Authenticator Removed?

Customer Support
I had my account hacked today and the authenticator was removed from my account. It's funny that I receive emails when my password is changed but not if my authenticator is removed from the account.

I decided to sign up for SMS protection.


yup.

Blizzard refused to tell me when or how the authenticator was removed from my account, which is kind of annoying... if I had that information, I could at least determine which computer or cellphone may have been compromised (although, a malware/virus scan of my primary computers came up clean and my authenticator is not attached to a rooted phone... it was actually attached to my old phone, which has been in airplane mode for like 2 months since I upgraded to a new phone, which didn't have the authenticator software installed on it until this incident)
pure speculation until we hear any kind of official statement.


Which Blizzard would refuse to do, even some of the staff who posts here admits there is a problem with security hence it's no longer speculation.

Ever wonder if there were a problem and blizzard had to pull off a product off the shelves because of security breaches, take Diablo III as an example of the gold duplication bug.

I'm not saying it wont happen here in wow but you never know, why else would people address their concerns about the reliability of the authenticatior?
Bioshocked, I am surprised they would not be able to tell you the date or method of removal. They have always looked over account history for me when I asked. Did you try calling them when they are open? (after 10am PDT...so about 30 mins). Once they verify you are the account holder they should be happy to help.

Edit - Joustify, the authenticator can not make it LESS secure...so even if you were not 100% sure it worked why would you avoid using it. That is like saying seatbelts are not proven to save 100% of lives so why use one. Also, it is the Mobile Auction House that has security issues, not the Authenticator. If the Authenticator did not work, the hackers would not be going to such lengths to remove them!
06/24/2013 09:28 AMPosted by Joustify
pure speculation until we hear any kind of official statement.


Which Blizzard would refuse to do, even some of the staff who posts here admits there is a problem with security hence it's no longer speculation.

Ever wonder if there were a problem and blizzard had to pull off a product off the shelves because of security breaches, take Diablo III as an example of the gold duplication bug.

I'm not saying it wont happen here in wow but you never know, why else would people address their concerns about the reliability of the authenticatior?


If Blizzard's security were compromised to the degree that non-account holders were able to remove an authenticator, they'd be legally obligated to inform us. Just like they did the only time they've ever been compromised, even though said compromise posed no real threat to account security.

So no, I don't ever wonder if there's been a problem with security on Blizzard's end, because we'd have to know about it.
Bioshocked, I am surprised they would not be able to tell you the date or method of removal. They have always looked over account history for me when I asked. Did you try calling them when they are open? (after 10am PDT...so about 30 mins). Once they verify you are the account holder they should be happy to help.


all I got were non-answers. ("it's under investigation and we cannot disclose that information at this time" and the like)

they also weren't able to tell me how the intruders were able to log into my account at all, as it was frozen/inactive and there's no transaction history to indicate that game-time was added to my account.

I'm glad the credit card I had on the account was expired, although I feel bad for whoever's stolen CC was used to pay for the server transfers they ordered.
Getting quite a few reports of this over in D3 now too http://us.battle.net/d3/en/forum/topic/9363076461?page=1 . Players are reporting the Authenticator is being removed but there are no tickets in the ticket history. Email (gmail) shows no odd IP logins. Password changes now being reported on those same accounts - no email access reported. The only thing I know that can remove an Auth and change the password is SMS Protect.... Any updates from those who know more?

it happened to me, and at this point I'm pretty much 100% convinced that there's a flaw/exploit in Blizzard's systems, given how many people are reporting the exact same issue this weekend (mobile authenticator removed, account hacked).


The biggest thread on this has 337 posts at present. Even assuming we had 20 threads of that, with each poster being a unique person hit by this, that'd be such a tiny fraction of the player base (less than a thousandth) that we wouldn't have enough information to draw any conclusions. The sample size is too small to make any conclusions based on it.


It's also possible that the people affected are completely unable to post on the forums as their information/passwords have been compromised. Not everyone can be as lucky as I was and be sitting at my desk when the attack was happening.

In other news, they didn't/couldn't tell me anything beyond my account having been compromised. But at least they sorted out the unauthorized subscription fee and so on. But no real details on how or when my authenticator was removed in the first place.

Again the only mobile product I have is the Mobile Authenticator, I have never used the mobile armory or the mobile AH, never even installed it.

It's extremely disconcerting...to say the least. Given the hoops I have to go through just to make a support ticket...security questions, photos of my photo ID and so on...that somehow my authenticator just vanished without my knowledge.
So the latest response to my inquiry as to why my Authenticator was removed.

In regards to the removal of your authenticator, I'm afraid it seems that those who perform the compromises figured out how to get the authenticators removed by other means. >.< We have fixed this "backdoor" to ensure that no further actions take place!
06/24/2013 09:37 AMPosted by Delillama


Which Blizzard would refuse to do, even some of the staff who posts here admits there is a problem with security hence it's no longer speculation.

Ever wonder if there were a problem and blizzard had to pull off a product off the shelves because of security breaches, take Diablo III as an example of the gold duplication bug.

I'm not saying it wont happen here in wow but you never know, why else would people address their concerns about the reliability of the authenticatior?


If Blizzard's security were compromised to the degree that non-account holders were able to remove an authenticator, they'd be legally obligated to inform us. Just like they did the only time they've ever been compromised, even though said compromise posed no real threat to account security.

So no, I don't ever wonder if there's been a problem with security on Blizzard's end, because we'd have to know about it.


This reminds me of that commercial where the chic believes everything she reads on the internet and up comes a complete tool and says "Bonjour"!

Why are you so quick discount issues you have no credible information on. I too was hacked and my authenticator was removed. My personal identity has not been compromised due to the nature of my employment, I have taken extra ordinary measures to prevent this.

Before one decides to make irrational statements such as "it has not happened because Blizzard has not told me it has happened" one should know the depth of their knowledge of the issue before blindly posting to the contrary!

This is an issue that needs to be escalated and proper advisement to the community communicated!


This reminds me of that commercial where the chic believes everything she reads on the internet and up comes a complete tool and says "Bonjour"!

Why are you so quick discount issues you have no credible information on. I too was hacked and my authenticator was removed. My personal identity has not been compromised due to the nature of my employment, I have taken extra ordinary measures to prevent this.

Before one decides to make irrational statements such as "it has not happened because Blizzard has not told me it has happened" one should know the depth of their knowledge of the issue before blindly posting to the contrary!

This is an issue that needs to be escalated and proper advisement to the community communicated!


As we have seen, the issue has been escalated, and proper steps have been taken.

No details have been given yet, but if it was a breach of security on Blizzard's end, then they will have to issue a statement, just like they did the one time that happened before. If (and I'm guessing this is the case) these compromises have been related to an exploit on the user's mobile device, then Blizzard will probably release details of what security steps can be taken, if any action beyond the ordinary is required.

So instead of coming back with irrelevant analogies and misrepresentations of what I said, try actually reading the original post.
HMMM.. wonder if this is why so many of us were getting random d/c's...(peeps trying to logon to our accounts.. I have authenticator, but not mobile ah.. ) my putters are scanned quite often for spyware etc. hasn't come up positive for a while. But someone trying to log into my account would prob d/c ... me / us from blizzard . net.. Seriously I get d/c'd about 3 to 5 times a day.. yesterday, no d/c... whoot (knock on wood)
HMMM.. wonder if this is why so many of us were getting random d/c's...(peeps trying to logon to our accounts.. I have authenticator, but not mobile ah.. ) my putters are scanned quite often for spyware etc. hasn't come up positive for a while. But someone trying to log into my account would prob d/c ... me / us from blizzard . net.. Seriously I get d/c'd about 3 to 5 times a day.. yesterday, no d/c... whoot (knock on wood)


Depends on what's happening. There have been a few people who reported that While they were logged in, someone hacked them and bought crappy things (at exorbitant prices) from the auction house, draining all their gold stores. This is likely the reason why the Mobile Auction House was taken down.
That said, someone logging into the game client via your credentials would definitely disconnect you from the game client; however, most D/Cs are just internet/computer/game issues. (For example, I often get D/Cd upon zoning, subzoning or loading screens.
You may have missed Tradewinds post where Blizzard has admitted that hacks have been identified where your statement
players submitting photo ID and other documentation Blizzard requires to remove authenticators.
is false! Please refrain from posting your personal opinion when not fully versed on the situation.

In regards to the removal of your authenticator, I'm afraid it seems that those who perform the compromises figured out how to get the authenticators removed by other means. >.< We have fixed this "backdoor" to ensure that no further actions take place!

Join the Conversation

Return to Forum