Mike,

Please take the time to read about security before spreading this FUD.

The only way that account could have been compromised is either by social engineering (someone managed to get physical access to the "hacked" person's authenticator to log in) or from a "man in the middle" vector; such as for example a poisoned DNS cache that redirects the WoW login to a fake server, capturing details before passing it onto the real Blizzard servers, but even in that case (a) it would have to be a very fast one-time attack as the authenticator token would rotate within the minute and (b) it would require a trojan to have been installed on the client computer in the first place. Either situation still points to the user being at fault, either for passing on their account and fob to a "trusted" colleague or for nto being vigilant on the malware front. The problem is most definitely not with Blizzard or the Authenticator system which you so clearly show little to no knowledge of understanding.

These keyfobs have been around for a long time and there is little to no evidence of them being circumvented without MiM or Trojans, which is probably why they are used by a lot of government agencies as part of their VPN authentication (e.g. my mate's dad who is an FBI agent uses an RSA fob). They are hardware-oriented and as such very difficult to tamper with.

Reply