Critical Vulnerability in Guild Banks!

#0 - Nov. 20, 2007, 10:30 p.m.

Blizzard, please take some immediate action to prevent the following scenario or educate guilds of the danger.:

Scenario: Large guild places many valuable guild assets in their bank, but restricts the access to certain trusted officers of the guild. Through great misfortune, the account of one of these trusted officers is hacked. While selling all the assets of the account, the hacker notices the guild bank, and then proceeds to sell off all the assets of the guild as well.

Blizzard, please implement a password option for the guild bank. Players with withdrawal rights to the guild bank would be required to enter the password before they could withdraw any items from the guild bank. Thus, a hacker only in possession of a player's account information would not be able to devastate the entire guild as well.

Guild leaders, I strongly recommend limiting the total daily withdrawals of any member so that no more than a few items would be lost this way, and the transaction log would be long enough to serve as proof of loss so items could be reinstated.

It is only a matter of time before this occurs with the current unsecure implementation.

Bornakk

#20 - Nov. 20, 2007, 10:53 p.m.

Just as others have brought up, you can restrict the usage however you want, so it’s kind of up to you. Mainly try and keep your account secure and if there are issues, please put in a ticket to our In-game Customer Support Department.

Q u o t e:
The biggest issue with the guild banks right now is that it only track 25 transactions. My guild has already run into an issue with the money logging. Someone deposited 1 copper 25 times to fill up the transaction record, hiding the amount of money they withdrew.

Go to www.wowarmory.com - I definitely see more than 25 transactions there.

Bornakk

#29 - Nov. 20, 2007, 11:06 p.m.

Q u o t e:
Ah was unaware of that. How does one check a guild bank on the armory? Can't seem to figure it out...

1) Go to www.wowarmory.com
2) Search for your guild name
3) Go to the "guilds" tab and select your guild
4) At the top there are tabs for "Bank Contents" and "Bank Log" to browse.

You do have to login to view these and you must have a character with access to the bank too.

Bornakk

#38 - Nov. 20, 2007, 11:22 p.m.

Q u o t e:
Bornakk,

I'm no longer in the guild that the forum site and armory have me listed in. I'm in another.

1. I can't see my current guild's bank from armory.
2. I can see my old guild's bank contents.

Isn't this a tad wrong, considering I know what my old guild is up to and no idea what might be in my current guild's possession?

When did you change guilds?

Bornakk

#42 - Nov. 20, 2007, 11:28 p.m.

Q u o t e:

A day or two before the patch.

The Armory can take some time to update, it isn't instant like in-game. Give it a few more days and it should update for you.

Bornakk

#46 - Nov. 20, 2007, 11:43 p.m.

Q u o t e:
Does that apply to the bank logs and content too or is that just for character information?

Some things in the Armory update faster than others, while I don’t think the Bank contents/log update immediately, they are probably faster than altered character data.