The real problem with Blizz is the way they handle suspended/cancelled accounts. They don’t do what would be standard practice for any other company handling massive user bases – MOVE dead accounts offline. Instead, they leave them on the original, active servers. Moving accounts back-and-forth between offline and online servers may be a pain (I know, I used to have to do it, on a much smaller scale — it can rapidly become a logistical nightmare if the environment is very complex), but it’s really the only way. I hope Blizz is looking into a way to do this.

The credit card that go stolen is the same card used on battle.net to pay for wow and NOTHING ELSE… EVER!!!! I talked to the bank and she verified that there have been no charges on the card since last July when I stopped playing WoW. The card never leaves the safe in my house and has never EVER and I repeat EVER been used for anything other than WoW.

I find it very odd that shortly after my account was stolen somoen tried to go on a shopping spree with the very same card only used for paying for WoW. There is only one place they could have gotten both my card number and my 3 digit code is from Blizzard/battle.net since it’s the only place I’ve ever used it.

Don’t give me the “you have a virus” crap that logged my card number because that’s crap… I opened my wow account years ago and that is the only time I’ve ever typed in those numbers, when I first opened my account years ago so no keylogger stole my numbers and the person didn’t wait until now to use my card.

An employee at either Blizzard or battle.net stole the info from the database OR Blizzard or battle.net was recently breached and they just haven’t found out about it. By law they need to report hacks but if they don’t know then what would they have to report?

It’s simple, some employee stole the info from the database and used it or sold it OR someone hacked them and stole my credit card info from them.

I work in the financial world and credit card info is stored in databases along with the security code for things like monthly charges. Yes there are safeguards but have you ever needed to call the bank about a card? The employee can see all your card numbers and security codes and the same thing is possible for people working close with the databases. I have access to finanacial databases for my job and I see the info all the time so I know what I’m tlaking about. It sucks that some employee is doing this if thats the case and it sucks that they don’t know they have a data breach if that is the case.

Nah…it’s a conspiracy theory, the air is safe to breath and the water is safe to drink…nuclear power is clean and efficient…Oswald shot JFK, Sirhan Sirhan killed Bobby, 47 story steel reinforced buildings come down at free fall speed do to office fires…

At 12m subs paying say 13 dollars per month (which is probably optimist given the pricing models for Asia and Latin America) is 1.8b per year in revenue. If the entire gold selling industry is 1b across all games it is probably not worth the cost in customer maintenance for Blizzard to consider it.

Also, they control the entire game so if they really wanted to do gold selling they could just make money out of thin air, like governments, and sell that without the customer service expenditure at all. This was mentioned by someone above.

Regarding hacking and the authenticator, there is no such thing as a foolproof security setup, there is always a way to get around it and all it requires is time, patience and ingenuity (be it technical or social ingenuity.) The man-in-the-middle attack is a very real problem and existed long before WoW came about, it is one of the best ways to defeat the security of SSH encrypted tunnels for those who do not read warnings about key mismatches and eliminates all of the security of data encryption. The tactic in the case of WoW would involve either updating a local hosts file or DNS cache poisoning. The first is more trivial compared to the latter however the latter can score many accounts at once versus the former only getting one person’s account(s).

The authenticator makes it more difficult over all since it takes away the time and patience elements of hacking and requires mostly ingenuity to pull off. It is not foolproof since the man-in-the-middle attack can be effective against it, also I am under the impression if the email address that the Battle.net account is tied to is hacked the authenticator will not help you there either.

But I’m an old school player who tends to reactivate my account once a year a so for a few months to play for a bit & get bored again. But each time for the last three years my account is taken over 3-6 months after the sub runs out, so something weird is going on.