My son clicked a linked on trade chat, supposedly for a twich video.
He got hacked with the hacker purchasing via the linked paypal of the account 11 x 60 days game time, sent to an email address. his account has an authenticator.
Thankfully I saw the first message, asked him if he bought something and realised something was wrong.
Disconnected his PC, change the bnet password, removed all payment options from his battle.net and removed all cards and payments options from paypal, changed paypal password, formated his PC completely.
Thankfully, Blizzard did not process the payments that were on hold and all of them failed. I am still wondering how come those payment tried to go through automatically on Blizzard side without user interaction or asking for credentials.
TLDR: do not click links in trade chat. a hacker can access your battlenet and purchase stuff via bnet (even if you have an authenticator).
PS: to Blizzard. For hacking accounts and payments hack it is not acceptable that a ticket opened says 3 days wait. It is also unaccepatble that for such situations there is no priority escalation to a human GM to deal with this.
At this time, my son’s account is still locked.
Been 1 day . still awaiting a GM to unlock my sons account
PS2: people should read the steps I have taken before posting stuff that are basic.
I am fairly security aware (I work in IT).
Note: took 3 days to get a GM unlock the accounts. It is in my view too long a wait.
12 Likes
It’s a shame the service is so poor now.
I was hacked many years back and the service was nothing short of superb.
As a slight tangent, it made me chuckle with nostalgia, I think smart phones were in early days then and I couldn’t get a keychain authenticator because I was overseas. The GM was in the game with me and the authenticator had just been attached and the hackers somehow how yoinked the account from me again under the GM’s nose while they were watching.
Bottom line is the hackers are pretty smart, to be safe airgap yourself from technology and live in a cave.
1 Like
This is perfectly fine for Blizzard. Not only gives it the hackers time to leech money from your wallet to Blizzard’s vault, it also creates an incentive to create a new account for your son and buy everything again, effectively giving Blizzard even more money.
On top of that everything lost have to be regrinded, meaning more time spent in game thus more time spent as a paying subscriber.
Blizzard is no charity organisation, Activision Blizzard is a company in a capitalistic economy where profit goes far above anything else.
3 Likes
They probably did ask for credentials.
However some malicious software on your computer gave those credentials to the hacker.
Do you use 2FA on your accounts?
If not: Implement 2FA on your accounts.
If 2FA is not an option for whatever reason: Live with the problem that a leaked password gives an attacker full access to the account.
Do you use an individual password for every service you are registered with?
If not: Stop that practice immediately as currently not only your Blizzard Account is compromised but also all other services on which you used the same password.
If you feel that to be too much effort: Live with the knowledge that the reused password is a single point of failure and a compromitation will not only endanger one service but all services where it has been used.
1 Like
They will get to you but the queue is long for various reasons. The advice Koz gave you is good … but I will add this.
Please tell your son to never ever follow a link in chat. Never put his account details on a site until he’s absolutely certain it’s a real Blizzard site. Never believe anyone who says they’re from Blizzard in chat as 99.99% of them aren’t.
2 Likes
and perhaps do a /leave service chat … best for everyone who doesn’t need a boost.
2 Likes
Oh yes, that too. I’ve not been in service chat but I would guess it’s full of links, some of which will be fine but some not.
I would never click on any dodgy links anywhere anytime. Though this is the first time I have heard of this. Was it on /5? this link.
1 Like
yes authenticator on every account
yes different passwords per account.
As far as I am aware if blizzard contact you in game it never happens in the regular chat screen but in seperate window and is easily verified as a being blizzard, they never ask you for your password (or log in info) and would never ask you to click to an external link.
OP, I use paypal for blizzard and outside of my recurring subscription I always have to enter my blizzard password when making a purchase so I think it possible that your son has entered his log in details on an external site from the link he clicked and given the hackers his info.
You can set up his blizzard account to ask for authentication every time the password is put in and also set up sms authentication as an added step.
Paypal also has added security for payments which asks for you to verify via a phone call or sms.
It really is worth spending some time going through all the security settings on your accounts, especially the ones that your son has any form of access to, set up parental controls on his blizzard account if necessary to stop purchases you can’t personally authorise first.
1 Like
They tried to scam me since i came on retail back in 2014 
first thing someone whispered me on my fresh new char was something about my ACC had some unsual activity and they need to investigate or something and then there was link to a FAKE blizzard site
even name was BLIZZARD but with different letters
I always laugh when someone is doing this
i can’t believe there is a person who is stupid enough to believe that blizzard themself is whispering them in GAME from a character called blizzard
2 Likes
Yea plausible theory but not how it works in practice. The reputational damage to Blizzard is far more important to them if word gets out on social media, than the value of you purchasing a new sub and regrinding everything. Beside hacked accounts are more than often recovered and everything gets restored.
First thing you gotta do is contacting Paypal as fast as possible, and change all passwords everywhere on every single account u have, and try to google how to improve your personal cyber security.
^ This.
^ And this.
If anything, you should not let your son use such an addon, and train him to be able to tell fake URLs from real ones.
You should also probably get some more protection in your browser, if the hack was done via the website itself. There are different levels to protection you can use, but noscript, ublock and whatever your antivirus can do can cover a lot.
2 Likes
You mean like the rest of the world does 
.
We live in a capitalistic world you should have gotten used to it by now.
That’s a good start actually.
Exactly, which is why Blizzard in general do not care about these cases until one of them blows up on social media, creating a profit incentive for providing first class support to that particular player and give everyone the impression that Blizzard care for the players - effectively boosting their reputation.
Service announcement? It’s just common sense to not click any links you’re not sure about.