Overwatch’s Reaper

The hunt for info on Overwatch’s next hero, a stealthy hacker named Sombra, has brought over 7,000 fans into Blizzard’s alternate reality game (ARG). But some bystanders have become unwilling participants in the ARG as well, as players hungry for Overwatch’s hacker have partaken in some hacking of their own.


Since June, Blizzard has been teasing Sombra to the Overwatch community. Through static in developers’ update videos, tiny letters shown in screenshots and even skulls drawn out of ASCII code, players known as the “Game Detectives” have learned small details about the alleged new hero. But since hints are hidden in wildly subtle, counterintuitive places, the hunt has turned up a lot of false starts. Some of those false starts have had consequences.

Last August, a small group of rogue fans fell under the impression that accessing a player’s Overwatch Battle.net account could provide an ARG hint. The mix-up had to do with the fact that “Sombra” was in the account’s name. Infiltrating the account, these ARG fans thought, was what Blizzard intended.

Overwatch’s Ana

“These users eventually came to the conclusion that they would need to use social engineering to break their way into the account using Blizzard’s support desk,” Game Detectives admin Epsilon told me. According to Game Detectives chat logs obtained by Kotaku, these rogue fans used a combination of guesswork and social engineering—telling Blizzard it’s their account— to change the account’s password and gain access. Then, according to Game Detectives admins interviewedallegedly, they snooped around looking for clues.


Predictably, the account had no connection to the ARG. Regardless, though, the perpetrators posted the username and password on the Game Detectives Discord chat, perhaps as a bid for help. Once the Game Detectives admins learned of the situation, they banned those users and deleted the post.

“Users sometimes get excited and try to take actions into their own hands,” Epsilon explained. Hacking tactics are against Game Detectives policy, admins maintain.

Game Detectives admin Svardskampe said that similar situations have happened around four more times with other Sombra-inspired Battle.net accounts. He described the technique as “social poking around in the Blizzard support section in order to convince the poor [support] guy to make those accounts available.”



In another instance of take-no-prisoners ARG pursuits, in July fans found an e-mail address in the background of an Overwatch comic. In the comic’s PDF version, eager ARG participants zoomed in on the image and discovered some visual static. /r/Overwatch staff member Turikk explained to me that the static, when deciphered, bore an old picture posted by a customer asking Blizzard for World of Warcraft technical support.

“While not immediately visible, under the close scrutiny of the Sombra-hunters, the screenshot, which was of the World of Warcraft login screen, had someone’s email address typed into the login box,” Turikk said. “Assuming this email address was part of the ARG, people begin to research the (real name) that was in the email address, as well as the email address itself.”


ARG fans e-mailed the account. Some allegedly attempted to gain access to it. Perhaps it’s what Sombra, the hacker-hero, wanted. Soon, though, Blizzard clarified that it was not:

“We had nothing to do with that,” Overwatch game director Jeff Kaplan wrote on the Battle.Net message board. “Please do not email that address or try to log into that account. It’s not related to any of the Sombra hints.”

Recently, exhausted from data-mining, unraveling code and squinting at developers’ updates, several ARG participants have grown frustrated. The ARG’s once thousands-strong community has dwindled. The ARG was in a lull—until a few days ago, when an alleged leak stoked the Sombra fire.

Perscitia’s screenshot, URL removed

A screencap posted to a Russian site, and then Reddit, shows a gun-toting woman in purple under the head “Sombra (She will be hacking her way into the build later tonight).” The Overwatch community was flush with excitement, wondering whether the alleged leak was itself a part of the ARG.



The leak’s authenticity has not been confirmed. But that didn’t stop several fans, namely on Reddit where the leak was posted, from navigating to the URL in the image. Turikk told me that the URL led to a “Blizzard Employee Network” log-in. To gain access, you’d need credentials.

For fear that the ARG participants would again resort to hacking, Turikk and fellow Reddit admins removed the link to the website since it “could lead to attacks on that website.” Blizzard has not responded to our query on whether the site had been hacked.

The kind of resourcefulness we’ve seen from the Game Detectives is the stuff gaming communities are made of. But ARGs have limits. Accessing player accounts and e-mails is one of them. Anyway, what kind of developer would actively condone hacking? Ask yourself these questions before falling into the Sombra rabbit hole.


In any case, Sombra’s reveal looks like it’s coming soon—perhaps at November’s Blizzcon, or sooner this month.