The Story Behind Blizzard’s Account Management Policies


So blew open a pretty big story today, namely that Blizzard’s account reps have been instructed to offer players a “care package” of sorts in lieu of doing more lengthy and time consuming account rollbacks when there’s a report that a player’s account has been hacked. Now, clearly that’s not the entire story, but here are the posts over at in time order from earliest to latest, since Blizzard caught wind that broke the news and promptly made a public statement about it:

The last post is the most recent, and contains some information from Blizzard about the “care package” and why they’ve begun offering it at all. While I have to agree with’s perspective on this — namely that it’s firmly against the best interest of players to try and sub in something like this instead of actually doing the restoration, even if it’s just an “option,” — I would say that this is an excellent time to run out and pick up an authenticator for your account.

I can completely see the benefit of giving players an option like the care package, which essentially says to them “wow, sucks you got hacked, here’s some stuff to get you back on your feet, is that okay?” instead of “wow, sucks you got hacked, let’s get you back to where you were,” since the former takes a couple of minutes (maybe hours) and the latter can take days upon days of research to find out what the player’s state was before the hack and when the hack occurred, even if the player knows. Restoring characters is significantly labor and time-intensive for Blizzard, and with the subscription rolls getting larger and larger, it makes sense to have other options in mind for players who would rather take the gold and badges and get back to business instead of wait for possibly weeks to get back to where they were before the whole thing started.

That being said, and even though the offer can be “declined,” which is kind of an “opt-out” kind of thing, it still rings kind of hollow to me, and if I were the one who’d been hacked, I would probably want to get back to where I was in the first place, even if it took a while to do so.

It seems like the real problem with the system here isn’t so much how many hours and how much work is required to restore a character or account to pre-hack state, but with exactly how time and labor-intensive it is. This carrot just says to me that Blizzard account reps simply don’t have the tools to quickly track down and recover from a hack, and probably don’t have the tools required to identify a hack in a clear way when they are looking at an account’s play history. The other downside to this is that while it’s a good thing Blizzard’s focus is on getting players up and running again, it also says that Blizzard isn’t really investigating hacks perhaps to their fullest, and are opting instead to just fix them and drop them.

I could be wrong here – there could be a process where hacks are passed along for investigation after the player is taken care of, and I’m sure the most egregious of them indeed are escalated to a development team or higher-tier of analysts, but I’m betting that with the frequency and end-user nature (eg trojans, malware, etc) of most hacks, they probably chalk it up to a bum add-on or a careless user and move on, especially if the symptoms start to all meld together. That’s not a bad thing, by the way – it’s just how technology support works; when you see the same symptoms frequently, you apply the same treatment and get used to just “knowing the root cause.”

At the same time, it does raise the question to whether Blizzard’s development teams know exactly how much of a security problem they have on their hands, and what kind of priority it is for them. I’m sure it’s a high one, but when you work in an environment that’s high pressure and fires on all cylinders all the time like I imagine Blizzard does, everything is a high priority. It makes me wonder whether or not Blizzard’s approach to incident management is drawing the curtains on a recurring problem that also needs to be examined and addressed.

In any event, in the meantime, you can pick up the scoop and decide for yourself what you’d like to do over at’s articles – no need to rewrite them here. What I wanted to do on the other hand was bring up some of the more behind-the-scenes technology points around what might cause Blizzard to make a decision like this. It remins to be seen whether this new option will gain any kind of popularity though, even if it’s designed to make the recovery process technically easier.

Would you take the care package, or would you opt for a full restore? Let me know in the comments.

3 Comments so far

  1. (unregistered) on January 9th, 2010 @ 10:38 am

    The Story Behind Blizzard’s Account Management Policies | Azeroth Metblogs…

    What I wanted to do on the other hand was bring up some of the more behind-the-scenes technology points around what might cause Blizzard to make a decision like this.

    It remins to be seen whether this new option will gain any kind of popularity thoug…

  2. zakutak (unregistered) on January 12th, 2010 @ 3:17 pm

    A friend of mine was hacked on his 80 hunter and his account got bannned for TP mining. The “care package” he was given was 2500g 60 emblems of one kind n like 2 or 3 of another. It wasnt nearly enough to get him geared back to where he was. And it had taken over a month to get THAT restored to him. SO he just took the gold n emblems rather than wait more months. In the letter it says sumthin like your account is under further investigation to see if items can be returned to you. However if you spend the gold/emblems this will be considered finalized. etc.

  3. Synapse (unregistered) on January 24th, 2010 @ 5:55 pm

    This is Blizzard’s LAZY way of doing business. I’ve heard the excuse that it takes hours or days of research to be able to restore an account. That is total Bullshit.

    Most people that get their account hacked, know what day (and most can narrow it down to a 8 hour window) their account was hacked. Blizzard tracks IP addresses (along with a ton of other info) and can easily use the date the person reports being hacked to see if another IP address accessed the account “around” that time.

    Some people have static IP’s on their home connections, other people have dynamic IP’s (DHCP) on their connections. The static ones are easy. The dynamic ones only change every 3-7 days (varies depending on what your ISP chooses), so Blizzard should easily be able to see a pattern and then a totally different IP on the day of the hack.

    I bet if they did a whois check on that rogue IP, it’ll come back to an Asia ISP.

    Once they know it’s legitimately been hacked then a simple restore should be able to occur immediately (or at least within 24 hours if they want to batch restore once per day). Anyone familiar with SQL and various tool available to DBA’s knows that restoring can be easily implemented to the last backup date before the date/time of the hack (Date Time of the hack is obtained from the IP address info listed above).

    They are being lazy ass MF’s. For a game that makes them 1.6 Billion dollars per year in revenue, you’d think they’d have their shit together on stuff like this.

    Our small guild had over 50% of our accounts hacked in the past two weeks and none of us share info/passwords and none of us had viruses/malware/etc. None of us had any problems in over 2 years until after we switched to the account. Either has security issues or someone on the inside (Blizzard or employee) is selling account info on the side to gold-farmers to make extra cash.

    It’s been over 11 days and no info. 2500 gold and that measly amount of Triumph emblems can’t replace months of raiding and a complete 245+ set of gear/weapons. It also doesn’t replace our guild bank that was raped by the hacker when he had one of our accounts that had full access.

    They keep failing to realize their shortcomings, and they’re going to see that 1.6 billion start to drop real fast.

Terms of use | Privacy Policy | Content: Creative Commons | Site and Design © 2009 | Metroblogging ® and Metblogs ® are registered trademarks of Bode Media, Inc.