The problem was first shared by a user some four days ago on the Blizzard forums, who claimed that he was robbed despite using a Blizzard Authenticator and a relatively difficult password.
After his post, other players have spoken out, claiming same and / or very similar circumstances were present when their accounts were breached, too.
It took Blizzard a couple of days to react, but they finally confirmed an increase in unauthorized WoW account logins via their website and the WoW Mobile Armory app.
"We’re in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address). If you are among this group, you will receive an email describing how to reset your account," they said, adding that they have temporarily blocked access to the WoW auction house via the mobile app.
They also reassured owners of impacted accounts that upon request, the WoW customer support team will restore the stolen in-game items and gold.
"While no means of account security is guaranteed, every precaution you take to secure your computer and your account—including changing your password periodically—adds another defensive barrier. We strongly encourage everyone to take a few moments to read through the security tips available on our support website and follow the suggestions posted there," they concluded.
Still, there has been no definite word on how the hackers were able to compromise the accounts. Given that the company has blocked access via the Mobile Armory app, could it be that it has some unknown exploit bug?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.