World of Warcraft mobile auctions closed after rash of account hijacks
Temporary closure follows reports of hackers using mobile armory to scam users
By Dan Goodin
World of Warcraft publisher Blizzard has temporarily closed mobile access to its online auction house following reports that hackers were using it to scam users out of large amounts of digital gold.
"There's been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app," Blizzard officials warned in a blog post published Tuesday morning. The company is in the process of notifying users who show signs of account compromise and who didn't use a two-factor "authenticator" to help secure connections. Those users will receive instructions for resetting their accounts and be eligible to have their raided gold restored.
The temporary closure comes three days after reports surfaced that unauthorized purchases were being made against user accounts at highly inflated prices. "The items purchased were two brawler white quality items and a white quality level 1 axe," one WoW player wrote here. "I have an authenticator and a relatively difficult password. What could have happened, and what recourse do I have? Will I ever see my gold again?" The items purchased were a brawler's vest for 135,423g, a worn battleaxe for 53,142g, and brawler's pants for 19,660g.
The mobile armory app provides remote access to the WoW auction house while players are away from their main computers. Three days and more than 350 complaint posts later, it's still not clear exactly how hackers have been able to log in to people's remote auction house accounts and make purchases against their gold reserves. Theories on the attacks being debated heatedly among players range from vulnerabilities on Blizzard servers to compromises of the smartphones used by compromised players. Late Monday, another player reported:
"Logged on WoW armory using my Android phone to see my [character] penniless. Logged on my WoW to see I bought a very expensive bread on [the auction house]. Interestingly I sold one of my barsqon [sic] the [auction house] for one copper to the same [character] so I deduce the hacker must have been using that to discern how much I have.
It is most likely a breach from my mobile rationale being had they known my pw and auth they would have stripped even the gear and all the stuff in my bags. In this case they were not. Unless the hacker has a semi conscience and decided to take only gold."
Again, the Blizzard blog post said its customer support team will restore in-game items and gold for at least some compromised accounts. The blog post also reminds players to follow good security hygiene, including periodically changing passwords and practicing these security tips.
Temporary closure follows reports of hackers using mobile armory to scam users
By Dan Goodin
World of Warcraft publisher Blizzard has temporarily closed mobile access to its online auction house following reports that hackers were using it to scam users out of large amounts of digital gold.
"There's been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app," Blizzard officials warned in a blog post published Tuesday morning. The company is in the process of notifying users who show signs of account compromise and who didn't use a two-factor "authenticator" to help secure connections. Those users will receive instructions for resetting their accounts and be eligible to have their raided gold restored.
The temporary closure comes three days after reports surfaced that unauthorized purchases were being made against user accounts at highly inflated prices. "The items purchased were two brawler white quality items and a white quality level 1 axe," one WoW player wrote here. "I have an authenticator and a relatively difficult password. What could have happened, and what recourse do I have? Will I ever see my gold again?" The items purchased were a brawler's vest for 135,423g, a worn battleaxe for 53,142g, and brawler's pants for 19,660g.
The mobile armory app provides remote access to the WoW auction house while players are away from their main computers. Three days and more than 350 complaint posts later, it's still not clear exactly how hackers have been able to log in to people's remote auction house accounts and make purchases against their gold reserves. Theories on the attacks being debated heatedly among players range from vulnerabilities on Blizzard servers to compromises of the smartphones used by compromised players. Late Monday, another player reported:
"Logged on WoW armory using my Android phone to see my [character] penniless. Logged on my WoW to see I bought a very expensive bread on [the auction house]. Interestingly I sold one of my barsqon [sic] the [auction house] for one copper to the same [character] so I deduce the hacker must have been using that to discern how much I have.
It is most likely a breach from my mobile rationale being had they known my pw and auth they would have stripped even the gear and all the stuff in my bags. In this case they were not. Unless the hacker has a semi conscience and decided to take only gold."
Again, the Blizzard blog post said its customer support team will restore in-game items and gold for at least some compromised accounts. The blog post also reminds players to follow good security hygiene, including periodically changing passwords and practicing these security tips.