Blizzard: WoW Seeing Unusual Rise in Unauthorized Logins

News
By Kevin Parrish
published

Blizzard has disabled access to the Auction House via the Mobile Armory app.

Blizzard warned World of Warcraft subscribers on Monday that there has been a recent increase in unauthorized account logins via the website and mobile armory app. The company is currently in the process of notifying any account holders who were not using a Blizzard Authenticator and whose account showed signs of unauthorized access. Affected subscribers should expect an email soon describing how to reset their account.

"As a result of these activities, access to the World of Warcraft auction house via the mobile app has been taken off-line temporarily," the company said. "Upon request, our customer support team will restore in-game items and gold for any accounts impacted."

Blizzard's notice appeared after a number of World of Warcraft subscribers said on June 22 that the Mobile Armory had been used to fraudulently spend large amounts of their gold on extremely overpriced white-quality items on the auction house -- a way to launder gold to the posting player. The reports stemmed from both the United States and Europe, with players losing hundreds of thousands of gold. Many of these players even have Blizzard Authenticators attached to their accounts.

"This just happened to my account tonight, while I was logged in. I felt my phone vibrate so I took it out to see what it was, somehow, magically my Mobile Armory app had been opened and as I tried to swap toons on my wow account, it prevented me from logging in because my mobile armory was logging in," said one player. "In the time it took me to manually log off the mobile armory, someone had purchased Simple Wood from the AH using the mobile armory, taking me for all my gold."

"It's the mobile armory app on your smart phone. Seems they were all targeted in the night. I work graveyard shift and managed to see it happen," admitted another.

Naturally, Blizzard suggests that subscribers change their passwords periodically, and use the two-step authentication process to protect their account (SMS or Authenticator). To better protect themselves, customers are encouraged to read the company's security tips which are outlined here.

Kevin Parrish
24 Comments Comment from the forums
  • dgingeri
    Well, if they do this to me, they'll be quite disappointed about the amount of gold they can get from me. I don't think I have a single character with more than 300g, but I have 9 alts at 85 or higher. I guess I'm just too much of a compulsive spender.
    Reply
  • unoriginal1
    It's because of WoW's retarded security... If you login from ANY unrecognized network. BAM! Instant Unauthorized this or that and you have to change pw etc. You won't get "hacked" (i hate that term cause it's not hacking) IF you don't share your PW, and aren't stupid about what you open / install on your pc. The best Security is a smart user I have no pity for morons.
    Reply
  • wysir
    I blame Blizzard's lack of security. I was hacked back in the day and I never gave out my PW, nor did I associate my PW with anything else "WoW" related. Either they let add-ons run code to steal account info, or they are straight up getting their DB hacked/leaked and don't have a clue.
    Reply
  • This is an ongoing issue with Blizzard's security. A few years back, I got an email that my account had been disabled for using some hack to do with gold. At the time, I had not logged into or been subscribed to WoW for at least two years. When I called Blizzard's support to get the problem cleared up, they insisted that I had either given my password to someone or that a keylogger had captured it. When I asked to speak to a supervisor, told them that it had to be a security breach on their end, since I hadn't even had WoW installed on my pc for years and I never gave out this password (which was unique) to anyone, they still refused to accept responsibility or look into the matter.
    Reply
  • d_kuhn
    Seems like it'd be easy enough to spank the player receiving the gold and discourage this activity. It's also easy to detect, just scan the ah for items posted, bought, or sold for far greater then their average selling price and you put a stop to this sort of thing.
    Reply
  • unoriginal1
    I don't mean to be a jerk... But it is highly unlikely that WoW's database was compromised.. and even if it was. They would not single out 1 account and use it to go take all your gold etc.

    The issue most likely remains with the user. Whether it was a nasty add on installed that carried a friend with it, a cheat that carried a nasty friend with it or as described above you "trusted" your best online friend. "Ohhh it couldn't be little Timmy we knew each other for years" If I had a dollar for every time I heard this...

    Ive played games online for over 15 years and never once have I had a security issue or an account hacked. I played KO when it was Hot and had over 10K worth of items... Never once was it compromised. When I quit I sold all my gear and profited quit nicely. I know we are all IT experts and want to put the blame on someone else..... Just my two cents.
    Reply
  • hfitch
    The whole issue is not Blizzrd itself. Hackers have two methods now of getting through your authenticator. A friend of mine who has hacked it himself showed me how it works. A malware that targets iphones and android keylogs your phone. They grab the password. Then they remotely log onto your phone use the password you typed and since you have authenticator on the phone it auto paste the current numbers. Hackers can also use this your apps and have the code from authentication sent to them remotely.
    Reply
  • unoriginal1
    11056856 said:
    The whole issue is not Blizzrd itself. Hackers have two methods now of getting through your authenticator. A friend of mine who has hacked it himself showed me how it works. A malware that targets iphones and android keylogs your phone. They grab the password. Then they remotely log onto your phone use the password you typed and since you have authenticator on the phone it auto paste the current numbers. Hackers can also use this your apps and have the code from authentication sent to them remotely.

    +1
    Reply
  • nforce4max
    Yikes even private servers have better security than this, Blizzard really doesn't protect it's customers and they have exposed their systems to hackers with all these apps. Got between 10-15 million gold between my chars and accounts.
    Reply
  • ANevers
    It's up to the users to safeguard their account, not Blizzard. If you are hacked it is YOUR FAULT. I see a lot of ignorant posters here laying the blame (Wrongly) at Blizzards feet for instances where their character was hacked.
    Reply