Quote

It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one.

This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users.



To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.

Because the hacker is only receiving the data as it is transmitted, they are not able to log in more than once unless you are repeatedly broadcasting your authenticator code. They cannot change your account information. They are only in your account until they log off or are disconnected. The password is still your password. They are unable to remove or replace the authenticator. Removing the authenticator would require at least three different authenticator codes from you. One to log in to account management, and two for the actual removal. The chances of this happening are incredibly, obscenely low.

Quote (sn0wcommie @ May 21 2012 04:52am)

someone's cracked some algos.

Quote (Arsenic_Touch @ May 21 2012 03:51am)

http://us.battle.net/d3/en/forum/topic/5149008932?page=1



So be careful what sites you visit. Make sure to step up your malware scans. I must reiterate, you don't actually have to download anything for this to happen.
Also, blizzard isn't being very helpful in the department of replacing lost items and gold, in fact they have told a lot of people that they couldn't even detect any intrusion attempts.

Quote (Error37 @ May 21 2012 08:58am)

Quote (Airoch @ May 21 2012 04:01am)

Anyone ever get a keylogger from JSP? This is about the only site I use that has anything to do with the games I play besides the offical ones.

Quote (Lot2 @ May 21 2012 03:02am)

The fuck

They replaced entire wow accounts

Quote (Lot2 @ May 21 2012 04:02am)

The fuck

They replaced entire wow accounts

Quote (Error37 @ May 21 2012 09:07am)

No.. Just... No..
Ask someone who played WoW for awhile how long people protested and complained before this became Blizzard's policy.

ANYONE who's been a Blizzard customer since Diablo2/Starcraft knows they have always been really bad with customer service.