Overzealous players break into Battle.Net accounts to get at nonexistent Overwatch ARG clues

Blizzard has launched an extensive alternate reality game (ARG) to tease an upcoming new Overwatch hero, Sombra. That’s all well and good — although even devoted ARG players are getting a bit fatigued on the whole thing by now — but it’s led players to some strange places in search of clues. Hints related to the Sombra ARG have turned up in the background of unrelated images and decoded from static in developer update videos, but a few players have gone much further, including breaking into innocent Battle.Net users’ accounts on the belief Blizzard intended them to go there.

“These users eventually came to the conclusion that they would need to use social engineering to break their way into the account using Blizzard’s support desk,” Game Detectives administrator Epsilon told Kotaku. Game Detectives is a forum devoted to solving the often complex and disparate puzzles involved in ARGs. “Users sometimes get excited and try to take actions into their own hands.”

At least five Battle.Net accounts with the name “Sombra” in them are reported to have been affected. Players contacted Blizzard’s support desk and fooled employees into believing the accounts were rightfully theirs, thus prompting a password reset or email address. That’s the “social engineering” the Game Detectives admin speaks of. With new account login details in hand, ARG players logged into the various “Sombra” accounts only to discover that they were not connected to the ARG at all.

Worse, even after it was ascertained the “Sombra” accounts were just ordinary Battle.Net users, a few ARG players continued to share the login information for at least one of the users — until it was discovered and deleted by Game Detectives admins.

That’s not the extent of the sketchy things done in the name of uncovering Sombra. Players also dug up and subsequently harassed an unrelated email address containing someone’s real name, and players of other alternate reality games have been reported doing things like digging through public trashcans, braving hurricanes, getting arrested for trespassing, and a whole lot of other stuff we would normally consider either anti-social or dangerous in the name of the game.

Why? A lot of it is purely in the nature of augmented reality games, which are often about uncovering some giant conspiracy or solving a giant, possibly sinister mystery. Sombra (what little we know of her) is a hacker, so if Sombra appears to break into places where she’s not allowed to go, it follows that ARG players would need to do the same to find her, right?

ARGs games often ask players to go places they wouldn’t normally go and do things they wouldn’t normally do — usually within safe limits, but even the most seasoned of game developers can’t prepare for everything. However, once you’ve established there are few to no boundaries, it’s difficult to start reeling pleople back in. That’s why even something that is only somewhat ARG-like, such as Pokemon Go, caused so much handwringing and thinkpiecing over the summer, leading developer Niantic to introduce all those ass-covering “warning” messages upon startup. If your game doesn’t make the line between ‘acceptable’ and ‘unacceptable’ clear from the outset, players will start assuming everything is fair game, and then you get bullshit like this happening.

Blizzard, for its part, did step in when Sombra ARG players began going after an unrelated email address. “We had nothing to do with that,” Overwatch director Jeff Kaplan told players on the Battle.Net forums. “That whole development is a surprise to us and we would never direct people at a player’s account. Please do not email that address or try to log into that account. It’s not related to any of the Sombra hints.”

Hopefully this incident will encourage Blizzard to go ahead and release its new Overwatch hero soon, before its remaining ARG players get any antsier.

(h/t Kotaku.)