Unauthorised purchases from AH

90 Orc Warlock
8590
You can also use your account to do the test, any input 13 digit, you can enter the account, which proves that authenticator does not work.
Reply Quote
90 Night Elf Rogue
8605
Oh and the old computer is in component pieces in a box in my spare room minus the case that i reused if that is what you are asking.


I think they were asking if your old computer was secure from malware and viruses.
Reply Quote
90 Night Elf Rogue
7425

Many others in this thread have posted that their tickets were addressed within hours and had the gold returned to them. It is possible they made a mistake but it is also possible your ticket wasn't clear enough. Also keep in mind they are getting flooded with tickets on this one single issue right now so mistakes are bound to happen on both sides.


Yeah a GM has contacted me in game and asked for more info. I've provided it (again), and he's looking into it further.
Reply Quote
90 Blood Elf Priest
11215
Here's a HYPOTHESIS--in other words, I have no proof of this really being the case, I've just been thinking about the sequence of events, and come up with this theory, and feel free to blow holes in it as necessary:

There are people who have and use both the mobile armory app and the authenticator app, and have been compromised. Then there are the people who say they've never used the mobile armory app, but they use the authenticator app, and they've been compromised. And then there's me--never used either one (I have a physical authenticator and have since I opened my first account), and yet I had that weird error about being unable to log in while using the mobile armory when I tried to log in on the very character that has most of my gold, and there are apparently others that have received that same error and don't use either app.

Now…I'm guessing that the hackers actually logged into my account somehow (without having the password and email address, because if they had that, why wouldn't they just log in normally and take all my stuff that way), and that they were actually on it when I tried to log in on that character, but since I don't have the mobile app or authenticator, they had no way to bypass the authentication so they couldn't actually get into my account to do these mysterious AH transactions and take all my money.

In fact, please, someone blow holes in this theory, because if this is even close to what's going on, it's bad.
Edited by Mystraele on 6/22/2013 8:19 PM PDT
Reply Quote
90 Pandaren Monk
18285
Here's a HYPOTHESIS--in other words, I have no proof of this really being the case, I've just been thinking about the sequence of events, and come up with this theory, and feel free to blow holes in it as necessary:

There are people who have and use both the mobile armory app and the authenticator app, and have been compromised. Then there are the people who say they've never used the mobile armory app, but they use the authenticator app, and they've been compromised. And then there's me--never used either one (I have a physical authenticator and have since I opened my first account), and yet I had that weird error about being unable to log in while using the mobile armory when I tried to log in on the very character that has most of my gold, and there are apparently others that have received that same error and don't use either app.

Now…I'm guessing that the hackers actually logged into my account somehow (without having the password and email address, because if they had that, why wouldn't they just log in normally and take all my stuff that way), and that they were actually on it when I tried to log in on that character, but since I don't have the mobile app or authenticator, they had no way to bypass the authentication so they couldn't actually get into my account to do these mysterious AH transactions and take all my money.

In fact, please, someone blow holes in this theory, because if this is even close to what's going on, it's bad.


I'm with you in that I don't use the Mobile App and use the Physical Authenticator and was getting the same thing about the "cannot log in while using Mobile App." I'm guessing it has something to do with just knowing the email. They could also have writen some kindof 3rd party code to bypass the password and authenticator.
Reply Quote
90 Troll Shaman
15975
.
Edited by Canibehealz on 6/22/2013 8:29 PM PDT
Reply Quote
90 Blood Elf Hunter
5910
As an interesting note: I can't log into the armory's auction page at all. Likewise, I am unable to do so on the mobile armory. I didn't read the whole thread so I don't know if this has been pointed out. However, from the looks of things it seems someone has found an exploit in the remote auction house.

EDIT: A good idea in general is to keep most of your funds on a bank alt invested in less liquid assets (like herbs, glyphs, potions, etc) that you can eventually sell for a profit. I personally have about 10k on my main from dailies and the rest on a lowbie alt (another 15k + about 100k worth of glyphs).
Edited by Nimun on 6/22/2013 8:35 PM PDT
Reply Quote
90 Troll Shaman
14100
06/22/2013 08:32 PMPosted by Nimun
As an interesting note: I can't log into the armory's auction page at all. Likewise, I am unable to do so on the mobile armory. I didn't read the whole thread so I don't know if this has been pointed out. However, from the looks of things it seems someone has found an exploit in the remote auction house.

They're intentionally unavailable, as was confirmed in a tweet much earlier today.

https://twitter.com/BlizzardCSEU_EN/statuses/348514547004489728
Reply Quote
MVP - World of Warcraft
90 Troll Rogue
13390
As an interesting note: I can't log into the armory's auction page at all. Likewise, I am unable to do so on the mobile armory. I didn't read the whole thread so I don't know if this has been pointed out. However, from the looks of things it seems someone has found an exploit in the remote auction house.


hence this sticky: http://us.battle.net/wow/en/forum/topic/9344305122
Reply Quote
90 Blood Elf Hunter
5910
06/22/2013 08:44 PMPosted by Kozzae
As an interesting note: I can't log into the armory's auction page at all. Likewise, I am unable to do so on the mobile armory. I didn't read the whole thread so I don't know if this has been pointed out. However, from the looks of things it seems someone has found an exploit in the remote auction house.


hence this sticky: http://us.battle.net/wow/en/forum/topic/9344305122


I may be more blind than my status as a marksman would imply.
Edited by Nimun on 6/22/2013 8:57 PM PDT
Reply Quote
90 Night Elf Hunter
10775
That is strange. i got the same message a few days ago. I have a physical authenticator and have never used the mobile application.

Is there a way to log into your account and not allow a mobile app at all? I have zero need for them ever.
Reply Quote
90 Orc Death Knight
3470
My solution is that I spend all my gold on mostly useless crap, and am therefore wholly unattractive to the hackers.
Reply Quote
90 Human Paladin
5665
Whoever said that the hacker wouldnt purchase from AH your wrong if theyre stuid enough then theyll have their own char put something on the AH for a set price that no one would buy log in to the victims account an purchase it meaning they get the item and hacker gets the gold. They are stupid though if they do so because of IP logs and mail logs.
Reply Quote
90 Human Mage
10885
This just happened to me. Four of my characters on Blade's Edge each purchased a single Tough Hunk of Bread from <same hacker character>. In each case the purchase price was for almost all their gold. Equipped items and items in bags were not disturbed.

My own access to the account was not affected. My password and authenticator continued to work (I of course since changed the password.)

I have the Authenticator and Armory apps installed on my iPhone and iPad. I use only the iPhone authenticator though, I haven't opened the others in weeks.

My PC has a regularly updated Norton Anti-Virus and no problems were reported.
Reply Quote
90 Blood Elf Mage
5495
It is sounding like the people affected by this have some sort of authenticator. Am I correct? Some posters have indicated that they do not even use the moble app yet got hacked, but it appears most do use an authenticator. Can anyone confirm?

I am wondering if a hack has been used using the authenticator in some way (I am by no means a tech guru) and they are just taking advantage of the armory app as an easy way to move gold. This whole thing has me very concerned. Should I be putting my gold into my guild bank?
Edited by Modhairken on 6/23/2013 4:34 AM PDT
Reply Quote
Anyone that this happened to I would also make a new Unrelated email address and password and link the new Email to your battle.net account. This way if by chance they have your battle.net email address they would no longer have your account name since you changed it.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]