Just making this post so people can be aware of what is apparently happening now.
I had both SMS protect and a Blizzard Authenticator on my phone turned on.
I woke up this morning to a text from Blizzard that my password was changed.
I reset it and log on my account to find all of my gold missing and my main character transferred off.
I looked at my support history and found a message to Blizzard requesting to remove my authenticator from my account because the phone it was on had been lost. Blizzard less than 2 hours later removed my authenticator and send the person a link to reset the password of my account. Which easily allowed them in.
Blizzard thankfully restored my account in less than an hour. I still have to deal with all my keybinds being reset, some real id friends removed and characters no longer in guilds.
The person is also once again is trying to gain access to my account using the same trick. This time though because my account was "recently compromised" Blizzard didn't let them remove the authenticator.
Blizzard needs to do something to tighten security because if people can just request an authenticator be removed it doesn't really offer any protection.
EDIT: I contacted blizzard though another ticket asking why my authenticator was originally removed and they told me they received a picture of what presumably is some kind of fake ID. I don't know if the CS Rep that looked at it originally was in some kind of rush or didn't look closely but it was apparently good enough to remove my authenticator. Some people seem to think my entire life has been hacked but even if my email has also been hacked they wouldn't find a picture of my ID on it. I have never taken a picture of it. They would also need an ID from ~2005 when I made my account since my personal information is different now. My WoW password was also unique to everything else so no way they could just used 1 password for both.
In any case under an abundance of caution I ran scans using Malwarebytes and the Windows Malicious software tool and found nothing. If there are some other programs that are better let me know but I don't think there is a secret keylogger or anything. Just someone spamming CS reps with fake pictures of IDs and got lucky with my account.
EDIT 2: Thanks to Araxom to providing more details and looking into it for me. Basically it seems what happened is that someone photoshopped my real name onto a random ID and that was accepted. It apparently wasn't even from the same state as where I live so obviously the address wouldn't be correct. All that seems to be verified is your name on the ID. It is possible that my real name is associated with my email address somewhere on the Internet though so it is possible it is my fault in some indirect way.
To me this is troubling because anyone on my Real ID friends list would have access to my real name and email address. This would mean that if anyone's accounts got compromised that are my friends they could easily get my real name and email. Leading to what happened to me.
In any case I hope at the very least this post shined some light on the problem and it will be fixed on Blizzards end. By requiring Email / text or some other method to verify the removal of authenticators.
Source: Original link
© Post "Account Hacked even with Authenticator." for game World of Warcraft.