Diablo III Hacking?

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
There sure seems to be a lot of people complaining about hacking in Diablo III. Have any of you had any issues?

A bunch of threads on the Diablo III forums from players who've experienced unauthorized access to their accounts suggest their may be a security issue with the action/RPG sequel or that the game's future support of real-money auctions has attracted more hacking attempts than one would consider normal.
 
No I haven't had any issues. Then again, I don't have D3, so maybe that's why. :p
 
I use the authenticator app from bliz. The authenticator will remember your computer. It will only prompt for an authenticator password if you attempt to login from another computer.
There has been two instances since last Monday night where my authenticator password reprompted – which meant someone else on another computer had attempted to access one of my Blizzard games. Since I never had a problem with SC2. It could have been D3 heckers.
 
I wonder if that is related to the complaints I've heard from friends about Blizzard rolling their characters back to an earlier timepoint?
 
I highly suggest to use the authenticator and set the account to prompt for it on EVERY login.
 
There have been several claims on Blizzard's forum that they had this authenticator thing and still got hacked.

Also some rumors that the attack is through packet interception starting from list of users in the "Recently online players" in public games. They don't actually steal login credentials from Blizzard's system. There are certainly many claims that we should stay away from public games for the time being.
 
I use the authenticator app from bliz. The authenticator will remember your computer. It will only prompt for an authenticator password if you attempt to login from another computer.
There has been two instances since last Monday night where my authenticator password reprompted – which meant someone else on another computer had attempted to access one of my Blizzard games. Since I never had a problem with SC2. It could have been D3 heckers.

This. I added the smartphone authenticator when I bought D3 because I figured with a (pending) real-money auction house, there would be a greater incentive for security shenanigans.
 
Always use an authenticator on games like this. I've used one in all the mmo's that offer it now and its a great solution for two factor authentication. After my cancelled WoW subscription was renewed with a stolen CC and my buddy texted me "you playing WoW again?" I put an authenticator on all my accounts I could and I've never had a problem since.

Quit being lazy and do it
 
Yep, had my WoW account hacked years ago, and since then I've always used an authenticator. No reason not to if you have a smartphone.
 
no online saves, no problems.

I'll laugh my ass off if one day they pull a sony server side blooper (ie BZ's servers gets hacked)
 
great

So i'm off to figure out the authenticator!

( it's not like the P2P downloader running from 2mb/s to 1 b/s then back and forth hassle and then trying get it thru my thick head that my account name was my email and NOT my battlenet name was enough rage....:rolleyes:)
 
Figured with it being online only would pose some problems with hacking, but the authentication process getting bypassed too? Mind blowing!
 
There are plenty of people on the Diablo 3 forum who have the authenticator and have also been hacked also.

That's all bullshit. The ONLY way to get hacked with an authenticator is for them to HAVE the thing in their hand. I have the key fob auth, and it works wonders.
 
dont all popular Blizzard games get hacked?
I dont have a WoW account and keep getting spoofed emails about my battlenet account has an unauthorized login and I need to login to fix it. I suspect that is 1 way they get your passwords.
 
That's all bullshit. The ONLY way to get hacked with an authenticator is for them to HAVE the thing in their hand. I have the key fob auth, and it works wonders.

There are a number of ways to hack a system like this. If you can steal the session, forge a certificate service (if encryption is uses), or redirect traffic such as you appear as blizzard's server to the client and quickly forward the correct credentials to the server from a malicious client.

Most of them would rely on beneficial network topology or your local machine being compromised but it's still feasible.
 
There are two versions of the authenticator.

1) the digipass key chain & the smart phone app.
2) The phone call method.

Is it possible that those reporting getting hacked while having an authenticator, have the phone call authenticator?
 
Someone tried to hack me. I have the smart phone app authenticator. How do I know? I got dc'ed from the game. Logged back in and everything was still there and a random letters guy happened to join my non-public game. Wasn't even on my friends list. I got dc'ed again and when I went back, I got a warning about incorrect password attempts.

Luckily, I was paranoid enough the first time to make my password even longer and change the authenticator to ask every single time.
 
There are a number of ways to hack a system like this. If you can steal the session, forge a certificate service (if encryption is uses), or redirect traffic such as you appear as blizzard's server to the client and quickly forward the correct credentials to the server from a malicious client.

Most of them would rely on beneficial network topology or your local machine being compromised but it's still feasible.

And none of them work if blizzard was properly asserting the signatures and keeping the TLS connection alive.

No, there's some crippling vaulnerability in their infrastructure, more alarming because they havn't made a public statement I'd have to assume they havn't found it.
 
The Authenticator only helps to prevent unauthorized logins with your account. If the hacker is already on the server and they have somehow hacked past the two-form or found a hole to the server. Then once you login they have free access to your account. This is the same for any network servers using Two-Form Authentication. If the hacker is on the server then the two-form authentication is useless because they are already in your house, sitting on your couch, drinking all your beer.

This is what sounds like what is happening because it seems to only happen to people that is playing online or public games.
 
Someone tried to hack me. I have the smart phone app authenticator. How do I know? I got dc'ed from the game. Logged back in and everything was still there and a random letters guy happened to join my non-public game. Wasn't even on my friends list. I got dc'ed again and when I went back, I got a warning about incorrect password attempts.

Luckily, I was paranoid enough the first time to make my password even longer and change the authenticator to ask every single time.

That probably means your machine is already hacked...you just didn't know it. Otherwise...how did they DC you ;)
 
Also be careful guys if your account does get hacked. I had cancelled my WoW sub and it had been de-activated for 6 months. Account got stolen by a gold farmer, called blizzard support and got them to restore the account to what it was 6 months ago. They somehow restored my CC info and started billing me without telling me. I ended up calling fraud on the charges with my bank cause googling where it came from showed fraud, then blizzard called me saying they disabled the account lol :)

Still havent gotten it re-enabled yet since I don't care
 
Na the authenticator is not BS. It is a test and proven security protocol that is used in large enterprise corporations know as Two-Form Authentication. But again if the hacker is on your system or has somehow already hacked your server. Then the Two-Authentication is worthless because the hacker is already bypassed it. The weakest link in any network security infrastructure is always the user.
 
I've been playing MMOs and online games for years upon years and have never been hacked. I always attribute it to user stupidity.

Claiming that your computer is a sterile environment, is complete BS. Once you connect it to the internet, you have the HIV. When my parents get spyware, they claim they never clicked on any links, or downloaded something bad. I don't trust my parents when it comes to computers, so why should I trust a stranger on the internet that claims to be a rank 58 security specialist with a NSA developed firewall and perfect browsing habits?
 
I just did a quick Google search on this issue and all saying it is affecting users that play public on-line games. Which makes since, there is probably a bug or hole in the public games that hackers have found that allows them to see you info. My suggestion, don't play open public games till Blizzard gets its head out of it's ass. Then again that might be a very long wait. :D
 
It is rather weird but on RIFT it was the problem with the password buffer, overflow happened and people could log in with just grabbing the username/email .
I don't like blizzards attitude in games regarding security.
When i see the next PR piece on how they banned 25 billion hackers from their game and so on, it makes me sick ........
 
Damn hackers fuck everything up. I just added the smartphone authentication and SMS alerts. Last thing I want is to put 30 hrs into D3 and have some a-hole take all my loot.
 
That probably means your machine is already hacked...you just didn't know it. Otherwise...how did they DC you ;)

Not necessarily. A good example is WC3. There was a hack going around where you could disconnect people from your games as long as you were the host. Now, it could be related to the port scans that my router logged starting from a day after D3 was launched.

Not impossible that my machine was hacked. Just, very unlikely considering that I never connect to public networks and even when I was on campus, I ran my own firewall with custom configured ip tables and in/out bound enterprise grade antivirus on the firewall machine. I have a comparable setup at home.
 
I've been playing MMOs and online games for years upon years and have never been hacked. I always attribute it to user stupidity.

Claiming that your computer is a sterile environment, is complete BS. Once you connect it to the internet, you have the HIV. When my parents get spyware, they claim they never clicked on any links, or downloaded something bad. I don't trust my parents when it comes to computers, so why should I trust a stranger on the internet that claims to be a rank 58 security specialist with a NSA developed firewall and perfect browsing habits?

First you need an account worth hacking.
Second you need to play a blizzard game that has RMT involved (WoW or D3).
Third, wait long enough and get hacked. Most WoW accounts that get hacked are inactive accounts because there is a higher chance that the farmer will get away with it.

Blizzard has massive security problems and has for years. Before the authenicator was introduced, I've had several WoW accounts hacked multiple times when they were inactive. And to act all high and mighty with your judgment calls about my security is amusing.

The security problem is on Blizzard's server side. Period. I doubt anything meaningful will come from this.
 
First you need an account worth hacking.
Second you need to play a blizzard game that has RMT involved (WoW or D3).

I've had an account since Vanilla.

Blizzard has massive security problems and has for years. Before the authenicator was introduced, I've had several WoW accounts hacked multiple times when they were inactive.

You can still be phished for inactive account details.

And to act all high and mighty with your judgment calls about my security is amusing.

Ok.

The security problem is on Blizzard's server side. Period. I doubt anything meaningful will come from this.

Hearsay.
 
So you're telling me the whole "Always online connection" DRM scheme (which Blizzard says isn't DRM) and is supposed to be the salvation from hacking and cheating isn't working!! So I can't play the game because I don;t have an always on internet connection and If I do goto a cafe or something to play I now have to worry about hackers?

Why not just give me SAFE and EASY offline single player mode??? OR LAN play for when I want multi-player.
 
And none of them work if blizzard was properly asserting the signatures and keeping the TLS connection alive.

No, there's some crippling vaulnerability in their infrastructure, more alarming because they havn't made a public statement I'd have to assume they havn't found it.

This is what I believe is going on. This has been a growing problem for years. I've already posted my experience in the PC Gaming and Hardware thread about this very topic.

Having an authenticator doesn't remove you from being hacked when there is some kind of infrastructure problem going on. You are still logging into a service , you are not without an eco-system that is isolated but in fact shared by millions. There will always be a way to hack something like this.

And yet all we hear is this from Blizzard GM's (really all we've heard for years) :

Hey guys,

We are very aware of these reports and are taking them very seriously. Please keep an eye on the General Discussion forums as Community members will be posting something soon.

If you have been hacked, please contact Customer Service as soon as you can. In addition, using an Authenticator can help secure your account even more.
 
There are a number of ways to hack a system like this. If you can steal the session, forge a certificate service (if encryption is uses), or redirect traffic such as you appear as blizzard's server to the client and quickly forward the correct credentials to the server from a malicious client.

Most of them would rely on beneficial network topology or your local machine being compromised but it's still feasible.

You'd have to of really pissed someone off to get them to go through all that effort. For gold farmers, or other gear/gold sales websites, this wouldn't even be feasible for them, as they'd have better luck, and more gain effort to time wise hacking non-auth'd accounts. Not only that, but if that where to happen, if you punched in your account info, pw, and auth number on a server that has fooled the client side machine into thinking its blizz, it'd fail as a log in attempt, once failed, the key used in that attempt is invalid. So if they took that info they now have, and tried to get into my account, the auth key they have wouldn't work regardless. Hacked accounts with authenticators has not happened, there have been no posts with proof, just "OMGZ I was hacked and I has an authenticatorsz!" nonsense. The company that makes these fobs also makes an extremely similar system for bank vaults. It isn't hacked that easily, if it was, these people wouldn't be hacking blizzard accounts.

People are posting this "I have an auth and was hacked" nonsense just to bash blizzard or start flame wars or any other bullshit reason on the list. I refuse to believe that on all the forums/msg boards out there, there isn't a post with cold hard proof they where hacked with an auth on their account. It simply hasn't happened.
 
You'd have to of really pissed someone off to get them to go through all that effort. For gold farmers, or other gear/gold sales websites, this wouldn't even be feasible for them, as they'd have better luck, and more gain effort to time wise hacking non-auth'd accounts. Not only that, but if that where to happen, if you punched in your account info, pw, and auth number on a server that has fooled the client side machine into thinking its blizz, it'd fail as a log in attempt, once failed, the key used in that attempt is invalid. So if they took that info they now have, and tried to get into my account, the auth key they have wouldn't work regardless. Hacked accounts with authenticators has not happened, there have been no posts with proof, just "OMGZ I was hacked and I has an authenticatorsz!" nonsense. The company that makes these fobs also makes an extremely similar system for bank vaults. It isn't hacked that easily, if it was, these people wouldn't be hacking blizzard accounts.

People are posting this "I have an auth and was hacked" nonsense just to bash blizzard or start flame wars or any other bullshit reason on the list. I refuse to believe that on all the forums/msg boards out there, there isn't a post with cold hard proof they where hacked with an auth on their account. It simply hasn't happened.

Uh, what kind of proof are you looking for? I don't think anyone has set up a video and say 'watch me get hacked'
 
Back
Top