Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

WoW Security Warning

A World of Warcraft Account Security Warning from Blizzard about a recent increase in unauthorized World of Warcraft account-logins:

Thereís been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app.

Weíre in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address). If you are among this group, you will receive an email describing how to reset your account.

As a result of these activities, access to the World of Warcraft auction house via the mobile app has been taken off-line temporarily. Upon request, our customer support team will restore in-game items and gold for any accounts impacted.

View
16 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

16. Re: WoW Security Warning Jun 26, 2013, 02:08 m00t
 
PropheT wrote on Jun 25, 2013, 16:38:
m00t wrote on Jun 25, 2013, 12:42:
What I don't know for sure is if the cookie is tied to a specific machine, made non-transferable by some technical method. (overcome if you use a custom login program because you just lie, but prevents it from being copied and used with the normal launcher)

My understanding is that it keeps an encrypted cookie (if that's the right term here I guess) locally stored to the machine, but the system still requires IP range verification in order to region lock the account. Even with the cookie stored locally the account still requires authentication if you move outside of the network range where you originally set the check file, so if you live in NY and someone tries to access your account from Oregon, for example, it doesn't matter if that cookie is there or not; it forces authentication for the account to confirm ownership.

Blizzard still denies that people with authenticators are getting accounts compromised, and just by the way the tool works it's hard to see how they're wrong. The only way I can see it not being secure is if you use the mobile auth on a jailbroken/non-rooted phone.

Basically true, yes. I think there is an unavoidable local flaw if your machine is compromised. They don't have to run the WoW Client, there are almost certainly malware apps that can connect and issue commands as though they were the client and the person on the machine wouldn't even notice.

If windows users practiced (and were not prevented from practicing by the design of windows) good security practices by not browsing on a full privilege account, it'd be a lot harder to have a meaningful client breach.
 
Reply Quote Edit Delete Report
 
15. Re: WoW Security Warning Jun 25, 2013, 23:11 Jivaro
 
Quinn wrote on Jun 25, 2013, 19:01:
Jivaro wrote on Jun 25, 2013, 16:59:
Quinn wrote on Jun 25, 2013, 12:57:
People still play WoW?

People still complain about WoW?


Haha, indeed Although I've been one of the gamers that are defending WoW against the haters up until I played MoP. Like I said, fat monk pandas and Beer Elementals was too much for me. Way too much, in fact.

Yeah, I recently picked it back up, mainly out of curiosity. I hadn't played since the end of BC, so I had a lot to catch up on. It took me a little over a month to get 5 of my characters from 70 to 80+. One of them is now 85, and I am struggling to push further. I enjoyed the Wrath content, but the Cata content was fairly ho-hum and nothing about Panda has really grabbed me. I tried leveling a Monk class, even made it to like 35 or something. Didn't enjoy it. Probably going to end up dropping it again. Too much other stuff out there to play, no to mention a huge backlog in my Steam games.
 
Reply Quote Edit Delete Report
 
14. Re: WoW Security Warning Jun 25, 2013, 20:04 Pigeon
 
Now that I think about it a phony site could probably phish a valid authenticator number from you along with the user/pass. That's probably what happened to my friends. At least its the easiest explanation.  
Reply Quote Edit Delete Report
 
13. Re: WoW Security Warning Jun 25, 2013, 19:01 Quinn
 
Jivaro wrote on Jun 25, 2013, 16:59:
Quinn wrote on Jun 25, 2013, 12:57:
People still play WoW?

People still complain about WoW?


Haha, indeed Although I've been one of the gamers that are defending WoW against the haters up until I played MoP. Like I said, fat monk pandas and Beer Elementals was too much for me. Way too much, in fact.
 
Avatar 57334
 
"Moo," she said.
And I trembled.
Reply Quote Edit Delete Report
 
12. Re: WoW Security Warning Jun 25, 2013, 18:02 Wallshadows
 
Talisorn wrote on Jun 25, 2013, 17:45:
There's no reason NOT to get an authenticator? I'm still amazed that Turbine doesn't offer the option for LotRO.

Those who don't have an authenticator usually use the purchase price as a justifiable argument to be against it without realizing that it's free if you have a mobile. Blizzard makes no profit off of these either as stated a great number of times so they're not swimming in a pit of money as others may want to believe.

$7 for peace of mind 99% of the time even if you are dumb enough to use the same username and password for ten different sites is a awesome deal.
 
Avatar 50040
 
Reply Quote Edit Delete Report
 
11. Re: WoW Security Warning Jun 25, 2013, 17:45 Talisorn
 
There's no reason NOT to get an authenticator? I'm still amazed that Turbine doesn't offer the option for LotRO.  
Avatar 19028
 
Reply Quote Edit Delete Report
 
10. Re: WoW Security Warning Jun 25, 2013, 16:59 Jivaro
 
Quinn wrote on Jun 25, 2013, 12:57:
People still play WoW?

People still complain about WoW?

 
Reply Quote Edit Delete Report
 
9. Re: WoW Security Warning Jun 25, 2013, 16:38 PropheT
 
m00t wrote on Jun 25, 2013, 12:42:
What I don't know for sure is if the cookie is tied to a specific machine, made non-transferable by some technical method. (overcome if you use a custom login program because you just lie, but prevents it from being copied and used with the normal launcher)

My understanding is that it keeps an encrypted cookie (if that's the right term here I guess) locally stored to the machine, but the system still requires IP range verification in order to region lock the account. Even with the cookie stored locally the account still requires authentication if you move outside of the network range where you originally set the check file, so if you live in NY and someone tries to access your account from Oregon, for example, it doesn't matter if that cookie is there or not; it forces authentication for the account to confirm ownership.

Blizzard still denies that people with authenticators are getting accounts compromised, and just by the way the tool works it's hard to see how they're wrong. The only way I can see it not being secure is if you use the mobile auth on a jailbroken/non-rooted phone.
 
Reply Quote Edit Delete Report
 
8. Re: WoW Security Warning Jun 25, 2013, 15:41 MonkeySpank
 
Quinn wrote on Jun 25, 2013, 12:57:
People still play WoW? The moment they threw fat pandas at us, I was disgusted but still somehow decided to give the add-on a try.
Then they came up with bosses made entirely out of fucking BEER! And I was stunned to the core. Another example of humor that got out of proportions (like the second half of the last Saints Row, for example)..

I played wow on and off since 2005. I hate pandas and flying mounts but I have to say that this is the best expansion yet. The great things about wow is the extreme attention to detail. The animation, art direction, music, and GUI are extremely well put together. It is not my favorite game, but it's my favorite MMO.
 
Reply Quote Edit Delete Report
 
7. Re: WoW Security Warning Jun 25, 2013, 12:57 Quinn
 
People still play WoW? The moment they threw fat pandas at us, I was disgusted but still somehow decided to give the add-on a try.
Then they came up with bosses made entirely out of fucking BEER! And I was stunned to the core. Another example of humor that got out of proportions (like the second half of the last Saints Row, for example)..
 
Avatar 57334
 
"Moo," she said.
And I trembled.
Reply Quote Edit Delete Report
 
6. Re: WoW Security Warning Jun 25, 2013, 12:44 Mr. Tact
 
I remember when they changed it so it didn't require the authenticator every login. There were plenty of people on both sides of the debate.  
Truth is brutal. Prepare for pain.
Reply Quote Edit Delete Report
 
5. Re: WoW Security Warning Jun 25, 2013, 12:42 m00t
 
Speculation on how authenticators work: Specifically in the case where it doesn't require it every time, I believe it leaves an authenticator cookie on the local machine, so if you try to log in with a different machine, it'll still ask you for it. Now, if your machine is compromised, you're screwed either way. If you have a cookie, they probably can just take that (or use malware on your machine to utilize it directly from there), or next time you log in and enter your authenticator, they block the log-in attempt from reaching Blizzard servers and use the auth key, login and password to do it from their machine.

So, authenticators are good if they haven't compromised your machine but they know your login/pass (lazy / bad password management), but as with most security, anyone with full access to your local box can do whatever they want.

What I don't know for sure is if the cookie is tied to a specific machine, made non-transferable by some technical method. (overcome if you use a custom login program because you just lie, but prevents it from being copied and used with the normal launcher)
 
Reply Quote Edit Delete Report
 
4. Re: WoW Security Warning Jun 25, 2013, 12:25 Jivaro
 
I suspect the issue is that people who buy authenticators often set up their account so that it doesn't require the authenticator every time they log in. I am not saying that Blizzard hasn't ever had security issues of their own, I am sure they have. I am just pointing out that there are plenty of people who go and get an authenticator and then neuter it's effectiveness.  
Reply Quote Edit Delete Report
 
3. Re: WoW Security Warning Jun 25, 2013, 12:10 Darks
 
A long time ago my sons account got hacked before we had Authenticators. As soon as he got hacked we bought two of them and havenít had issues since. Although I havenít played on my account in over 2 years now, donít plan on going back either.

But I have heard of Authenticator accounts getting hacked. But I suspect those who are have been to sites or buy gold. Most stupid asses who buy gold use the same name and password on the gold sites so they basically are handing over to these Chinese assholes their account and passwords. And then they wonder how they got hacked.
 
Avatar 20498
 
Creator of the Neverwnter Nights Eye of the Beholder Series of Mods.

http://nwvault.ign.com/View.php?view=Modules.Detail&id=6375
Reply Quote Edit Delete Report
 
2. Re: WoW Security Warning Jun 25, 2013, 12:09 Wallshadows
 
On a side note, I always get a message stating I am logging in from a new location on POE and have to re-enter my password. Nothing changes on my account though, not even my location, and I have a fair amount of valuables within the chest so it doesn't quite add up...  
Avatar 50040
 
Reply Quote Edit Delete Report
 
1. Re: WoW Security Warning Jun 25, 2013, 11:44 Pigeon
 
I had a couple of friends who had authenticators get their accounts hacked. This is probably a bigger security issue than they're willing to accept/admit.  
Reply Quote Edit Delete Report
 
16 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >


footer

.. .. ..

Blue's News logo