diablo 3 accounts hacked

being a long time WOW player i was under the same impression as you, that if i had an authenticator on my account, I'm hack proof.

Nope.

Apparently the hackers have automated the system were once the data is found, it attempts to authenticate within seconds of data entry. It's kinda scary the thought process put into this and how quick it as become.
 
DeathPrincess said:
This is why the real money auction house is a baaad idea.
Click to expand...

Really? So these guys wouldn't do this if the real money auction house didn't exist?

C'mon now, the "bad guys" have been out there for decades taking people's loot from every game where people are willing to spend real money. Why does it matter if it's in-game (as with Diablo III) or out-of-game (as in WoW, EVE Online, SW:ToR or any other game)? Your reasoning is shallow and doesn't stand the test of history.
 
So they fixed cheating and now just have to worry about hacking and stealing due to the auction house. :rolleyes: Good job Blizzard....
 
DeathPrincess said:
This is why the real money auction house is a baaad idea.
Click to expand...

Yeah, I'm not sure about that. Hopefully Blizzard will hold the funds when something is purchased so if the items are tracked to a compromised account they people don't get paid.
 
"Be aware that there are restrictions on the number of rollbacks available - it seems to be two based on answers to submitted tickets - and that being hacked more than once will cause your account to be banned permanently from using the soon-to-be-released real money auction house. "....lol. Even if it's not the fault of the user?
 
Dev1ant said:
"Be aware that there are restrictions on the number of rollbacks available - it seems to be two based on answers to submitted tickets - and that being hacked more than once will cause your account to be banned permanently from using the soon-to-be-released real money auction house. "....lol. Even if it's not the fault of the user?
Click to expand...

Yeah, I didn't even report it. I'll wait until some a-hole deletes my level 60's or takes gear that I worked a long time for to use my restores.

...then again, maybe that's what Blizzard wants.
 
I decided to change my Battlenet password again after reading about it, and I can only hope the hackers are not actively pulling login credentials from Blizzard's system. :eek:

Dev1ant said:
"Be aware that there are restrictions on the number of rollbacks available - it seems to be two based on answers to submitted tickets - and that being hacked more than once will cause your account to be banned permanently from using the soon-to-be-released real money auction house. "....lol. Even if it's not the fault of the user?
Click to expand...

That's quite a shitty policy to be honest. Especially if there's some kind of issues on Blizzard's end.
 
I'll stick to private games only. It appears that public games are hit the most.
 
I do not think blizzard is @ fault here. I would say that 90% of the people had there information stolen due to the types of sites they visit and that's not even safe anymore with the recent add hacking events.
 
just makes people create new accounts...assuming they dont do IP blocks.

Love companies these days "we have a flaw in our system but we will punish you for it if you become a victim!"
 
jjandrob said:
I do not think blizzard is @ fault here. I would say that 90% of the people had there information stolen due to the types of sites they visit and that's not even safe anymore with the recent add hacking events.
Click to expand...

I dunno, I think they might have an issue. All these accounts being compromised less than a week after it was released. Literally all I have been doing on the only machine I play diablo on is playing diablo.

Not to mention, when my WoW account w/authenticator was hacked it was months after I stopped playing, so there was no chance of anyone capturing the login/authenticator # and turning it around.
 
Had my WoW account hacked twice in one year prior to putting an authenticator on it. Then I put one on and haven't been hacked in over a year. One interesting thing I noted is Blizzard implemented a security feature fore non-authenticator accounts. If your account is logged in with an IP not registered as being an IP that normally accesses the account then it asks you to confirm the IP through the answering of secret questions. I think they should do that even with people who have authenticators.
 
exlink said:
Had my WoW account hacked twice in one year prior to putting an authenticator on it. Then I put one on and haven't been hacked in over a year. One interesting thing I noted is Blizzard implemented a security feature fore non-authenticator accounts. If your account is logged in with an IP not registered as being an IP that normally accesses the account then it asks you to confirm the IP through the answering of secret questions. I think they should do that even with people who have authenticators.
Click to expand...

Trion did something similar with Rift. If you logged in from a different IP address then you were "Coin Locked." To unlock, you had to go to your email and unlock the account via a code sent to that email that you entered in game.
 
jjandrob said:
I do not think blizzard is @ fault here. I would say that 90% of the people had there information stolen due to the types of sites they visit and that's not even safe anymore with the recent add hacking events.
Click to expand...

Of course they are at fault. Had the game been singleplayer, his character would not have been hacked.

Blizzard forcing us to play on un secure servers 100% their fault.
 
Krenum said:
Of course they are at fault. Had the game been singleplayer, his character would not have been hacked.

Blizzard forcing us to play on un secure servers 100% their fault.
Click to expand...

Yeah, but that's because I wouldn't have been playing it. :p
 
Tytalus said:
Really? So these guys wouldn't do this if the real money auction house didn't exist?

C'mon now, the "bad guys" have been out there for decades taking people's loot from every game where people are willing to spend real money. Why does it matter if it's in-game (as with Diablo III) or out-of-game (as in WoW, EVE Online, SW:ToR or any other game)? Your reasoning is shallow and doesn't stand the test of history.
Click to expand...

Having real money/bank accounts linked to a low security network is a bad idea. It hardly seems they have bank level checks in place like any money exchanging system should. The promise quick fast annoymous cash is going to heighten the lure for these kinds of people. It wont be some shady barely visited greyweb backroom deal, it's going to be a fully sanctioned highly public mass market. You can grab peoples crap for little risk and dump it within minutes for profit. :(
 
so by hacked, did hundreds of thousands of users get hacked too? Was credit card info stolen too or is that kept in a separate server i assume (but when PSN was hacked, the info was all linked so It could be)? Was it an exploit within the game or web based?

There isn't much technical detail explained on how they successfully did the hack.
 
Honestly I was worried about this when I bought the game, having been hacked some years ago on WoW. I ended up creating an entirely new Battle.net account on a new email account just for the pure fact that I didn't want to take the chance of it happening again with this game.
 
DeathPrincess said:
Having real money/bank accounts linked to a low security network is a bad idea. It hardly seems they have bank level checks in place like any money exchanging system should. The promise quick fast annoymous cash is going to heighten the lure for these kinds of people. It wont be some shady barely visited greyweb backroom deal, it's going to be a fully sanctioned highly public mass market. You can grab peoples crap for little risk and dump it within minutes for profit. :(
Click to expand...

How do you define "low security network"?

Chase's website: username, password, if it's a new IP address you get a text/phone call with a code to punch in.

Blizzard's website: username, password, optional authenticator

I'm not seeing much of a difference. The biggest difference would be in the registration--my bank requires me to walk in to a branch to create an account, thus validating who I am prior to the account being created. There's also government rules governing who can have a bank account, how it must be managed, etc. Blizzard likely doesn't have any of those regulations guiding them.

I'm still not seeing where your justification for your original statement lies. Blizzard's website is roughly as secure as my bank's website (2-factor authentication vs. 1-factor w/ IP address detection) so where's the real problem? I'm willing to bet it has little, if anything, to do with the website (Blizzard vs. Chase) and instead has to do with users who don't treat their password(s) the same. "Oh, it's only Blizzard? Ok, I'll use a 6-character all-lower-case password, nobody will ever want to hack me, LOL."

I'm more willing to believe that the recent spam for WoW:MoP I've been receiving in one of my E-Mail accounts is the culprit for the recent issues with Diablo 3 "hacks". People are probably seeing these, "You've been accepted in to the WoW:MoP Beta!" E-Mails (which aren't getting caught by Postini, GMail, Yahoo or AOL Mail last I checked) and thinking they are legit. They could be clicking a link in the E-Mail, providing their info, then they get roflstomped immediately after without even realizing it.
 
Krenum said:
Of course they are at fault. Had the game been singleplayer, his character would not have been hacked.

Blizzard forcing us to play on un secure servers 100% their fault.
Click to expand...

blah. They have (i guess) millions of users using the battle.net system to log in. If there was an issue with there system you would think it would be more wide spread.

My thought is that the hackers have no idea whats on your account until they gain access too it. If there was a security hole, I'm sure they would be on everyone's account and not randomly getting access. To my knowledge there is no lock feature on the accounts. So if I know your password, your email address, and a at one point good token number.. It's only a matter of time until that number is valid again and I have access. This is not RSA technology were talking about.
 
Tytalus said:
How do you define "low security network"?

Chase's website: username, password, if it's a new IP address you get a text/phone call with a code to punch in.

Blizzard's website: username, password, optional authenticator

I'm not seeing much of a difference. The biggest difference would be in the registration--my bank requires me to walk in to a branch to create an account, thus validating who I am prior to the account being created. There's also government rules governing who can have a bank account, how it must be managed, etc. Blizzard likely doesn't have any of those regulations guiding them.

I'm still not seeing where your justification for your original statement lies. Blizzard's website is roughly as secure as my bank's website (2-factor authentication vs. 1-factor w/ IP address detection) so where's the real problem? I'm willing to bet it has little, if anything, to do with the website (Blizzard vs. Chase) and instead has to do with users who don't treat their password(s) the same. "Oh, it's only Blizzard? Ok, I'll use a 6-character all-lower-case password, nobody will ever want to hack me, LOL."

I'm more willing to believe that the recent spam for WoW:MoP I've been receiving in one of my E-Mail accounts is the culprit for the recent issues with Diablo 3 "hacks". People are probably seeing these, "You've been accepted in to the WoW:MoP Beta!" E-Mails (which aren't getting caught by Postini, GMail, Yahoo or AOL Mail last I checked) and thinking they are legit. They could be clicking a link in the E-Mail, providing their info, then they get roflstomped immediately after without even realizing it.
Click to expand...

Sorry...knowing what has happened to Sony and a couple other gaming sites this past year I'm going to have to NOT give them the benefit of doubt. You do know that banks get hacked as well right...I'd say online gamers are more cautious about entering account details like that from an email, but who knows.
 
So far no one have said anything about stolen credit card info.

Some rumors going around says that the hackers are not actually breaching Blizzard's database and stealing eveything, but rather something about data packet interception by targeting players from the "recently online players" list and gain access when you're online, or immediately after the player log off.

It is suggested that you should stay off public games so as not to appear on the list.

Nothing can be confirmed unfortunately unless Blizzard officially acknowledge the issue.
 
Nothing here to indicate the user did not cause the issue. Also nothing listed about diablo 3 which was used in the title of the post.
 
jjandrob said:
To my knowledge there is no lock feature on the accounts. So if I know your password, your email address, and a at one point good token number.. It's only a matter of time until that number is valid again and I have access. This is not RSA technology were talking about.
Click to expand...

Isn't RSA exactly who makes the authenticators?

Not that they are hack proof. I used to have one for an employer and they all got recalled over some hack.
 
When I played WoW for about 5+ years , my account was hacked 3 times. One of those times they refused to restore my character items and money. So I contacted them on the phone and kept pushing them to restore my account because I was hacked with an authenticator on it the third time. They finally did so but warned me that they would not restore it again and that my account would be under review and possibly banned.

I played WoW on a computer with a fresh install of Windows , fresh install of WoW (vanilla so no mods) and running anti-spyware and anti-virus software. I practiced good surfing habits , I never went to sites that I wasn't completely sure of. I never downloaded BS bloatware. My computer for all intents and purposes was a "sterile" environment and I still got hacked.

For whatever reason , I personally believe that Blizzard is the cause of a certain number of these hacks. I can't offer up any reasoning as to why but I kept my computer in top shape and even still I got hacked. I never clicked links on the official forums and kept my computer bare for months on end. I used a second computer for general day to day shit. Both had firewalls (software and on the router I used) and did not have permission to connect to each other. I also never shared my accounts either.

I think account sharing is probably responsible for tons of hacking , I'm sure Blizzard knows this but there is a certain number (like me) that just don't fit into the "usual" category of people who got hacked. I'm sure now that Diablo 3 single player is online and you are required to login each and every time you all have a pretty strong chance of getting hacked. Its crazy that a game like Diablo 3 which is heavily SP driven is now subject to the same bs MMO players have to put up with.
 
Godmachine said:
For whatever reason , I personally believe that Blizzard is the cause of a certain number of these hacks. I can't offer up any reasoning as to why but I kept my computer in top shape and even still I got hacked. I never clicked links on the official forums and kept my computer bare for months on end. I used a second computer for general day to day shit. Both had firewalls (software and on the router I used) and did not have permission to connect to each other. I also never shared my accounts either.
Click to expand...

I have to agree. Being in a decently large guild and seeing the number of people getting hacked, I can't imagine anything else. I myself was hacked late last year - I hadn't logged in for 6-8 months. Nothing else makes sense; if I had a trojan/keylogger they would have been much better off logging into my bank account and transferring out real money, instead of jumping on WOW and transferring away a few K gold, mats and gear.
 
my retail box copy of D3 is arriving tomorrow from amazon, i think i might send it back... this is retarded.
 
Having a password unique to the game will help, but also not using your primary email address would help too. Many free emails with 'recovery questions' are easy to hack because people put stupid easy questions and answers. One you have that, you can easily change their battle and other account info.

Protip: Change your recovery question to an actual difficult answer.
 
bigdogchris said:
Having a password unique to the game will help, but also not using your primary email address would help too. Many free emails with 'recovery questions' are easy to hack because people put stupid easy questions and answers. One you have that, you can easily change their battle and other account info.

Protip: Change your recovery question to an actual difficult answer.
Click to expand...

Having a unique password in this case is less secure than authenticators are suppose to be. If people with authenticators are being hacked , it doesn't matter what your password is as there is an outside factor influencing the issue unfairly with a huge advantage compromising the possibility of security. Authenticators are suppose to bypass the issue by creating unique passwords randomly and yet people still get hacked.

My recovery question was also not something you could just "guess" at either , unless you had decades upon decades to do so.

There is something wrong with how Blizzard does this whole process. I never get hacked in other MMO's or in other online required SP games. And I realize Blizzard has a massive audience but I've had years of experience dealing with this very issue. It seems entirely random who gets hacked and who doesn't at times.

Whatever Blizzard is doing to prevent these hacks isn't working. I've yet to see a method that can't be seemingly compromised by an outside factor and that factor shouldn't exist according to Blizzard.
 
Ritorix said:
Isn't RSA exactly who makes the authenticators?

Not that they are hack proof. I used to have one for an employer and they all got recalled over some hack.
Click to expand...

Nope. On the back of mine it says digipass. It's an RSA like system but is not RSA.

The hacking of RSA was the code the servers use to determine what number is currently shown on the token at any given time.

It's my understanding the system used by blizzard is not a match type system (as in the server knows what's on the token and you must enter the exact number to match) like RSA's. Again just my understanding...

Compared to the RSA token on my keychain.. there is a world of difference between the two.
 
Rattle said:
my retail box copy of D3 is arriving tomorrow from amazon, i think i might send it back... this is retarded.
Click to expand...

Oh jeez, you have no clue as to how many of the people that got "hacked" tried bots, had malware, etc.


People are blowing this out of proportion, if it were a packet injection based exploit, every Asian game-slave would be molesting every person that they've played public games with. :rolleyes:


TL;DR: Stop being such a sensationalist.
 
In other games I've played there were server flaws that if you logged into your account, you could sometimes get another player's characters instead of your's. Hackers discovered this and exploited it so that all they had to do was login under their account then hijack any other user's account that was online at that time. If you were the victim then you'd get booted and if you tried to enter your name and password you'd be told that you're already online.

That was the basis for the Rift Coin Lock and Aion's random number puzzle at the login screen. To fight those type of exploits. Not saying this is the same type, but I've seen it happen, and have logged into another guy's account by random server error.
 
Tytalus said:
How do you define "low security network"?

Chase's website: username, password, if it's a new IP address you get a text/phone call with a code to punch in.

Blizzard's website: username, password, optional authenticator

I'm not seeing much of a difference. The biggest difference would be in the registration--my bank requires me to walk in to a branch to create an account, thus validating who I am prior to the account being created. There's also government rules governing who can have a bank account, how it must be managed, etc. Blizzard likely doesn't have any of those regulations guiding them.
Click to expand...

Chase doesn't require you to signup for online banking in person; you can do it online with an existing checking account. The big difference is probably in the sophistication of the neural net (or if they're even using a neural net instead of a simple rules-based system). Chase will be able to see full login details, geolocation, OS, IP, transaction details (did you look at your account, transfer funds, etc) and many more details. It will take all of that and compare it against your historical patterns to determine whether or not someone should review the login, or potentially temporarily block access to online banking entirely. As a financial institution you're required to have layered security; different methods of front-end authentication are one piece, back-end monitoring is another.

Blizzard really should have the same thing; with all the money they make and the number of accounts on B.net, there really is no excuse not to (if they don't, however I haven't seen any evidence to show they have).
 
cageymaru said:
In other games I've played there were server flaws that if you logged into your account, you could sometimes get another player's characters instead of your's. Hackers discovered this and exploited it so that all they had to do was login under their account then hijack any other user's account that was online at that time. If you were the victim then you'd get booted and if you tried to enter your name and password you'd be told that you're already online.

That was the basis for the Rift Coin Lock and Aion's random number puzzle at the login screen. To fight those type of exploits. Not saying this is the same type, but I've seen it happen, and have logged into another guy's account by random server error.
Click to expand...

Like recent games? I thought that only happened like back in the day.
 
Melon said:
Honestly, have you read the threads on the Diablo III forums? The people are morons.
Click to expand...

Yeah, the community is pretty bad. After playing beta, I knew we would be getting the same folk from the cesspool of other games; this is an ultra-hyped up game so there would be a large player base of immature and mature players alike.
It would only make sense that there is a higher incentive for hackers to start hijacking people's accounts. Can't say I'm glad for letting people test the waters first. I'll probably join in on the fun once PVP gets implemented.
 
You must log in or register to reply here.
Back
Top