So...I haven't played WOW since I don't even remember when. Someone signed my account up for Battlenet, so last week I called Blizzard and resecured the account (I thought). Then this week my inactive account was banned for spamming the chat channel. Someone they turned on a free trial for Wrath. I called today and resecured the account again, and added the iPhone authenticator. Figured I might as well download the client on the free trial and check out my toons, not that I want to start playing again.

My system is clean, I've never used the Blizzard forums, and I don't use similar passwords for different games, so this ones a stumper. I even started last week by changing the password to my email, in the assumption that was how they got access. In the process of sorting things out however, I'm becoming frighteningly aware of how much information I've registered with each game. I may start using fake names and game cards only, especially with Bioware and Sony both having recent account compromises.

For the record, I hate it when people say their account was "hacked," since it's usually because they're a dumbass and shared their information or ran some third party app. I haven't even thought about my WoW account in a couple of years, and I cannot figure where the information would have been linked.

I had the same experience with NCSoft. I hadn't used my NCSoft account since Tabula Rasa beta. Next thing I know I'm getting emails about my account password being changed, a full retail copy of Aion being purchased on my credit card and then my email being changed.

Luckily for me, that credit card had been cut up and changed months earlier. I was still furious though and after numerous emails to the support staff at NCSoft I finally got them to shut the account (after threats of legal action).

I wouldn't be surprised if it was an inside job.

I will say this - I spoke with Blizzard support twice, and they were both about the friendliest phone support people I've ever dealt with.

I'm guessing they were trawling for accounts that had not been bnet converted and guessed some easy "secret question" -- those stupid rescue questions are typically far, far less entropic than passwords and extremely easy to guess if you have any info at all on the account owner. There was a large glut of inactive accounts that got compromised since the switchover.

Man, they REALLY want my account. I received a fake email from Blizzard support directing me to a phishing website today.

Rats - everyone is in China, so no fun for me.

I got an email today indicating that I'd successfully created a Battle.net account. The greeting was "Hello zhang,"

Lovely.

Without knowing what last name he used to create the account, I apparently can't go through the recovery process (and barely care at this point). Zhang's in for a harsh disappointment when he sees how old my stuff is.

He can't use your email without the confirmation anyways though, if I'm not mistaken. I haven't played in forever, so I'm just going to let it be stuck in there confirmation queue until it gets purged due to inactivity (assuming that's a thing).

The email alluded to verification being necessary to access additional features, but not being entirely required. Honestly not that worried about it. More annoyed in principle than anything else.

Odd, that's the same name that started my problems.

I care less about my WoW account than I do fighting the punks that ruin games for me. It might be only one worker in some Chinese farm, but I didn't want to let it go that easily.

Those emails show up all the time. If you hover over the link provided in the email the actual hyperlink is usually is not a Blizzard website but a phishing site.

I suspected that at first, but it's a real email confirmation link to https://sea.battle.net/ (which I didn't click) and the SPF record had to have matched for it to get through to me too.

My email linked to zhang was legit, that one took a call to Blizzard to clear up.

The other phishing emails often have a fake return path as well, if you peek at the headers, along with fake links to websites.