So on February 3, 2010, I checked my email on my way to work to find this lovely message,
Subject: World of Warcraft — Account Closure Notification — Exploitative Activity Found
English speaking customers: Please refer to the start of this mail
Para los clientes españoles: Por favor vayan hasta el fin de este correo electrónico
***Notice of Account Closure***
Account Name: BRIANCARNELL
This account was closed because one or more characters were identified exchanging, or contributing to the exchange of, in-game property (items or gold) for “real-world” currency. This exchange process negatively impacts the World of Warcraft game environment by detracting from the value of the in-game economy.
Even if this behavior is the result of a third party accessing the account instead of the registered user (for example, a friend, family member, or leveling service) then the account can still be held responsible for the penalty because of the impact it had on the game environment.
We’ve found the above behavior is many times directly related to groups responsible for compromising World of Warcraft accounts; we take these issues very seriously. To better understand our position against exploitative activity and the risks involved, please review this article: http://www.worldofwarcraft.com/info/basics/antigold.html
For any disputes of this action, please visit the Exploitative Activity FAQ and Contact page here: http://us.blizzard.com/support/article/exploitfaq
My first thought was that this email was itself some sort of phishing attack, so I logged into my Battle.net account. Well, I tried to log into my Battle.net account, but was told that it had been shut down for exploitative activity.
Now I’m a very casual World of Warcraft player who pretty much sticks to soloing (I’ve been in one instance in 5 years of playing). Especially since the last two expansions, obtaining gold is trivial so I’m not even sure who the market is anymore for gold selling.
Anyway, since I hadn’t actually bought or sold any gold, the obvious conclusion was that someone had hacked my account. I always run anti-virus software, firewalls, etc., but someone probably managed to keylog me on a machine where I checked in to show someone the Armory.
My next reaction was a bunch of expletives. I’ve got more than 3,000 hours invested in the characters on that account and to some extent playing World of Warcraft is almost part of my lifestyle, not just another game. I simply can’t imagine not playing WoW or some successor to it at this point.
So I hit the link to appeal and explain that I’ve been playing for 5 years, never bought or sold gold, and as they can tell if they look at my account am a fairly casual player who just wants his account back. To Blizzard’s credit it took less than 24 hours for me to get the following reply:
Subject: World of Warcraft – Account Recovery Instructions
To protect your privacy and security, we have temporarily disabled this account. Any recurring subscriptions have been suspended to prevent further monetary charges. In order to regain access to the account, you must complete the steps below to secure the account and your computer.
Please keep this email for your reference until the account recovery process has been completed.
STEP 1: SECURE THE ACCOUNT, YOUR COMPUTER AND YOUR EMAIL ADDRESS
Account compromises most often occur when a player shares login information with an unauthorized third party or plays on a computer that has a virus, Trojan, or key-logger. We recommend you read and apply the following tips to protect yourself and the account.
- Unauthorized Account Access Policy: http://us.blizzard.com/support/article/20460
- World of Warcraft Account Security: http://us.blizzard.com/support/article/20572
- Computer Security: http://us.blizzard.com/support/article/21118
- Email Address Security: http://us.blizzard.com/support/article/28585
STEP 2: RECOVER THE ACCOUNT
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions:
STEP 3: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 5 business days of submitting this form, please resend it from the address listed above.
Please be aware that if unauthorized access to this account continues after the recovery process is complete, it may lead to further action against the account.
Whew. I took a couple weeks to get my account back, however. Even though I was fairly sure my personal laptop (the only machine I actually play World of Warcraft from) wasn’t compromised, I wasn’t about to take any chances. I wiped the hard drive and reinstalled Windows. Then along with the anti-virus/firewall package, I also added Secunia to help with keeping track of problems like unpatched versions of Adobe crapware.
Once I was certain my machine was exploit-free, I recovered my Battle.net account and then added a Mobile Authenticator to the account. Fortunately for me, a few weeks ago Blizzard added a Mobile Authenticator app for Android, so I could have that on my Nexus One (I’ve actually got several of the standalone authenticators, but worried before that I would lose them).
Now I was finally ready to log into my WoW account…where I found myself suspended in mid-air and watch while I fell to my death.
Whoever hacked the account must have been seriously disappointed. They took about 800 gold and cashed in about 20,000 honor points for some gems (which were still in my inventory). The only thing I was really annoyed at was they sold off all my Gigantique Bags and Portable Holes. I thought about petitioning to have that gear restored, but decided not to since, again, gold is so easy to come by in the game these days.