my way I actually know my way around internet security and antivirus, and it hasn't struck me that I did anything that would disclose my information, that at least has my a little frazzled about this.

@randir14, Thanks for the helpful response, I've emailed there tech support and I'll see how that all turns out. And I figured that I can play in offline mode if I can live without getting achievements (which feels harder than you'd think).

I checked out the email headers, you were right, it was a hotmail account, crazy to thing that they would have the UI misinfrom the user so. I thought I looked at the advanced options which would have shown me the true sender address.

Here was the link that got me https://us..battle..net/login/en/login.html?ref=https%3A%2F%2Fus..battle..net%2Facc ount%2Fmanagement%2Fbeta-profile..xml&app=bam
(I added the extra periods to make sure no one hits it by accident)

Looks like my blizzard account was just hacked so I won't be playing Starcraft 2 anytime soon. I know I saw a suspicious email that came from a blizzard domain, but said I got into a cataclism beta for WOW. Looking at the mail it was some blizzard url that redirected to some other domain. I clicked it, but didn't actually enter in any data at anything other than battle.net.

Did blizzard just get cross site scripted and then they stole my password? What kind of stupid shit is this. What a stupid security hole to have, and as I understand it I will not be able to access my campaign save game until my password is restored, shit!

Anyone else get hit by this?

You probably have a trojan on your computer now, if you use your computer for online banking or have used it for online shopping you better watch out because they probably got that info too. Run Hitman Pro 3.5 and Malwarebytes' Anti-Malware to clean your computer and change your passwords ASAP. For the record, all those e-mails conceal the actual url, and hyerplink you to an infected site or file, so the next time you log-in they steal your info even if you have an authenticator. Never click on links from e-mails that are supposedly from Blizzard. Go to Battle.net and log-in there, and info will be shown there. Also they will always refer to you by name "Dear Bob", never as "Dear Customer" or any variation thereof.

Lol...those fake emails are notorious, I used to get them every day. My WoW account actually got hacked a month ago and I hadn't even played for a year. Somehow they got my info and reactivated it. I have it back now...don't bother trying to call Blizzard, email them or post on their customer service forum.

If they reactivated your account be sure to mention that to customer support, usually they pay for it with a compromised Paypal account or a stolen credit card number, and once the legitimate owner of the account does a charge-back they will stick you with a bill for the now unpaid game time the hackers used.

If they reactivated your account be sure to mention that to customer support, usually they pay for it with a compromised Paypal account or a stolen credit card number, and once the legitimate owner of the account does a charge-back they will stick you with a bill for the now unpaid game time the hackers used.

They used some kind of free month reward I apparently had on my account. I'm just taking advantage of it now until it runs out. Not going to sign up again until Cataclysm comes out.

Don't sign up ever. You're welcome in advance.

You probably have a trojan on your computer now, if you use your computer for online banking or have used it for online shopping you better watch out because they probably got that info too. Run Hitman Pro 3.5 and Malwarebytes' Anti-Malware to clean your computer and change your passwords ASAP. For the record, all those e-mails conceal the actual url, and hyerplink you to an infected site or file, so the next time you log-in they steal your info even if you have an authenticator. Never click on links from e-mails that are supposedly from Blizzard. Go to Battle.net and log-in there, and info will be shown there. Also they will always refer to you by name "Dear Bob", never as "Dear Customer" or any variation thereof.

Thanks, I'm looking into those programs right now. Just in case.

I am pretty good with internet security but so is one of my friends who recently got hacked.

I ordered an authenticator right away. It is a bit more of a pain in the ass, but for $7 why not just add that extra layer of protection?

I wish I had an authenticator for a bunch of my other regular online locations, like my online banking or eBay account. Even that one extra step of protection is the difference between a wooden boxcar racer and a Lambrogini.

Funny world when WoW has more effective security than any online bank :P

Funny world when WoW has more effective security than any online bank :P

Thats because there is more money to be made from your WoW account than from your empty bank account. ;)

Which is why I have Roboform on my browsers and different passwords for all my password sensitive stuff. I also was hacked when I found out my account was compromised (Thank god I got lucky and it was actually Blizzard informing me my account was banned for hacking/illicit deeds and not some dupe email).

I have my battle.net account on its own email now and I still get dupe emails on the previous address. My advice would be to just reformat to make absolutely sure its all gone like I did and put your battle.net account on another email.

Users with IPhone or Android phones really should get the mobile authenticator. Its free and adds so much security.

Everyone else should think about getting a normal authenticator. Since I have a (non active) wow account as well on my battle.net account I got one. Its good to feel safe.

Oh and I get scam mails daily from "blizzard" telling me how I've won rare pets and got in to beta programs here and there. Quite annoying.

Based on current virus trends, it's quite likely that the virus/trojen you picked up was embedded in an invisible PDF on that link which took advantage of an Adobe vulnerability.

If you guys haven't disabled scripting in PDFs, you're vulnerable, and it was about 75%+ of infections last year over the web were served by twisted PDFs. Invisibly even.

Mobile authenticator gotten, and now all seems well with the world. Lets hope there is no trick to steal my mobile authenticator serial number now...

I started getting these emails a few days before Starcraft 2 came out. It looked legit, especially since my account had been hacked before. But then I got the part where it said they unlock accounts online and I just needed to click a link and enter all my info to validate. Uh, no thank you.

I got an authenticator when it was hacked last time. I may have had it hacked one other time, but that was over a year ago now. It's kind of pathetic that people have nothing better to do than hack Battle.net accounts and steal digital items and money.

I got a mail last night saying that my account was banned for goldselling. I havent been online in about 7 months. Can they really have saved my account details that long before doing anything with it?

I got a mail last night saying that my account was banned for goldselling. I havent been online in about 7 months. Can they really have saved my account details that long before doing anything with it?

Your WoW account sticks around intact... Just in case.

No, i meant the hackers. They cant keylog me if i dont log in, and my last login was long ago. Why would they save teh account for that long, and risk me changing pass?

I got a mail last night saying that my account was banned for goldselling. I havent been online in about 7 months. Can they really have saved my account details that long before doing anything with it?
I'm a bit shocked. I got an email last night purportedly from Blizzard claiming to be a "password change request" that it said they'd received from me.

It looked completely legit, and the links all looked completely legit. I couldn't believe how good it looked. In fact, I'm still not sure it wasn't real. But I'm far too wary to use -any- link given to me in an email.

Always, always, always ignore the email's given links and go directly to the company site yourself.

Now, I haven't played WoW in over 2 years, so I have no idea why I would've gotten one of these for the first time, out of the blue.

I can only assume that Blizzard's security has been hacked and people's account-email has been leaked or something, or more likely that some gaming site I'm signed up to got their email list leaked.

So, watch out guys. I can't believe I got one of these. If I had actually been playing WoW, this would've been a pretty tempting cookie. I can hardly believe it made it through Google's spam filter too.

I'm a bit shocked. I got an email last night purportedly from Blizzard claiming to be a "password change request" that it said they'd received from me.

It looked completely legit, and the links all looked completely legit. I couldn't believe how good it looked. In fact, I'm still not sure it wasn't real. But I'm far too wary to use -any- link given to me in an email.

Always, always, always ignore the email's given links and go directly to the company site yourself.

Now, I haven't played WoW in over 2 years, so I have no idea why I would've gotten one of these for the first time, out of the blue.

I can only assume that Blizzard's security has been hacked and people's account-email has been leaked or something, or more likely that some gaming site I'm signed up to got their email list leaked.

So, watch out guys. I can't believe I got one of these. If I had actually been playing WoW, this would've been a pretty tempting cookie. I can hardly believe it made it through Google's spam filter too.

That stuff gets through anything. Which is why I setup my WoW on its on separate email account. Now when I get the shifty emails on my old account, it makes it easy to dismiss.

I think what's notable though is that I haven't played in years yet still got one of these emails. Which means hackers have found a way to target people with a high likelihood of having played WoW. Someone's security somewhere has been breached.

You guys should change your battle.net email. That's what I did after my account was hacked, now I know when emails are fake because they go to my old address.