It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic
. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one.
This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot
. For a full account of what happened, check the thread
on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll
is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks
To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.
Read more →
Filed under: Account Security