The Blizzard End User License Agreement explains what you may and may not do with a Blizzard account. This article highlights a few passages from the EULA that are most relevant to this policy.
Only you are allowed to access an account registered in your name. We don't recognize the transfer of accounts between individuals. Activities performed on your account are your liability.
You may not share your account or password with anyone, except if you are a parent or guardian, in which case you may permit one minor child to use your account. You may not use your account at the same time, and you are liable for activities conducted by the minor child.
You are responsible for maintaining the confidentiality and the use of your user name and password. You are responsible for all uses of your information, even if you don't authorize them. Security of your account is your responsibility.
Security of your account is your responsibility. For tips on keeping your account secure, visit our Account and Computer Security page.
Third-party User Interface addons are very popular in World of Warcraft. We are not responsible for damage that may occur from third-party addons.
Regaining Control of a Compromised Account
If you believe your account has been compromised, take the following steps:
We disable access to compromised accounts while we investigate. Once we are confident that account access has been restored to the registered user—and only the registered user—we will reenable access to the account.
While we will attempt to restore any items and gold missing from the account, we cannot guarantee that lost items or gold will be reimbursed.
This category applies to players who have:
- Accessed an account reported as compromised and are not the registered user of said account.
- Knowingly or unknowingly received items or gold from a compromised account.
If a player is found to have participated in one of these acts, we may:
- Remove transferred items and gold from their account.
- Apply an account penalty, up to account closure, if the registered user of the account perpetrated the compromise.