General Discussion | Account Recovery Bug

Author	Message	Time
Denial	Wow that was fun to watch today i figured out how to do it after a while but i didn't take any accounts. I did manage to create a few to save some peoples d2 accounts on ladder. Blizzard suspended account recovery for now so that's that. Since it's already out to how to do it i wont bother posting how to do it since most people by the time they read this will already know "A vulnerability relating to abusing the account recovery system has been fixed. Affected characters will be restored where possible, as quickly as we can. Everyone caught abusing this system will have their accounts closed and cd-keys banned from Battle.net. We apologize for the trouble this has caused. -------------------------------------------------------------------------------- The Battle.net Team "	November 25, 2003, 9:19 AM
j0k3r	Well, share with those who don't know.	November 25, 2003, 12:31 PM
Zerg	We can't call back for our accounts anymore?(including the cd key)	November 25, 2003, 1:30 PM
Naem	The exploit was incredibly simple. - Register a person's account on another realm. You put in an email address that you can access. - Attempt password recovery from that account. - You will get an E-mail from blizzard asking for confirmation of the password recovery. The email originates from "account.password.recovery@<yourrealm>.battle.net". - To confirm the recovery you normally just have to reply to the email with the body quoted. To steal the person's account on the other realm, you just reply to the email, however, send the reply to <theirrealm>.battle.net. Their password would reset and be given to you.	November 25, 2003, 9:27 PM
Denial	yep but the question would be? would it work on rep accounts? i thought of the idea when they patched it? cause most reps dont keep their names on asia active	November 25, 2003, 9:44 PM
Hostile	lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.	November 25, 2003, 10:30 PM
Denial	ha blizzard made their name's more secure to like name.support@blizzard	November 26, 2003, 6:44 PM
Zerg	[quote author=Hostile link=board=2;threadid=3836;start=0#msg31412 date=1069799408] lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey. [/quote] Ack! This means they have closed the ability to get accounts via cdkey?!?	November 26, 2003, 9:10 PM

Author

Message

Time

Denial

Wow that was fun to watch today i figured out how to do it after a while but i didn't take any accounts. I did manage to create a few to save some peoples d2 accounts on ladder. Blizzard suspended account recovery for now so that's that.

Since it's already out to how to do it i wont bother posting how to do it since most people by the time they read this will already know

"A vulnerability relating to abusing the account recovery system has been fixed. Affected characters will be restored where possible, as quickly as we can. Everyone caught abusing this system will have their accounts closed and cd-keys banned from Battle.net. We apologize for the trouble this has caused.
--------------------------------------------------------------------------------
The Battle.net Team "

November 25, 2003, 9:19 AM

j0k3r

Well, share with those who don't know.

November 25, 2003, 12:31 PM

Zerg

We can't call back for our accounts anymore?(including the cd key)

November 25, 2003, 1:30 PM

Naem

The exploit was incredibly simple.

- Register a person's account on another realm. You put in an email address that you can access.

- Attempt password recovery from that account.

- You will get an E-mail from blizzard asking for confirmation of the password recovery. The email originates from "account.password.recovery@<yourrealm>.battle.net".

- To confirm the recovery you normally just have to reply to the email with the body quoted. To steal the person's account on the other realm, you just reply to the email, however, send the reply to <theirrealm>.battle.net. Their password would reset and be given to you.

November 25, 2003, 9:27 PM

Denial

yep but the question would be? would it work on rep accounts? i thought of the idea when they patched it? cause most reps dont keep their names on asia active

November 25, 2003, 9:44 PM

Hostile

lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.

November 25, 2003, 10:30 PM

Denial

ha blizzard made their name's more secure to like name.support@blizzard

November 26, 2003, 6:44 PM

Zerg

[quote author=Hostile link=board=2;threadid=3836;start=0#msg31412 date=1069799408]
lol, so they fixed the problem and to all those people who lost their accounts, better luck next time! As of right now they just have registration closed altogather, perhaps they will reopen with ability to recovery via cdkey.
[/quote]
Ack! This means they have closed the ability to get accounts via cdkey?!?

November 26, 2003, 9:10 PM

Valhalla Legends Forums Archive | General Discussion | Account Recovery Bug