Tobold's Blog
Thursday, January 11, 2007
Customer service in the event of being hacked

A reader directed my attention this Blizzard customer service forum post: "Good evening, ladies and gentlemen! As the advent of the expansion looms ever closer, we have noticed a marked increase in players posting on this and other forums regarding the current status of their account investigation; more specifically, there seems to be some concern as to whether all restoration of characters and items lost due to compromise shall be concluded before The Burning Crusade is released on Jan. 16.
We can certainly appreciate players' desire to know precisely where they stand in regards to their investigation, and how much longer they shall have to wait before restoration can occur, as we recognise and share the player base's sense of urgency in the matter; please be advised, however, that neither the in-game Game Masters, nor those who moderate the Customer Service Forum, shall be able to provide any additional information beyond what is offered in the update e-mails sent at regular intervals by the Account Investigations team. While it may happen that those e-mails do not always contain all the pertinent information players seek, this is due to our having diverted all possible resources to the investigations themselves, in order to maximise the efficiency of the restoration process to the fullest extent possible under the circumstances.
(Please note: In our efforts to stave off clutter, any additional threads regarding this matter may be locked or deleted at our discretion.)

Apparently keyloggers and phishing scams have lead to a large amount of accounts having been "hacked", that is their password stolen, characters robbed, and either left naked or deleted. And customer service is unable to handle all these cases, which leads to waiting times of several weeks, if not months. And there is no information to be had where you are in the waiting queue and when your account will be restored. Obviously the affected players are angry, and post on the forums. And Blizzard tells them that they will just lock or delete their posts.

Being hacked is apparently the customer service situation which game companies are least able to handle. I remember in Everquest SOE stopped people from overwhelming customer service with "I've been hacked" requests by making reporting to have been hacked a bannable offence. Yes, you heard that right, if you came to customer service saying your account had been hacked, SOE would simply close down that account forever. The argument was that "hacking" didn't exist, all incidences were caused by people sharing accounts and passwords, and as that was against the EULA it was reason enough for banning. It "worked" insofar as soon nobody was complaining about hacking incidents any more. But it didn't improve SOE's reputation for good customer service.

Blizzard at least say they are working on each hacking incident, but if it takes several weeks to repair, you might as well start playing a new character. The problem is that Blizzard has no way of knowing what really happened. Was it a hacker who stripped your character, using a keylogger trojan? Or your little brother, using the password you attached with a post-it to your screen? Or did you try to dupe your money by sending it to a friend and then claiming you got hacked? Blizzard can't just automatically restore every character on request, that would be too easy to abuse. And a lengthy investigation into what exactly happens would cost a couple of hours of some customer service representative, which could easily wipe out all the profit they made from you.

Unpleasant as it is to have been hacked, in the end you will have to assume part of the responsability. If a virus formats your hard drive you can't demand restoration of your porn artistic image collection from Microsoft either. Phishing scams or keylogger trojans only work if you fall for them and have taken no preventive action. One would wish that Blizzard would handle these cases faster, but that isn't as easy as it seems. I can see how Blizzard will lose a couple of customers over this, but $15 only buys you so much customer service, and you quitting might be cheaper for Blizzard than a big effort to solve your case. The one to blame is the criminal who hacked you, Blizzard is as much a victim in this as you are.
So as someone who was hacked and as a network security professional I would like to point out one GLARING oversight that Blizzard has been made aware of by many people.

Your Forums password *IS* your game password. You log in to the forums unencrypted thus letting ANYONE sniff the network connection and get your password,. Simple fix https. A common technology which is cheap and easy to implement.

Blizzard could easily curtail this activity by letting you create a seperate DELETE password, keyloggers would not likely get it because you delete items far less then you login and they could make it harder yet by using a display pad and you "type with your mouse" your delete code.

Just ideas, but honestly to say that they owe the community no support when they themselves make my password vulnerable is ludicrous.
I have been hacked twice, my wife once. I use multiple PCs and had keyloggers on 2 of them. My AV was running, yet somehow it got around it. The first time I was hacked my account was banned because I used my wife's account to report it ingame and they banned the account until I could fax in a form which verified I was the owner. Around 2 days later I was able to access the account, but it took about a week later before my deleted toon was restored. I was angry, but it was my own fault for not being diligent enough. The second time took a bit longer, but my toon was not deleted, just missing gold and items. The GMs do a good job though of investigating and restored everything except for the enchants. They can see the IP addresses of your logins, so they know if you really were hacked or are trying to fool them. The kind GM who helped me the second time explained it all to me to alleviate my ire. It truely does suck to be hacked, and I am proficient enough technically to have safeguards in place (anti-virus, firewall, adaware and spybot S&D) yet they were not enough. I blame the gold buyers for the problem, if there were no market for gold, it would not be so rampant. Now I use the launcher and usually alt-tab out at the login screen to make sure my keystrokes for alt-tab are not being captured but actually working
@Anomymous: the forum logins do use https. The login forms post to https so your password will be secure, once you are authenticated it redirects you back to standard http but by then your account details are no longer transmitted. They probably don't use https for all forum traffic as it adds a significant overhead which they want to avoid on such a popular service.

Blizzard pretty much does what they can to protect your data on their service, its up to the users to protect things on their end though.
Thanks for the clear thinking, Tobold. Reading the WoW forums (or listening to any of the chat channels) gives one the impression that every player is a spoiled child with no capacity to see things from Blizzard's perspective.
This is a typical reaction by blizzard. Their stance against the paying customers is already very agressive and arrogant.

But what would you expect if you look at the sucess they have? No watter how bad their customer service is, people start flocking and rushing the servers.

Lock at the CS and their forums... (this is not a good example - I know, but how they are dealing with negative mood is not very professional. Ther COC is redicoulus and suited only blizzard favor).

This will not change as long as there is no significant drop in the player base - to make Blizzard respect their customers they must lose - say 50% - in a very short time so this has strong implication on the fincial market and their repution THERE - if they must start to explain why customers rushing away they will chance (maybe) their attidude - but I would not count on it.

From what I have learned, I'm only a paying customer - one of millions. If I don't fit their scheme (producing more cost then income I will get aBANdoned.

Blizzard shows no mercy to their own errors. If they did something wrong, ALWAYS the customer was guilty, they where multiple occurences of this schema and I do not expect that this will change in the near future.

Maybe this is the price of a MMORPG where a single customer has absolutly no value to the company which drives the game and to get something realized by them, you need the MM (out of the MMORPG),,,
Well, what level of customer service do you expect for 50 cents a day? I've experienced bad customer service in hotels where I paid $150 a day and still just got canned replies to customer service inquiries.

I find the idea that Blizzard is solely responsible for you being hacked ridiculous. The main responsible is the hacker. Usually the victim has some part of the responsibility, by falling for a phishing scam, or not keeping his computer safe from trojans. The responsability of Blizzard is minimal at best.
Beaware that "beinghacked" can be abused. I can transfer all my goodies, delete my chars and claim "being hacked". So I can dupe my stuff and make gold as well. Its not easy to restore characters and stuff through customer service without being prone to cheating players.

On the other side all cases of restoring characters I have seen have been handled very professionally by blizzard, even if the players deleted their stuff or characters themselves.

In one case a player lost his girlfriend, drank to much and disenchanted his Tier 1 set, sent the nexus to a friend and deleted his char. This char was restored and when he gave the nexus back his Tier 1 set as well. Note however that the bank was empty to prevent duping.

In another case someone deleted ALL of his chars because his wife threatened to divorce him otherwise. He did, and his wife left him anyways. When he wanted to restore it was problematic but in the end his chars were back, but his equipment not.
Funny how keyloggers seem so interested in things of such low "value" such as virtual gold and purple axes. Even selling the gold on eBay is not going to net them that much.

If I had access to a set of passwords I would be heading for Paypal and bank accounts.

Or is the point that if you pinch someone's GBP or USD you go to prison, if you pinch their axe you just get banned from a silly game ?

Whilst I am sure there is some of this going on, and I have no wish to deny anyones experiences, it does seem far too much for it ALL to be keylogging.

Account sharing amongst friends and guildies ? Then someone gets the hump (as the "kids" in the game tend to - kick 'em and they want to kill you IRL) and DEs all their mate's stuff.
Yes, Wiggly. I am way more concerned that my Real Life stuff would be vulnerable than my WoW characters. If only my toons got compromised I would heave a sigh of relief.
In the days of console on-line games (are there any left?), having your memory card corrupt was a constant worry.
Yes, losing your characters is upsetting, losing all the money from your bank account must be a lot more serious.
My wife got taken in by one of the Phishing scams. Just happened to be the right bank, right message. It sounded plausible. And it is so easy to type all your password in without thinking - I did it a few months ago on my personal internet banking account. Went into Business Banking by mistake and it asked for my password (instead of the mouse picked random digits) but I jsut entered it and then my stomach did a backflip as I realised. Luckily it really was my bank. Easy to do.

But I can understand how that works, send enough emails, some will strike the right note. No need for keyloggers. Wonder if the WoW thing is similar. Set up a website, ask for your characted name and which server, then set a password. If you are smart, you DON'T give your WoW password as the site password. But ....
We've had a number of people in our guild get hacked. Each one had their stuff restored in 2 weeks to a month. I want to say the key logger vehicle was some addons they downloaded.

0,50 cent might not be much.

0,50 cent x 8 million results in 4 million.

It is a different thing getting a customer service worth 0,50 cent a day while you are earning 4 millions a day.

At least for me.
On the subject of Blizzard customer service and item restoration, I'd like to share a story so others can learn exactly how bad it can get:

On the day patch 2.0.1 hit, my girlfriend logged on to her priest to find literally dozens of items gone, with no apparent rhyme or reason. Stacks of cloth and fish, blue items she had held in her bank to wear later, quest items - a big chunk of her once-full inventory was now empty. Everything she was wearing was there, but her bank and her bags were partially looted. Her 60 was untouched, as was her money, she had clearly not been hacked. It was very clear that this was a mistake on Blizzards part as part of the disaster that was the first few days of that patch.

It's been a month of back and forth with blizz customer service. They've been constantly changing their claims about what they can and can't do, first saying they won't replace her items, then eventually asking her for a full list. After she spent an hour remembering and writing out the list,they write her back a week later saying they can't verify she ever had the items, and won't replace them.

It's outrageous, and after 1.5 years, after being blizzard fans for nearly a decade, we will likely quit in protest and take 3 friends (and former blizz fans) with us. I doubt that $75 a month loss will make them even take pause. I just hope that we can warn others not to deal with a company that isn't even willing to try to correct their own mistakes. The only thing we can do is spread negative word of mouth until it hurts their image enough for them to finally start having even marginally exceptable customer service.
My account was hacked on the 12th-13th of December. I received a phone call from a friend telling me that my main character was standing naked in front of a vendor in Ironforge. I immediately logged in to find all of my characters naked on the login screen. After searching and finding what I believe was a keylogger on my machine, I killed the process, and reset my WOW password. I then proceeded to login and submit a GM ticket. I waited for about an hour and then logged out, realising that I had to contact my bank, credit card company, reset email passwords, etc, etc. This was a nightmare.

I ended up formatting my hard drive and re-installing the operating system. I installed new Anti-Virus software, Anti-Spyware software, and a good firewall. I called customer service and was told that the previous ticket that I had submitted had been closed because I was not online when the GM serviced it.. After installation of World of warcraft, I logged in and sumitted another ticket. This was on December 15th.

I let the GM know that my account had been compromised. I did not list any speciffic items lost, just that I had lost items, bags, and gold from all 8 characters. The GM assured me that the ticket would be forwarded to the account investigations department.

Some of my bags remain, but most were sold/vendored. Although I have most of my gold on my main, all other gear and gold on all my characters was gone, with the exception of non vendorable items and PVP gear. I lost 8pc Netherwind, Staff Of The Shadow Flame, Neltharion's Tear, and 100's of other valuable items. The tradeskill goods alone were probably worth a couple thousand gold as could be expected from an account with several thousand hours /played.

On December 15th the ticket was escalated to account investigations.
Nearly one month later on January 12th I received a form letter stating "Unfortunately, we were unable to verify the loss of the reported character assets"
GM's give only canned responses and refuse to escalate the issue or give me a number so that I can speak to someone who can give me an explanation as to how hundreds of items, epics, bags, gold, and tradeskill stuffs can simply be vendored/sold without any record of it whatsoever.

You have to wonder about continuing to pay a subscription to a company that greets thousands of hours worth of effort lost with a form letter. No explanation and no indication that any issue in the future would not be "resolved" in the exact same way.

Customers deserve explanations, not form letters sent by robots. Interestingly enough this posting was deleted in less than 2 minutes when posted in Blizzards customer service forum. Don't get hacked!

Scarlet Crusade
Odd, I've had only good luck with the in-game support, and the few times I've had to do anything else, it's been fine.

I'm kinda curious why Blizzard is being held to a higher standard than a bank, though-- if you get hacked in your bank, they don't have to get your money back.

Bliz doing anything at all is above and beyond.
I have contacted blizzard on several occasions for customer service and support. I have never had any issues whatsoever. However, each experience is different depending on the person you get.

Just to put in my two cents I have never had a problem.
I think you should understand that most of the viruses are posted on the Blizzard boards themselves, Toblod. Posted by hacked accounts, they contain links to anything from addons, useful anti-virus utlities to purported arena stats you were dying to see.

Wary customers noting these malicious links do alert the only humans that seem alive in there and that's the CS Forums. However they are promptly dismissed with a "it's not my job" reply, the posts are deleted and the poster is threatened with a ban for reposting a link to a possible virus. It's madness in there.

I would appreciate the excuse that they must be busy, but I gotta tell ya... if Blizzard's employees have the time to treat a concerned player who brings this to their attention as a whipping boy and then sit back and talk about cake and pie diversions after making a mockery of the conscientious poster, that ain't "busy" to me. That's just freaking being a sadist to your customers for shits and giggles.

I just read another article tonight and the stories there are eye-opening.

Take a look here -

And there are links within that to by other writers. Not good press for Blizzard if you ask me.
Post a Comment

Links to this post:

Create a Link

<< Home
Newer›  ‹Older

  Powered by Blogger   Free Page Rank Tool