Last night I got an alarming email from Bizzard about my World of Warcraft account.

***Notice of Account Closure***

Account Name: ************

Reason for Closure: Terms of Use Violation — Exploitative Activity: Abuse of the Economy

This account was closed because one or more characters were identified exchanging, or contributing to the exchange of, in-game property (items or gold) for “real-world” currency. This exchange process negatively impacts the World of Warcraft game environment by detracting from the value of the in-game economy.

I immediately tried to investigate by logging into my Battle.net account (which is also tied to all World of Warcraft accounts), however I was faced with the following…

However, I don’t HAVE a Battle.net authenticator. At this point I knew something was “up” so to speak. I thought to myself that there was NO WAY I could have been keylogged… I rushed home to begin a real investigation.

I ran multiple virus scanners, and multiple malware and spyware scanners as well. Nothing returned any results. I also ran these on a work PC for precaution as well, as I know I’ve logged into my Battle.net account there a few weeks back. Again, no results.

At this point I’m fairly confident I have NOT been keylogged, but something else has happened entirely. I have no idea why somebody would try to bruteforce my account. I have a worthless level 28 mage on my account and that’s it. You can also see the “recent activity” on that character, getting achievements because I haven’t logged on to him in literally over two years, but the hacker logged on yesterday evening right around 7PM. Yes, yesterday, as in Easter.

To make this matter all the more stranger, a good friend of mine has a brother who’s account was hacked and logged into on Christmas Eve of 2009, right around 8PM…

This makes me think there’s a group out there that is somehow obtaining login credentials and waiting until holiday’s to strike, likely thinking that people are out spending the day with their friends and family, and not worrying about their virtual video game accounts, giving the hackers time to add authenticators and log in and exploit the game in any way possible.

Now I have to deal with account recovery services at Blizzard, which from what I hear is an alright experience as far as the people on the phone go, but the queue/wait times can be ridiculous. I have a feeling I’m not the only account that got hit yesterday, and I’ll be on hold for a very long time, and they don’t even open today until 11AM.

As soon as this is straightened out, I’ll be changing my Battle.net password, and adding the iPhone app of the Battle.net Mobile Authenticator for added security.

[UPDATE - April 05, 2010 - 11:30AM]
Spent a good twenty minutes on hold with Blizzard’s Account Management and Billing department, before finally getting to talk to somebody. Once I did get to talk to somebody it was fairly painless as far as getting back my Battle.net account… Apparently the World of Warcraft account is another story… Somebody will need to investigate that and get back to me? I really don’t care about my characters or items, I just don’t want the account/serial keys BANNED, that’s all… And I want to get back into the account to remove all credit cards on file.

As of right now this is what I currently get while trying to access my World of Warcraft account.

[UPDATE - April 05, 2010 - 04:00PM]
I have received two emails from Blizzard about my World of Warcraf account! They are both listed below. Kudos to Blizzard for making this a fairly quick and painless process for me.

Greetings,

We have restored access to World of Warcraft account  ************ and reset the password to this account.

It may take up to one hour for our system to generate and send the new password. If you have not received a password within one hour of this message’s delivery, please check your Spam, Junk, or Suspect Mail folders.

And the second one shortly after was this.

Greetings,

Account: ************

Thank you for contacting the World of Warcraft Game Master Department and for bringing this matter to our attention.

We have reviewed our logs of your account, and we were able to determine the following:

No gold was removed
No items have been deleted, sold, traded
No unauthorized character transfers
No profession changes
Guild banks associated with your characters are intact

Fortunately, it appears as though your account has been unharmed.

For further information please check our Restoration Policy located at (http://us.blizzard.com/support/article/20457)

We apologize for any inconvenience this may cause and thank you in advance for your understanding.

All in all I’m pleased with Blizzard’s understanding and fast work on my account (especially since it’s an inactive account).

I HAVE added a Blizzard authenticator, and I would highly suggest anybody else who has access to one or can afford the $6.50 for the physical one to do so as soon as possible, since something like this can happen out of nowhere to a very tech-savvy person.