Remote Auction House Down - Scroll down for blue response

Mobile Bug Report
I just thought i'd inform everyone of a recent hacking that occurred to my guild master last night.

Someone had found out his Username and Password and because that's all you need to use to log into the remote auction house he was able to BYPASS my guild masters Authenticator.

By doing so he was able to, on the hackers own account, post items on the auction house for ludicrous amounts and have my GM's account purchase them from the remote auction house.


This happened to every single one of his characters across multiple realms.

The fact that this security flaw exists at all is astounding.

Have the ability to deny the use of these remote apps from your Battle.Net page.
Have a one off authenticator verification when using the app.

Tickets have been sent in already and i'm sure he'll get everything returned, I don't give a flying poop about that.

Did he at least eat the bread?
No but we did sure enjoy a laugh out of it after I did this to the Guild Bank.
Actually, the remote armory for mobile does require you to use your authenticator if you want to use the auction house. It also requires it in order to log in to the website. Or at least, I have to put in my keyfob authenticator every time I want to list or buy an auction, or when I want to claim my gold.

But then, I have my account set to ask for my authenticator every time I log in, so maybe this is the difference?
Alianara there is a bug that makes it possible to bypass the need to enter the code from the mobile authenicator when using mobile auction house.

Blizzard has taken the web and mobile auction house down.
Mericca, yes there is an issue with the mobile authenticator but notice that Alianara described using the keyfob(physical) authenticator. Therein lies the reason Alianara was safe from this issue as the bug/exploit effects mobile.
FYI, the Mobile Armory auction house authentication was not breached. We took down the service to address the root cause outside of the mobile app. The mobile AH needs to be down in order for us to apply hotfixes for both web and mobile auction houses.

There was no issue with the mobile authenticator either, there was a vulnerability outside of the security of these apps and it has been patched. The AH is still down, for now, but we will be bringing it back up soon.
Please also read our blog post about this:
We have brought the Auction House back up in the US region. Additional regions will begin to be rolled out later today and/or tomorrow.
Seems to be back down again...
Agreed, I got excited cause i was able to post again yesterday. As always my actions were a bit premature >.>
This is only affecting some realms. We're investigating this now.
This is only affecting some realms. We're investigating this now.

But thanks for the update!
We're taking the Remote AH down to address a couple issues. This may also include temporary down time for the Mobile Armory login itself.
Temporary Downtime? Seriously doubt it, it's been down for a week.

Fingers crossed it gets fixed soon, I'm away from home & this is the only way to access my account... 7 days is making me a bit cranky!
Any return time or date?
The Remote AH has been up since Friday evening (6/28). Let me know if there are any particular realms that are still having problems connecting.

Join the Conversation

Return to Forum