Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.
Did the thieves put an Authenticator on your account?
If no, then follow these steps:
- Try to recover your password: Attempt to retrieve your password using Blizzard's password retrieval form. If they didn't change the email address registered to your account, you will receive the password in your email.
- Change your password: Immediately change your password to something you don't use anywhere else and is strong (not a word found in the dictionary, has numbers that are not related to any dates that are important to you). I would also recommend throwing in a capitalized letter or two, but Battle.Net passwords are not case sensitive. (Neither were non-Battle.Net WoW passwords, by the way, so this is not a change.)
- Post on the Technical Support forums: Go to the official Technical Support forums and find the latest blue post that has something about the Authenticator being added. As of this writing, the current one is at this link, but they get locked after a while and a new one is started. You don't have to enter an Authenticator code to post in the forums, so post from your compromised account in the thread that you need to have the Authenticator removed.
Even if you have posted on the tech support forums, I still recommend you contact Blizzard redundantly. Just make sure that you mention the other methods you have contacted them as a courtesy.
- Email: You can either email Blizzard directly at WoWAccountAdmin@Blizzard.com or by using their web form.
- Phone: Call the appropriate number for you from Blizzard's Support Number list. You may be put on hold for a while and/or be asked to leave a voicemail.
While you are spending time getting your account back, the thieves are pilfering the guildbank and sending your friends/guildies tells to go see this really cool video you made. Get on your guild forums and/or vent and tell your guildies to demote and ignore your characters until you get your account back.
Follow Blizzard's instructions.
Blizzard will contact you with instructions on how to restore your account. You may have to provide notarized documentation, which can be scanned and emailed or faxed. Follow the directions carefully, as any missing steps or information will result in even more of a delay.
Get an Authenticator.
You can either order the keyfob or download an app for your mobile which is cheap to free. If you do not have a mobile which is currently supported by Blizzard and are having trouble getting an Authenticator shipped to your location, then see if a friend, family member or guildie can get one and ship it to you. The device is the same globally and therefore can be activated on your account, even if it is bought by someone in the U.S. and mailed to you. But please do get an Authenticator so you never have to go through this again.
In before the "only stupid people get hacked" comments: very intelligent, prepared and careful people get hacked every day. As social engineers get more sophisticated, new security holes are opened up in our lives all the time. I don't normally do this when I write about Account Security, but any comments that are insulting will be deleted. If you really feel that strongly about how superior you are to someone who has been hacked, please go tell your mom. I'm sure she'll be very proud of you. But the rest of us are not interested.