World of Warcraft Accounts Hacked, Auction House Taken Offline

June 25, 2013 -

Blizzard seems to be having a hell of a time with its online auction houses lately.

Last month, a Diablo III patch introduced a gold-duplicating bug that forced the developer to take the game's auction house offline until it could fix the bug and audit players' accounts.

This month, a rash of unauthorized account logins has forced it to disable mobile access to the World of Warcraft auction house.  Players have reported fraudulent purchases and missing funds.

"We’re in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address)," said Blizzard. "If you are among this group, you will receive an email describing how to reset your account."

Blizzard says that, upon request, it will restore in-game items and gold for any accounts that have been compromised and asks that players heed its published security tips to keep their accounts as safe as possible.

At this point, it's unclear how hackers managed to gain access to players' accounts but popular theories range from vulnerabilities on Blizzard's servers to compromised smartphones being used to remotely access the auction house.

Source: Arstechnia

-Reporting from San Diego, GamePolitics Contributing Editor Andrew Eisen


Comments

Re: World of Warcraft Accounts Hacked, Auction House Taken ...

Good thing I kept my authenticator.

Re: World of Warcraft Accounts Hacked, Auction House Taken ...

And good thing I didn't remove my authenitcator when I had so much trouble with it when Heart of the Swarm came out.

---You are likely to be eaten by a Grue.

Re: World of Warcraft Accounts Hacked, Auction House Taken ...

I haven't played WoW in years and now I guess I'm sorta glad that I haven't.

 - W

Consumer responsibility is just as important as Corporate responsibility. So, be responsible consumers.

Re: World of Warcraft Accounts Hacked, Auction House Taken ...

At this point, it's unclear how hackers managed to gain access to players' accounts but popular theories range from vulnerabilities on Blizzard's servers to compromised smartphones being used to remotely access the auction house.

My money's on "accounts are being compromised the same way they always are, but the attackers are using a different method to steal money than logging in via the game client".

EDIT: Then again, maybe not. Someone on ArsTechnica claims to have reported an exploit that involves a CSRF vulnerability...basically, by embedding code like <img url="http://blah.blah"> in a website (whether via compromise or a simple forum post), anyone viewing that site from a mobile device with the RAH app installed would end up attempting to make a specific AH purchase, with the item and money spent determined by the attacker.

If the commenter is telling the truth, neither they (or Blizzard, apparently) seriously expected the vulnerability to be exploited on a large scale due to it realm-specific nature and how easy it would be to track. Oops?

 
Forgot your password?
Username :
Password :

Poll

Will Code Avarice's Paranautical Activity make its way back onto Steam?:
 

Be Heard - Contact Your Politician