Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:

Regularly scheduled events

WoW Security Warning

A World of Warcraft Account Security Warning from Blizzard about a recent increase in unauthorized World of Warcraft account-logins:

There’s been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app.

We’re in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address). If you are among this group, you will receive an email describing how to reset your account.

As a result of these activities, access to the World of Warcraft auction house via the mobile app has been taken off-line temporarily. Upon request, our customer support team will restore in-game items and gold for any accounts impacted.

Post Comment
Enter the details of the comment you'd like to post in the boxes below and click the button at the bottom of the form.

16. Re: WoW Security Warning Jun 26, 2013, 02:08 m00t
PropheT wrote on Jun 25, 2013, 16:38:
m00t wrote on Jun 25, 2013, 12:42:
What I don't know for sure is if the cookie is tied to a specific machine, made non-transferable by some technical method. (overcome if you use a custom login program because you just lie, but prevents it from being copied and used with the normal launcher)

My understanding is that it keeps an encrypted cookie (if that's the right term here I guess) locally stored to the machine, but the system still requires IP range verification in order to region lock the account. Even with the cookie stored locally the account still requires authentication if you move outside of the network range where you originally set the check file, so if you live in NY and someone tries to access your account from Oregon, for example, it doesn't matter if that cookie is there or not; it forces authentication for the account to confirm ownership.

Blizzard still denies that people with authenticators are getting accounts compromised, and just by the way the tool works it's hard to see how they're wrong. The only way I can see it not being secure is if you use the mobile auth on a jailbroken/non-rooted phone.

Basically true, yes. I think there is an unavoidable local flaw if your machine is compromised. They don't have to run the WoW Client, there are almost certainly malware apps that can connect and issue commands as though they were the client and the person on the machine wouldn't even notice.

If windows users practiced (and were not prevented from practicing by the design of windows) good security practices by not browsing on a full privilege account, it'd be a lot harder to have a meaningful client breach.
Reply Quote Edit Delete Report
      ;)   ;)   :(   :(   :o   :o   %)   %)   :)   :)   :|   :|   ;P   ;P   X|   X|   :D   :D   More
Login Email   Password Remember Me
If you have a signature set up, it will be automatically appended to your comment.
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
          Email me when this topic is updated.

Special Codes

  • b[bold text]b
  • i[italic text]i
  • u[underline text]u
  • -[strikethrough text]-
  • c[code text]c
  • +[bullet point]+
  • q[quote text (indented)]q
  • [quote="Author"]quote text (indented)[/quote]
  • [url=Link]text[/url]
  • r{red text}r
  • g{green text}g
  • b{blue text}b
  • m{maroon text}m
  • s{secret text (shows in the background colour)}s

Forum Rules

  1. Disagree all you want but attacks of a personal nature will not be tolerated.
  2. Ethnic slurs and homophobic language will not be tolerated.
  3. Do not post spam, links to warez sites, or instructions on how to obtain pirated software.
  4. Abusing the forums in any manner that could be construed as 'griefing' will not be tolerated.


Blue's News logo