Mobile Authenticator Issue after Compromise

90 Tauren Paladin
6930
My account was recently compromised (While i had a stand-alone Authenticator Key Fob), i have been able to regain control via help from the web support form and via GM's online. I felt that the mobile Authenticator would be a better alternative.

My account was temporarily Banned/Locked for approximately 4 hours after they restored my items due to "suspicious" activity. After placing a ticked, and eventually calling customer support i was finally able to get my account unlocked by a very helpful representative.

I've reset my password, and have no problem at all logging on to Battle.net with my authenticator attached, but when i log into game, it gives me an "Error 104" initially i assumed i needed to reset my password, so i have a couple times only to receive the same error.

I've used the Resync feature (as described on the mobile authenticator troubleshooting page) on my phone and it still wouldn't let me log in. Only until i completely removed my authenticator was i able to actually log into World of Warcraft and start collecting my recovered items from the mail.

I do not want to play without an Authenticator, but from what it looks like, if i attach an Authenticator i wont be able to play at all.

Am i doing something wrong? is there a step i have missed? ANY constructive response would be appreciated.

p.s. i have downloaded and ran malwarebytes and have removed the associated Malware.
Reply Quote
14 Blood Elf Priest
0
12/19/2012 04:35 PMPosted by Tibbz
My account was recently compromised (While i had a stand-alone Authenticator Key Fob)

This would be very disconcerting :( It's 'almost' impossible for this to happen. The only way for that to happen would be to have some extremely nasty malicious software on your computer. This is not something that can be done any other way (other than someone in your home having access to your authenticator).

Although it looks like you found the malicious software and have removed it.

12/19/2012 04:35 PMPosted by Tibbz
I felt that the mobile Authenticator would be a better alternative.
Technically speaking, it's not as secure.

12/19/2012 04:35 PMPosted by Tibbz
Am i doing something wrong? is there a step i have missed?

I'm not too sure if I missed it in your post or not, but you can only have one authenticator on your account at a time. So if the key-fob version is still on it, then you have to remove that one prior to adding the Mobile version....something I still don't recommend. I'd stick with the one you've got personally.
Reply Quote
90 Tauren Paladin
6930
Thanks for your helpful response, Perl. There indeed was Malware on the computer, and im not sure how it got on here as this desktop is used primarily for gaming. very little surfing at all is done, and it is locked down overnight. it was very disconcerting and was the main reason i decided to switch to a different authenticator.

I did remove my original key fob before putting on the mobile version, and have since reapplied my key fob. though, i am still experiencing the same issue when trying to log into the World of Warcraft.

I can log into the Forums/Battle.net fine with an authenticator attached, but i still get an error 104 when logging into World of Warcraft. Again, once i remove the authenticator from my account, i can log in with no problem. This is not ideal especially considering i just got over an account compromise.

Again, any constructive responses would be helpful & appreciated.
Reply Quote
85 Tauren Druid
0
12/19/2012 05:12 PMPosted by Tibbz
I can log into the Forums/Battle.net fine with an authenticator attached, but i still get an error 104 when logging into World of Warcraft. Again, once i remove the authenticator from my account, i can log in with no problem. This is not ideal especially considering i just got over an account compromise.


It could be that the malware corrupted your client to cause the error and get you to remove the authenticator to make your account easier to compromise in the future.

But that's just my suspicion. Hackers can be mean and nasty. >.>

I did a bit of research on that error. If you can log into battle.net website without issues, but are having issues logging into the game, it is suggested that you try resetting your password.

http://us.battle.net/wow/en/forum/topic/7199643054#11

It could also be that your authenticator is now out of sync. If you are using a mobile authenticator, you can sync it via the app. If you are using the keyfob authenticator, you'll need to contact Billing to get it resynced.

http://us.battle.net/wow/en/forum/topic/7199643054#15

Another step you may want to take is unchecking the "remember account" option in your WoW client to ensure that it is not saving old data and then try logging.

One last step to ensure that it is not saving old data is to rename or delete your WTF, Interface, and Cache folders. This will remove any corrupt files (and addons).
Reply Quote
90 Tauren Paladin
6930
Hi Selenic, I appreciate your response.

If you read my first post, i have already reset my password approx. 4 times since discovering this issue.

12/19/2012 04:35 PMPosted by Tibbz
I've reset my password, and have no problem at all logging on to Battle.net with my authenticator attached, but when i log into game, it gives me an "Error 104" initially i assumed i needed to reset my password, so i have a couple times only to receive the same error.


I also stated that i've resync'd via the app for my mobile authenticator twice, and have even reapplied my standard authenticator keyfob and am still experiencing the issue.

12/19/2012 04:35 PMPosted by Tibbz
I've used the Resync feature (as described on the mobile authenticator troubleshooting page) on my phone and it still wouldn't let me log in. Only until i completely removed my authenticator was i able to actually log into World of Warcraft


If this were a simple issue of resyncing i feel that switching to the Mobile Authenticator should have solved it, but it hasn't.

Again, any constructive responses would be helpful & appreciated.
Reply Quote
90 Tauren Paladin
6930
@Selenic

I did not think of deleting/removing my WTF/Interface/Cache so i experiemented with this theory but still managed to run into the same issue.

-----

Will update again after running the Client Repair Tool.

EDIT*

After running the repair tool I am still receiving this error. I can not log on with either my Keyfob OR my Mobile Authenticator (yes, i switched them correctly, Yes i've resynced my Mobile Authenticator.

Again i can log on once i remove the Authenticator.
Edited by Tibbz on 12/19/2012 6:22 PM PST
Reply Quote
14 Blood Elf Priest
0
You really might need to contact Billing and Account Services. Unfortunately they're closed, however, you can put in a support ticket.

Use the Support link in the top right of the forums and try to explain as well as you've done here, your issue with the authenticator.

As for how you got the malware, it's possible that it was from a fake e-mail from Blizzard...meaning that it wasn't actually from them. Did you receive any "odd" e-mails recently? Perhaps any suggesting that you were trying to sell your account or some other rule breaking?

I wish you the best of luck Tibbz.
Reply Quote
90 Tauren Paladin
6930
Hm, I havent received any odd emails, Only from "Noreply@blizzard.com" and "wowgm@blizzard.com"(that one threw me off a bit, as i've never seen a response from that email.) I do have an active ticket (US33926632) and have been waiting for a response.

I guess now my real concern is should i remove the authenticator so i can actually play? decisions, decisions.

I'll continue to wait it out, and hopefully get a response in a reasonable amount of time like my previous tickets.

disclaimer* i didnt come here to expedite my ticket response time, rather get useful information from the community that could possibly solve my issue.

Edit* thanks Perl, you've been helpful.
Edited by Tibbz on 12/19/2012 6:35 PM PST
Reply Quote
14 Blood Elf Priest
0
I'm glad to be of help Tibbz, and I really do hope that you've found the compromise as you mention that you did and that it was removed. I'm a little over cautious when it come to this sort of stuff!

If you're worried that you might still have a compromise, then leave that authenticator on ;) If you're fully confident that you've removed the malicious software, then you 'might' be alright to play...

Needless to say, to get access to an account that was protected by a device that's not even attached to the internet....well, that's a little scary. It's the sign of some serious hacking or as I mentioned before, someone in your home accessing your account.

I fully understand that you're not trying to expedite your ticket etc. You've been very calm and collected with your posting and as a regular here, I cannot tell you how much that's appreciated!
Reply Quote
90 Tauren Paladin
6930
I've still yet to receive any word back on my ticket after over 9 hours. I understand that is in no way this forums gm's fault, but this is very disturbing. As this forum is for Customer Service i'd like to voice my complaint.

This is obviously something on Blizzards end and i can deduce that since i've done the following:

1. removing my authenticator and putting it on my wife's account to see if it works (and it does).

2. tried logging in on several computers to still receive the same error.

3. Attempted to use Mobile Authenticator to still receive the same error. (even after going through the re-sync process)

4. Completed Repair tool

5. Ran Spybot S&D, and MalwareBytes(PAID SERVICE) multiple times to verify no malicious presence

6. Completed fresh install of WoW Client

7. Logged on with no problem when Authenticator is removed from account.


Why would you want someone who's had an account compromise to COMPROMISE HIS ACCOUNT SECURITY in order for him to play? Your ticket responses were no longer than 45-1hr apart, and from what i can tell not a single GM/CSR has even looked into my issue yet.

I've had more help from Perl(who i understand is a very regular poster) than I've received from GM's on this issue, and i doubt it's her job to do so. I'd appreciate if someone could give me a response time, or let me know my issue is AT LEAST being looked at. After being compromised three times in the entirety of my account with blizzard (6 years) i REFUSE to play without my account having an Authenticator.

I don't see why i should continue my subscription If I'm not allowed to play my account without compromising its security. I've lost an entire days worth of CD's, dailies, and not to mention social/gaming interaction with my guild because of this.
Edited by Tibbz on 12/20/2012 2:43 AM PST
Reply Quote
Support Forum Agent
We are talking about THIS account?

Doesn't appear that any authenticator was present when this compromise happened - it was removed on 12/15 from your usual location - the compromise access happened on 12/19.

Were you having issues with it then? Looks like earlier that same day it had also been removed and reattached. Within an hour of the malicious access, a mobile was placed on the account. That was removed, attached and removed again just today - and currently, the physical one is present.

I've asked that your authenticator be re-synched, and your account nudged to update. Try logging in again and see if you can access things now. With all the additions and deletions, things may have just gotten out of sync.
Edited by Orlyia on 12/20/2012 2:56 AM PST
Reply Quote
90 Tauren Paladin
6930
Thank you for responding and looking into this Orlyia, it was very troubling and I appreciate what you've done so far.

My account was initially compromised on 12/14 (US33780589) and i experienced this very issue, which is why i removed my account authenticator so i could log on and get my restored items. I attempted to use another authenticator to receive the same error, i was only able to play without an authenticator attached.

I did open a ticket for that though i can not see it in my ticket log.

When my account was compromised again on 12/19(US33912533) I did get my items restored again, only to find my authenticator was still not working. i've gone through and remove/added several times, I couldn't tell you how many.

I feel that if this were a simple issue of being out of sync, switching to my Mobile authenticator should have resolved this issue, but it didnt.

----

I just tried to log in, and i am still receiving an Error 104 directing me to

worldofwarcraft.com/loginsupport

I have already changed my password using this tool several times today in hopes that it would solve this issue.
Edited by Tibbz on 12/20/2012 3:10 AM PST
Reply Quote
Support Forum Agent
Well, this is the troubleshooting page for that particular error.

https://us.battle.net/support/en/article/battlenet-error-104

With multiple resets - just to double-check, you are using the LAST password sent? Sometimes they can get out of order if done close together, so checking the timestamps is a good idea.

I'm going to have a fresh password sent - it should arrive shortly.

One more thing to check if you haven't already, make certain that your email account is secure. It's not at all uncommon to find compromised emails when accounts are compromised - if they are in your email, well - that's not good.
Reply Quote
90 Tauren Paladin
6930
For giggles, i went ahead and reset my password via your request. I'm still receiving the same issue. I very much doubt that my email has been compromised as i use it only for a few things, (WoW included), but i've gone through the necessary steps to ensure that if it was, it isn't now.

In short, Password reset via your request, still receiving error 104.

This isnt a password error(or a malicious client error as it does it on multiple computers), as i can log in and play if i remove my Authenticator.

Again i appreciate you taking time and looking into this, and hopefully you aren't as confused or frustrated as I am.
Reply Quote
Support Forum Agent
For giggles, i went ahead and reset my password via your request. I'm still receiving the same issue. I very much doubt that my email has been compromised as i use it only for a few things, (WoW included), but i've gone through the necessary steps to ensure that if it was, it isn't now.

In short, Password reset via your request, still receiving error 104.

This isnt a password error(or a malicious client error as it does it on multiple computers), as i can log in and play if i remove my Authenticator.

Again i appreciate you taking time and looking into this, and hopefully you aren't as confused or frustrated as I am.


Well, re-scyncing it from this end should have worked - and I'm afraid that's about the limit of what I'm able to have done, at least at this time of day.

Did you receive the password that should have just been sent from our side?
Reply Quote
90 Tauren Paladin
6930
Well, re-scyncing it from this end should have worked - and I'm afraid that's about the limit of what I'm able to have done, at least at this time of day.

Did you receive the password that should have just been sent from our side?


I understand that you are limited to what you can do, and again i appreciate your time and effort.

I received a request from Noreply@battle.net at 5:18 AM(my time) to reset my password, and i used that link to do so. I'm obviously using the correct password, since i can log into battle.net and access the forums.

I've also requested my authenticator be prompted for a code on each log in, if that is helpful information.

What doesn't make sense to me is my authenticator works when asked for the code on Battle.net, but when logging into World of Warcraft i receive error 104.

Unfortunately I do not have an active SC2 or Diablo3 to test if i could log into those.
Reply Quote
Support Forum Agent
Ok, one last thing to try.

Could you try logging in once more, let me know if it works.
Reply Quote
90 Tauren Paladin
6930
Thanks for replying, Orlyia. Unfortunately i am still receiving error 104.

What would you recommend i do from here?

Should i remove my Authenticator so i can play?
Reply Quote
Support Forum Agent
Thanks for replying, Orlyia. Unfortunately i am still receiving error 104.

What would you recommend i do from here?

Should i remove my Authenticator so i can play?


Ok, I've called in some backup, cause tech-wise, we are already over my head :)

What I've been told to recommend is - redownload the mobile app fresh.

Flush your DNS BEFORE you attach the mobile app, and see if that works. If it does we can then look further into why the keyfob has stopped.

https://us.battle.net/support/en/article/ip-release-renew-and-flush-dns
Edited by Orlyia on 12/20/2012 4:48 AM PST
Reply Quote
90 Tauren Paladin
6930
Ok, so im still receiving error 104. i'll outline the steps i've taken since your reply(and i'll say it again, i really do appreciate all help you've provided - even though i still have the issue).

1. Uninstalled Mobile Authenticator

2. removed my Keyfob Authenticator

3. ipconfig /Release/Renewed/flushdns

4. Re-installed Mobile Authenticator

5. Attached Mobile Authenticator to account.

6. Log out /Log in to Battle.net Mobile Authenticator/Password correct

7. Log into World of Warcraft Error 104

8. Experiment: successfully logged into remote AH and post an auction using Mobile Authenticator [Emerald Brestplate of the ...]

Im really frustrated.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]