Unsecurity.
I'm disappointed in how very -unsecure- the Blizzard account management system is. I don't mean their person-to-person customer support and the like. I mean, the ease at which someone can get a temporary password to your account. Without needing any personal information whatsoever. Go ahead. Check out the process to "retrieve password" if you've "lost access to your registered email account".
Clue for Blizzard: Captchas are good. Secret questions are good. But only if you use them. There are a million games out there that have key generators for them. If it can be done to those games, it can be done to yours.
In short, my (only) guildmate's account got hacked last Thursday. They reset his pword to a temporary one via the Blizzard page, and in roughly half an hour... left his paladin naked and bereft of anything in Ratchet. They also cleaned my guild bank (to which my guildmate had full access - we used it for craft storage/sharing) of nearly everything valuable. Some of the stuff that got left behind was weird. (Example, they took all of the Marks of Saergas and Kil'jaeden, but did not touch the stack of Fel Armaments, nor Arcane Tomes. Which are both worth more.)
Inside 24 hours, to Blizzard's credit, their investigation team responded that they had determined the account WAS violated (that's the best word to describe how it feels), and included a list of all the things that are "eligible for" replacement, or some word similar. I don't know if "replacement" was the word. Of course, with the Armory features, I can take that list and verify each and every item taken out of my guild bank.
I think I'll do that later. We spot checked the list and it seems like all the character's tanking gear is also being replaced. I'm most thankful they are replacing a few particular and personal items for that character. Her Blood Knight styled shield - a quest reward from SMV, and the mace she's using now (Hammer of Quiet Mourning) from a ZD quest. There would be no way for me to replace either of those, not even with 10 or 20 thousand gold.
So, on one hand I'm really not happy with the lack of prevention that Blizzard has in place to protect accounts... (What good is a great account password, and protective software, when someone with a keygen program can eventually just reset my pword and have it sent to their own email address?)... and on the other I'm pretty pleased with how quickly they responded. And, of course, that they responded how I -expected- the matter to be handled. I was VERY ready to contact a GM after the whole thing to bitch about my guild bank items, if they didn't opt to replace them.
Hopefully they will track down wherever all those things were sent. (I'm pretty sure, with the amount of backups and things they can trace in the game that they can track down at least one or two steps of transferred items. At the LEAST, whether the character mailed all the items or traded them by hand, and to whom between 7am and 8am Thursday morning.)
Clue for Blizzard: Captchas are good. Secret questions are good. But only if you use them. There are a million games out there that have key generators for them. If it can be done to those games, it can be done to yours.
In short, my (only) guildmate's account got hacked last Thursday. They reset his pword to a temporary one via the Blizzard page, and in roughly half an hour... left his paladin naked and bereft of anything in Ratchet. They also cleaned my guild bank (to which my guildmate had full access - we used it for craft storage/sharing) of nearly everything valuable. Some of the stuff that got left behind was weird. (Example, they took all of the Marks of Saergas and Kil'jaeden, but did not touch the stack of Fel Armaments, nor Arcane Tomes. Which are both worth more.)
Inside 24 hours, to Blizzard's credit, their investigation team responded that they had determined the account WAS violated (that's the best word to describe how it feels), and included a list of all the things that are "eligible for" replacement, or some word similar. I don't know if "replacement" was the word. Of course, with the Armory features, I can take that list and verify each and every item taken out of my guild bank.
I think I'll do that later. We spot checked the list and it seems like all the character's tanking gear is also being replaced. I'm most thankful they are replacing a few particular and personal items for that character. Her Blood Knight styled shield - a quest reward from SMV, and the mace she's using now (Hammer of Quiet Mourning) from a ZD quest. There would be no way for me to replace either of those, not even with 10 or 20 thousand gold.
So, on one hand I'm really not happy with the lack of prevention that Blizzard has in place to protect accounts... (What good is a great account password, and protective software, when someone with a keygen program can eventually just reset my pword and have it sent to their own email address?)... and on the other I'm pretty pleased with how quickly they responded. And, of course, that they responded how I -expected- the matter to be handled. I was VERY ready to contact a GM after the whole thing to bitch about my guild bank items, if they didn't opt to replace them.
Hopefully they will track down wherever all those things were sent. (I'm pretty sure, with the amount of backups and things they can trace in the game that they can track down at least one or two steps of transferred items. At the LEAST, whether the character mailed all the items or traded them by hand, and to whom between 7am and 8am Thursday morning.)