Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag Security

Heading out of town for the holidays? Don't get locked out of WoW!

Over on /r/wow/, Blizzard CS rep Araxom offers some tips to avoid getting locked out of your WoW account if you're traveling this holiday season. Logging on from a different physical location can trigger some security features on Blizzard's side -- especially for accounts that don't have an authenticator attached. Avoiding holiday account lockouts is pretty simple:
  • Make sure you have an authenticator attached to your account, which makes it less likely your account will get locked for something like this. (And if you use the mobile authenticator app, be sure you have your restore code written down or screenshotted in case you run into issues with your phone.)
  • Enable SMS Protect, which can let you bypass your authenticator using your cell phone if you run into any problems.
Both of these are generally good ideas, but during the holidays having the right security setup can mean the difference between relaxing with some WoW and wrestling with resetting your password -- and we're pretty sure you'd all prefer the former. Not sure where to get started with account security? Check out our security guide for a walkthrough.

Filed under: Account Security

Safeguard yourself against WeakAuras gold exploit

The incredibly versatile and popular addon WeakAuras has been subject to a completely bizarre exploit lately, as Blizzard Customer Support Representative Vrakthris posted on the forums. The exploit was done by allowing malicious code to run, hiding itself as a helpful link from other ill-intentioned players.

The good news is that this is really easily fixed. The author of WeakAuras stepped in within hours of hearing about this with a modification to the code. Before performing either of these steps it's worth creating a backup copy of your Interface and WTF folders so that if something does go wrong you don't lose all your auras.

If you use the Curse client, all you need to do is uninstall WeakAuras, and install WeakAuras 2. Ensure that when you uninstall WeakAuras you uncheck the box that removes your in-game variables, and you're done. If you want to do it manually, head over to the download page, download it and merge the folders.

Simply log into the game and load up WeakAuras with the same commands as before, and you're done. Also, while this is fixed, a good general rule for WoW and the rest of the internet is this: don't click links from strangers.

Filed under: Add-Ons, Account Security

Blizzard's tips for dealing with a locked account

Having your account locked isn't an uncommon problem -- and it doesn't necessarily mean your account has been compromised. Because Blizzard is trying to stop hackers in their tracks, doing anything that makes it look like you aren't the one playing the game -- like logging in from an unusual location -- can trigger a lock. So what's a gamer to do when hit with a locked account? Fortunately for all of us, Blizzard CS representative Araxom has explained how to avoid locked account woes -- without even getting in touch with customer support.

An easy fix? Change your password from your new computer or new location. This requires you to authenticate with Blizzard -- and answer your secret question -- so the servers are sure that you're actually you. Another helpful tidbit: have an authenticator (or authenticator app) attached to your account and SMS protect enabled. These helpful security features not only make it harder for your account to get stolen -- they can make it clear to Blizzard that your account is in your hands, even if you're logging on from a new computer.

For more details and tips, check out Araxom's thread on Reddit. And if your account actually has been hacked, it's going to take a few more steps, but we'll walk you through it.

Filed under: News items, Account Security

Alleged Mobile Armory hack allows unauthorized transfer of gold [Updated]

Image
WoW Insider has received a significant number of reports of an alleged security threat which is related to the Mobile Armory. Several players have reported that the Mobile Armory has been used to fraudulently spend large amounts of their gold on extremely overpriced white-quality items on the auction house, which serve as means to illegally launder gold to the posting player.

In a US forum thread, players have reportedly already lost hundreds of thousands of gold. Further, many of these players have Blizzard Authenticators attached to their accounts. Similar reports are coming in from the EU.

There is reported confirmation from GMs, alleging that the technical team are aware of an issue, and advising the player in question to add SMS Protect to their account to safeguard against any potential further issues. If you would like further information on adding SMS Protect to your account there are video guides available. Of course, it is also important to maintain an authenticator on your account, as well as running regular virus scans, malware scans, and keylogger scans, as well as using unique passwords for your battle.net account.

We have reached out to various contacts at Blizzard Entertainment for comment. We will provide any updates to this developing story here.

Update 12:50pm EDT: We're getting reports that the Auction House on some realms have been closed. The Mobile Armory Auction House also appears to have been closed, confirmed by Blizzard EU via Twitter:

Thank you to the various people who contributed to this story.

Filed under: Blizzard

Breakfast Topic: When was the last time you changed your WoW password?

Breakfast Topic When was the last time you changed your WoW password
Hey there -- Mom here! I know you're busy trying to hide the fact that you licked your plate to get all the stuff that was stuck in the gravy. (We see that little dab on your jaw there, just so you know.) I also know that the reason you keep jumping up to offer refilling people's drink is because you're actually mooching off tiny slivers of pie when nobody's watching ... But even on a holiday, it's my duty as a mother to remind you that you need to change your account password regularly.

It might be true that I don't practice what I preach quite as often as I should. (I didn't say it is true. But it could happen.) So my breakfast questions to you this morning are threefold: How long has it been since you changed your account password? Do you follow any set schedule or password schema for keeping your password up to date? And do you use an authenticator and any other security measures to keep your WoW account safe?

Poll: When did you last change your WoW password?
Within the last month718 (12.1%)
Within the last three months1398 (23.5%)
Within the last six months1038 (17.5%)
Longer than six months ago1176 (19.8%)
I can't remember522 (8.8%)
I don't think I've ever changed my account password1095 (18.4%)


Filed under: Breakfast Topics, Account Security

North American players may now update their security questions

Image
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators.

In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.


Nethaera
As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one.

Filed under: News items, Account Security

WoW Insider's Weekly Recap

Welcome back to our weekly recap. You might notice Niko looks pretty different this week. It's really amazing what a solid week or two of P90X can do to a person. (Or it might just be the return of Panser of TradeChat. You know, whichever.) We look back at the hottest news from the past week and whatever other kickin' rad things may have come our way. This week's topics include: If you enjoyed the show, make sure to subscribe to TradeChat, leave a comment, and come back next week for the next episode!

Filed under: News items

Blizzard security breach, no evidence that financial data was compromised

Important security update from Blizzard
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here.

The full post is below.

Mike Morhaime
Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,
Mike Morhaime

Filed under: News items, Account Security

The Lawbringer: 7 tips on holding the security line

Image
Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Mathew McCurley takes you through the world running parallel to the games we love and enjoy, full of rules, regulations, and esoteroic topics that slip through the cracks.

Data breaches cost a lot of money, consumer satisfaction, and trust. In the MMO world, the trust that exists between the game's developer and the player is a tricky relationship to navigate and extremely fickle. Any number of wrong moves or postures can turn your profitable subscription MMO into a public relations nightmare forced to turn the wagon around mid-trip. Security compromises a large part of that MMO trust.

Blizzard has had its fair share of security issues and trust problems between the players and itself. As the first MMO to have to battle hackers and not just gold farmers to the scale present in WoW, Blizzard had to invent its own way to do business in the world as it was -- an insecure place dominated by gray-market gold sellers and account hackers looking to sell to an eager, ready-to-spend playerbase. While WoW isn't the astronomically large service that some others affected by recent and notorious hacks are, it serves as an example of one of the big guys in the industry doing their best to navigate a minefield.

Greg Boyd and Gary Kibel wrote an article for Gamasutra discussing seven steps to improved security in the online and gaming space. After reading over the article, I felt that many of the points discussed had Blizzard and WoW-specific analogs and real-world examples that might shed some light on the security concerns still out there, what WoW has accomplished in the MMO security space.

Read more →

Filed under: Analysis / Opinion, The Lawbringer

Reminder: Watch out for Mists of Pandaria beta invite scams

Email notifications for the Mists of Pandaria beta have started arriving in people's inboxes -- and this means that we'll likely see an upswing in beta invite scams, as well. If you have received an email stating that you've been invited to participate in the Mists beta, be aware of the following:
  • Don't click any link in the email. Blizzard will never ask you for your account information via email, nor will it usually provide any kind of link to click on.
  • Do head to Battle.net. Type the URL into your browser (don't follow a search or email link) and use the secure login on that page to log into your account.
If you have been invited for the first round of Mists beta, you will see your normal World of Warcraft: Cataclysm account listed under your game accounts -- and underneath that, you will see a listing for World of Warcraft: Mists of Pandaria Beta. If you do not see a link to the Mists of Pandaria beta under your game accounts, you are not in this round of testing, and the email you were sent was a fake.

The same applies with beta keys as well. If you receive a notification with a beta key, do not click on any links in the email. Go to your Battle.net account as listed above, head to Manage My Games, choose Add or Upgrade a Game, and manually enter the beta key. If the beta key works, you're in; if it doesn't work, you may have been the recipient of a fake key.

Remember, any time there is a beta or a trial period for a new game, there will usually be an upswing in attempts to nab accounts, too. Keep your account safe -- and if you made it in the beta, have fun!

It's open warfare between Alliance and Horde in Mists of Pandaria, World of Warcraft's next expansion. Jump into five new levels with new talents and class mechanics, try the new monk class, and create a pandaren character to ally with either Horde or Alliance. Look for expansion basics in our Mists FAQ, or dig into our spring press event coverage for more details!

Filed under: Account Security, Mists of Pandaria

Officers' Quarters: A gkicked player takes revenge

lord godfrey fires his pistols
Every Monday, Scott Andrews contributes Officers' Quarters, a column about the ins and outs of guild leadership. He is the author of The Guild Leader's Handbook, available from No Starch Press.

Here at OQ, I receive emails all the time about people acting like jerks. Jerks are everywhere, and MMOs certainly have their fair share. Of all the jerks I've heard about, the player from this week's email has to be among the all-time worst. Fortunately, his terrible behavior has a bright side: By sharing this guild's story, other officers can avoid the same fate.
From the start one of our members started to complain about the guild at the start of raiding early cata. However the officers and GM has brush it off as him being annoyed at the game because he hated the expansion. Things went from bad to worst when we started Firelands.

He started to make plans to overthrow the GM of the guild and made fun behind him. He complains the GM is never there supporting the guild because he took a month off due to work reasons. He made fun of our progression even though we manage to get at least 1 heroic mode down. When we got to dragon soul he stop raiding with us all together. Which is fine because our guild is a casual raiding guild and members are free to choose to raid or not. However he complains even more that people in the guild are stupid and we won't ever progress. It got to the point where we kicked him from the guild but the problem didn't stop there.

Read more →

Filed under: Officers' Quarters (Guild Leadership)

Blizzard releases customer support how-to videos

As part of its continued fight against account hacking and account compromise, Blizzard's customer support department has started a YouTube channel dedicated to hosting how-to videos on security, what to do if your account is hacked, general security tips, and how to use the Battle.net authenticator. Not only are the videos educational and helpful, they are also adorably fun, making security as enjoyable as it possibly can be.

Not only is this an awesome service for Blizzard to put out, the videos offer excellent ideas for online security in general. The tips in the general account security video are great tips to follow, even if you aren't a gamer. Everyone on the internet should be following these security tips. Good on you, Blizzard, for this awesome community service. I don't think we can give the customer support guys enough shout-outs.

Brace yourselves for what could be some of most exciting updates to the game recently with patch 4.3. Look at what's ahead: new item storage options, cross-realm raiding, cosmetic armor skinning and your chance to battle the mighty Deathwing -- from astride his back!

Filed under: Blizzard, Account Security

Hacker groups tried to take down WoW ... and failed

luzlsec
Given the recent hacking of major companies, could WoW be hacked? In an article posted today at Digital Spy, Lead Game Designer Tom Chilton replies that attempts have been made recently, but Blizzard came through unharmed.

While the question and answer doesn't specifically say LulzSec or Anonymous, I think it's safe to assume LulzSec is the group in question, given the recent high-profile attacks on U.S. government sites and other MMOs, like EVE Online.

Most of LulzSec's work has been focused on DDoS attacks and breaking into servers to create "lulz." During their most recent spree, rumors abounded that WoW was a target; however, nothing came of it. It would now appear nothing came of it thanks to Blizzard's security measures.

Tom Chilton
Several major gaming studios have fallen victim to hackers of late. What measure are Blizzard taking to ensure that WoW is not hit?

We have always tried to be as diligent as we possibly can when it comes to security. Certainly when hacking was going on with other companies recently there were numerous attempts against ourselves also. Fortunately, our security was good enough, so we didn't lose data or anything like that.

We always put a high priority on security, but that's not to say you can ever be impregnable. We're not resting on our laurels saying 'they can't get us'. It's always a possibility, and we take it very serious, but so far, so good.


Filed under: Blizzard, News items, Account Security

Opt-out option incoming for recent authenticator security change

If you follow WoW account security, then you've probably heard about (or personally encountered) a recent change to the way Battle.net authenticator devices work. Basically, when you log into the game, the client attempts to determine if you're logging in from your "home" computer or at least a computer you use regularly. It uses several factors to make this determination, such as your MAC address and your IP address. If the information doesn't indicate that the login is taking place from a safe machine, it'll prompt you for your authenticator code. If it is a safe computer, then you'll only be asked for your code randomly, once a week or so.

The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature.

Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced.

The full announcement post and followups are after the break.

Read more →

Filed under: News items, Account Security

Battle.net Mobile Authenticator now available for Windows 7 Phones

Android and iOS device users have had the luxury of using the Battle.net Mobile Authenticator, a software version of Blizzard's downright necessary keyfob authenticator, on their phones or tablets for a while now. As of today, Windows 7 Phone users can also take advantage of the Mobile Authenticator by downloading it from the Windows Phone Marketplace.

At this point, there's pretty much no reason not to have an authenticator -- they're 6 bucks and free to ship for a physical device and no cost at all for a software version available for every major mobile platform. Just get it!

Battle.net Mobile Authenticator for Windows® Phone 7 Devices
The Battle.net Mobile Authenticator, an application for mobile phones that provides an extra layer of account security, is now available as a free download for Windows® Phone 7 devices on the Windows Phone Marketplace. The Battle.net Mobile Authenticator provides a one-time password that you use in addition to your regular account name and password when you log in to a Battle.net account to play World of Warcraft or StarCraft II.
Versions for other mobile devices are also available for download here, or you can purchase a physical Battle.net Authenticator from the online Blizzard Store. Visit the Battle.net Mobile Authenticator FAQ for more information, or head to the setup page to get started after you've downloaded the application.
For additional account security advice, check out our Account Security page.


WoW Insider Show 

Subscribe via  iTunes for our latest show.

Hot Topics


 

Upcoming Events


Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories