World of Warcraft Authenticator Hacked

50 Comments

1. The code on your authenticator changes every thirty seconds, so the hacker does not have a few minutes to log on, but under half a minute. That is a pretty small window of time for a hacker to get into your account.

   Not impossible, but it is a pretty resource intensive way to hack an account as it requires the hacker to be there when his system logs him in to steal your stuff. He cannot change your password or remove the authenticator from your account at that point.

   Meanwhile, if you knew what was happening (which is unlikely, but it could happen) you can actually log your account out from Battle.net by toggling parental control options.

   But yes, no tool is perfect.

2. He’d log into your account rather than a game session, wouldn’t he?
   `
   Also there’s some speculation rather than amazing new viruses which you get from even passes across a page* that it’s sometimes an inside job. Current employees or previous employees with a back door.
   `
   * Which is questionable, because if they were that good they could hack bank accounts easily and we aren’t seeing as many hacked bank accounts as wow accounts (granted, bank hacking is a real criminal offense with prison time attached – hacking a wow account will never result in jail, so maybe they target the safe stuff more)

3. If one hacks a bank account or anything of that ilk you have committed a federal crime. Hacking a WoW account means nothing.

   The problem is not the hackers. I mean, sure, some people will hack just to do it. But the serious WoW hackers do it for the gold. So the real culprit here is not the hackers but the lazy players who buy the gold. No gold buyers == no hackers. It is just that simple.

4. Even if wow auth is “hacked” its like you said: players get hacked because they do bad things on their computers, such as downloading bots, hacks, miracles programs etc.

   Hacked players deserve to get hacked and account banned!

5. This is not a hack.

6. wow thx Bob. Care to share any more knowledge on the subject and how you came up with that brilliant response or were ya just trolling?

7. I don’t know why but for some reason people that play MMOs are more subjective to getting “hacked”, virused, phished, etc.

8. Well said ZaoZao. If people partake in unsafe surfing habits and are lazy with their account passwords/computer security/or let they ankle biting chav kids on their computer then they deserve to get hacked.
   Don’t come crying to me. LOL !!!

9. There’s actually roughly 10 minutes that each code remains valid for. Or so it was, last time I checked, which was about 3 months ago.

   They function in that way, due to the margin of error needed because of the nature of the system clock inside of the authenticator itself.

   FFXI uses a similar system, but last I checked, it had a 22 minute acceptance period. After that, the codes become invalid, automatically.

   Of course, once a code is used, that and any previous to that, become invalid, that’s why it is generally safe.

10. @Not a WoW player but a computer expert and @ZaoZao:

    What a load of crap! So you say that stealing is ok?! Moron!! People like you have to get banned from the net, then the net would be a saver place! Idiots

11. The authenticator hasn’t been hacked at all. If people were generating codes w/o the device in front of them then people are in trouble. This is simply a man in the middle attack where the authenticator code is stolen from an *ALREADY COMPROMISED* computer and relayed elsewhere.

12. @ZaoZao and similar asshats:
    .
    “players get hacked because they do bad things on their computers, such as downloading bots, hacks, miracles programs etc”
    .
    True, but players also get hacked from a myriad of other non-cheating ways. All it takes is a single download of a single bad file. WoW is so big now, and the chance of getting in trouble for spreading these keyloggers/etc is so low, that this has started to become easy money for these thieves. They can come from anywhere, not just fake cheats and wow-hacks, its not like it hurts them to have keyloggers on computers that don’t play WoW.. As someone who was hacked years ago in classic wow, wishing that on anyone only meas YOU deserve to be hacked.

    I can’t imagine how bad this must be in China where a large percentage of people don’t have their own computer, but log in at internet cafe’s.
    .
    That’s how I got hacked, logged in at a Singapore internet cafe. Looking back now, yea that was a dumb idea, but this was a LONG time ago way before even BC was out. I had a server first of getting the mace: Persuader (Which required 2 BOP regents). I got conned by the fact that ~50 other locals were there playing WoW at that moment (there was a Warcraft III tourney going on). Being in the Navy, I did not log in again for 4 months when we finally got home in Japan. Becasue of that, Blizzard would not replace any of my stuff. Instead my rogue got a full set of random greens, including a single weapon… a dagger of fiery wrath.

13. @Seapeabi Sorry, but hacking a wow account or hacking any computer is a crime. There are laws since 1986 that say that any unauthorized use of computer is illegal and punishable. The law makes no distinction between banks and WoW. And people like you who think the victim deserves what they get is indicative of the hacker mentality. It’s not the gold, stupid. It’s the people who think stealing by computer isn’t a real crime.

    Time to start punishing the hackers by enforcing the existing laws.

14. What I would like to know is how does an authenticator end up on your account when it has been closed for three months. I have never activated an authenticator, but now it asks for one.

    I can still change my password which helps. Now waiting for a reply from Blizzard who will hopefully answer intime to re-sub when Cataclysm rolls out

15. Taranx, unless you play on Galakrond you are not the only one that this has happened to. I agree with Ianal, hacking a Wow account is just as much theft as going after banking information. A lot of time and effort goes into making these ‘toons’ and having some low life steal them on you is just as devastating as losing a car or other belongings to a thief. The laws should be enforced and not a slap on the wrist either.

16. Well i am hacked becouse a sh*bag, he was selling Spectral swift tiger mount , he gave me code & site i entered and 1 min after someone putted a Authenticater on my account…. And Call center of blizzard is conjested

17. I’m sorry you got hacked but just to remind you and everyone else that plays WoW….no one should fall for the Spectral tiger scams anymore. I know people spam trade chat all day offering this code but Blizzard made it so you can actually put the card mounts on the Auction House…..so yea…don’t get scammed.

18. Recently, many accounts on WoW are getting hacked through their registration system. This has nothing to do with viruses, malware, trojans, et cetera. I’m glad I shut down the card that I tied to WoW. Do the same and get your payment information out of Blizzards system.

19. it can be used when you get hacked the hacker kan put it on your acc like there did to min to just been hacked so

20. well for those of you who like to blame the ‘hackies’ for doing unsafe acts and think its ‘fair’ for it to happen to us your dead wrong.

    I work on computers, fix them, and have always warned my brother of the sites he goes to on his computer. I am VERY safe and still, one day, with spyware doctor and avg on (updated of course) and a FRESH vista logged on and was hacked while i was at work…whats even worse that after blizz gave me everything back, a few days later i was kicked offline and checked my email…sure enough had a reset password email…so i huridly logged onto battle.net and reset everything again…i even had an authinticator on the whole time…so explain that…

    If its not a disfunctioned/disgrountal blizz employee then idk what it’s…sad thing is i have had my AVG, Spyware Doctor, Adaware plus, and proccess scanner and NOTHING has popped up…i even searched everywhere for that .dll file…nothing…help?

21. I got haxd yesterday… the funny thing is i dont play wow anymore.. The only reason i found out was for SC2 Beta. suddenly i required a bloody Authenticator code to log onto Battle.net (after logging just hours previous). /sigh xD

22. For those who recently got hacked, there’s something very fishy going on with the addon site, Curse. Also, My boyfriend helped me out with a few virus scans and it took him three hours of scanning using different programs to find the viruses.
    The jerks not only deleted and stole all my gear but they completely DELETED a level 80 character. -_-.
    I’m now in the process of bugging blizzard to restore everything that the hackers emptied, which includes and entire guild vault. /sigh

23. I was hacked earlier this week. I’ve always been careful and I run security software. Even after the hack my scanners didn’t find ANYTHING on my system. After four hours of scans (Avast, Comodo, Webroot, Spybot, CCleaner) I finally found the trojan responsible. Avast detected it while I ran a boot scan. I caught the bloody thief in action, two hours after the account was compromised. The damage seemed minimal. My 80 was stripped, all gold from all my toons gone, and a few stacks from a guild bank. Going on 5 days now & my account is still suspended *sigh* With all the recent talk of “hack increases” and authenticator hacks, I’m wondering if it’s even WORTH going back to playing.

24. Blizzard made all that money on the Celestial Steeds, you would think they would put some into customer service. Our account got hacked twice in the matter of two days, all precautions were taken.

25. Qix. i cannot imagine how bad that would blow.
    I’ve never had any issues with hacking period..

    I know lately there have been some issues with addons from Curse.com, and also wowstead. So if your password on wowstead is the same as your WoW password, you should definitely considering changing it.

26. is it possible for an authenticator be used to hack an account because i didn’t get an authenticator and the next day BAM it asks me for one and my brother says that he thinks someone got an Authenticator and used it too steal my account so now i cant get on and i use virus scans everyday to find the problem.

27. This what i do every time i put password just like everyone but when I put the numbers from the authenticator I miss then for example I need to put 34114456 I start with 4456 then I click back and put 3311
    or I start with 56 and I click back for 341144 you can make it they way you want it also I wait for the last 3 sec to hit enter so they don’t have time to play with numbers

    Anotherthing I only use the computer to play wow I don’t even check mail or use internet browser I have a laptop for that stuff I hope this help you HF.

    For Alliance!

28. i had an authenticator key on my account and i got hacked, i have NEVER logged into anything besides Battle.net with that email and password. i know ALOT of people get hacked because they download Add-ons, so in reality we didnt deserve to get hacked. get your facts straight, now the ones that do log into other sites with the same info do deserve to get hacked but too much money gets put into these things for Blizzard too let people keep getting these. they really need a security system.

29. I’ve used an authenticator for years, I’ve never been hacked. I visit any site I want, I install addons from Curse.

    Dont’ be an idiot and install stuff, get an authenticator and you will never be hacked.

30. @mine didn’t get hacked: The whole problem here IS the authenticator code. Someone got hacked for who knows why, and the bloody no-lifer decided to put an authenticator code on there. Now, they can’t reach their own battle.net account. That’s the whole problem. The so called “safe” Authenticator code has everyone, including me, in a mess.

31. In Windows, there are many operating system “hooks” that are used by anti-virus, firewall, and other program applications. Malware applications, however obtained (stupidity, or zero-day system or application exploits not requiring stupidity), use these hooks too, especially keyloggers. If the malware has access to internet and it can see what tasks are running on the computer and it can see everything that gets typed or otherwise input (such as by USB) then, especially if the computer is fast and so is its internet connection, there isn’t really any way to design an authenticator that can not be thwarted if the user has to type something for the authentication.

    But. If Blizzard were to record the “Machine ID” of each authenticator and keep that associated with an account and send a request for it at a randomly changing time during the login AND the authenticator replied to the WoW client that forwards that reply in encrypted format to the WoW server WITHOUT the user having to do anything (no typing!) but press a button on the authenticator then it seems to me that would make it impossible for a “man in the middle” attack happening on a compromised WoW client computer. Am I wrong? So why isn’t it being done?

32. Heh the spectral tiger phishers are out, contacted blizz gave them my alt email but never received anything to chnange the email,now my accounts just floating around but the phisher can’t get it I believe

33. If you think your account can be hacked with an authenticator, Think again. Authenticators are proven Security Tools used by Many Governmental Agencies.

    The Absolute sure fire way that your account can get hacked is if the hacker breaks into your house and steals your authenticator. (unlikely)

    No other way possible & honestly i just don’t believe anyone who claims otherwise.

    Sorry but i think all the stories of the Authenticator Hacked account are just total bullshit.

34. @Moose and other non-believers…
    Our Guild leader was just hacked over the weekend, along with 4-5 other accounts in the guild.
    The GL had an authenticator on her account, and she still got hacked. Guild bank cleaned out, and all toons stripped. Explain how it happened to her please, because Blizzard can’t.
    Oh that is right, everything I just typed is bullshit…open your eyes, it can and does happen.

35. i had no AUTHENTICATOR attached to my account.
    i was hacked gear,gold and items stolen.
    and this is the wierd part, they, the hacker, attached an AUTHENTICATOR to the account.
    after i got back on and after a fortnight wait to get my gear back.
    3 days later i was hacked again and the AUTHENTICATOR is now active and i cant get on.

36. i cant get the password i never got the password and i never even had that and now today i have the dang authenticator and i cant log on to any of my stuff for wow so fix this cause i worked way to hard to lose all my stuff and account so pls just fix and i have been getting hacked before

37. i am gm of my guild, and i got hacked. when i went to log in to my account it asked for an authenticator code, which i don’t even own one, so i dont know what happens from here.

38. I myself am a computer tech and have an authenticator. Untill last night I didn’t understand how anyone who has authenticator, internet security, and doesn’t buy gold or anything else to comprimise there account could be hacked. I have been playing for two years without a problem and have a deticated email just for my wow account. I came home and logged on to wow to find out my authenticator code wasn’t working. I tried to log on to my battle.net account and my password was invalid. I had to do the security question and send a password reset to my email and found that there was one in my inbox already. Ichangedmy password and my toon had been moved. I scanned my computer and searched for emcor.dll and found nothing.

39. Yep, just got hacked, no emcor.dll file, am being asked for the authenticator code that i never had. never used addons, pw was unique to account, also reset, got middleman scammed.

    It’s sad and I’m expecting the worse lol

40. Mark…the same thing happened to me today.
    I got hacked and the thing is asking for the authenticator that i never had.
    Im really fucking pissed

41. i got hacked andt said to put in a authenticator code that i never put on my account so now i cant play

    i just wanna get rid of the code but that takes a while and i dont even know what to do to get rid of it

    do any of you know the easiest way to fix this promblem i dont care if it takes a week i just wanna make sure it works

42. by the way if you could make it not a very complecated way that would be better

43. Justin, the best thing to do would be to contact Blizzard. In most all cases, their support staff can recover your account and replace stolen/missing items and gold, and also retrieve deleted or transferred characters (toons).

44. This authenticator thing is crap i have so many toons and all at 70+ i cant log into my account and all my ghard work is down the drain. and to beat that i dont remember getting a code

45. Hmm…well..I’m not sure if I happy I’m not alone or really depressed to see so many others with the same issue. Have an account that suddenly has an authenticator associated with it. Having not purchased or used an authenticator it appears I have been hacked. Have called help and told they have too high a volume to even leave a message. Got an auto reply to the online submission form for help. My advice, if you see this – is call for support right away. By the time you see this message I think you’ve already been compromised. Anything you do at that point to change the account info will only allow a screen reader to grab more info.
    “Blizzwinifre – Hello! Blizzard game system scan to your game account a violation of rules of the game’s virtual currency trading. Please vist our website http://wow.battlenet-account. info/ review your account information or we will suspend your account,”

46. my account also suddenly has an authenticator attached to it, sent a message to Blizz and got an auto-reply. i havent even played since may, and i DID have curse client, which i will never use again. im thinking that once i get my account back i should definitely do a complete reformat of my HDD.

47. Also, i dont think anything was stolen from my account since it was inactive when it was hacked lol, unless the hackers want to pay for my gametime, guess being a cheapass can pay off.

48. I’m in the same boat as everyone else…asking for the authenticator that i never attached. I logged into the WoW forums and looked at my own profile and i have about 20 new characters at lvl 1. I didn’t even have any time left on my account! So it looks like someone’s in my account. i keep scanning my pc for viruses and such but nothing comes up. Emailed Blizzard about 4 days ago and i haven’t heard anything. I hope this gets fixed soon.

49. thanks tony do you know what the number for the support team is?

50. Well I have just been hacked like all of you. What happened was I had recieved an in game mail in my mailbox that read something lik “Congrats on hitting lvl 80! Come check out the new hero class for Cataclysm at our web site xxxxxxxxxxxx and you will recieve an in game gift” Do not go to that web site. It looks exactly like the cataclysm web site even the links take you to real wow sites. If you click on the video below the goblin and wargen info links it wont work though. What I sugest is that if you get directed in game or out of game to report to a web site and you have to enter you login and PW for it, enter a false one first and if it allows you to log in then you know for sure it is false. as fare as viruses and those things i have no idea what to do. From reading all of these posts i have gathered that even the virus sacns arent picking them up. I think that maybe some of these computer experts that post on here should offer options blizzard and or the user can do to fix this problem. I feel as if someone has come into my house and stolen from me because that is pretty much what has happened. I pay for this account and I give my time to it and for someone to come and take that from me isnt right at all. If you have been hacked and you are scared of whats going on with your chars you can check them on the wow armory site. The first thing I recomend you to do is change your password asap. If they are using that authinticator (dont think i spelled that righ) to keep you from getting into your account then they also need the password. If you change one it should prevent them from gaining any more access to your account. What if one way to fix the problem would be for blizard to create their own anti hack softwear that they include in the instalation of the game that is spacific for their game and their softwear only? I dont know much about softwear and computer systems but that sounds like it could work better then using a program that is built for everything on your computer instead of a single program built to protect a spacific program.
    Tell me what you think