diablo 3 accounts hacked

[Oomps]

Is everyone that is hacked only seeing items being stripped from the character that was last logged in? If so, it's interesting to me that other characters on that account with better stuff are not being touched. It makes me think the hackers are getting in without being able to access the character select screen, which in turn makes me think they've found a way to obtain limited access that doesn't involve passwords or the authenticator process at all.

It's probably just someone using a bot to go through a list of users/passwords.

Think about it, using a very basic script like this, you have it make the exact same clicks everytime. You don't know how many characters each person has, so the simplest thing to do is just set up a script that takes the current character and joins a normal act 1 game and cleans out what is in the stash and on the character. Stash/vendors/join game/etc are always in the exact same spot. You don't have to do any kind of pixel comparison or anything to determine what characters the person has, and it works for any account that has any characters at all. It may not maximize the amount for each account, but the reliability and speed that it can go through the accounts probably makes up for it.

 

[fps4ever]

Then why haven't accounts with authenticators been compromised?

Can't you just let it go? Just go enjoy D3 and don't worry about everybody else if your so confident its not Blizzards fault. They are giving refunds to unsatisfied customers so everybody wins...jeeezzz

 

[Astral Abyss]

Can't you just let it go? Just go enjoy D3 and don't worry about everybody else if your so confident its not Blizzards fault. They are giving refunds to unsatisfied customers so everybody wins...jeeezzz

It's not exactly everyone else... I don't think he's worried about me.

 

[Nasty_Savage]

Somoene mentioned this in the thread on the main subforum and it may have some merit...maybe its not hacks and just Data Loss? There are some instances where there is SOME gear, and lower level toons being stripped where as the more lucrative higher level toons are untouched....

 

[Dallows]

Can't you just let it go? Just go enjoy D3 and don't worry about everybody else if your so confident its not Blizzards fault. They are giving refunds to unsatisfied customers so everybody wins...jeeezzz

You act like I'm on some sort of crusade. I saw a post in regards to a topic I'm interested/concerned with and responded with something reasonable.

I seem to be the only one around here who gives a shit about other people spreading fud or misinformation. If anything I'm trying to help other people understand the true nature of these compromises.

And of all things I'm posting in a thread all about the Diablo 3 hacked/compromised accounts.

 

[fps4ever]

You act like I'm on some sort of crusade. I saw a post in regards to a topic I'm interested/concerned with and responded with something reasonable.

I seem to be the only one around here who gives a shit about other people spreading fud or misinformation. If anything I'm trying to help other people understand the true nature of these compromises.

And of all things I'm posting in a thread all about the Diablo 3 hacked/compromised accounts.

Sounds like a crusade to me...Blizzard said it's not them, players say its not them. It will work itself out but Blizzard is the only one that can tell us what really happened, but don't hold your breath for that. Your not going to change anybody's mind that is already made up. This whole thing is a clusterf*ck.

 

[leezard]

If anything I'm trying to help other people understand the true nature of these compromises.
.

Just to play devils advocate here, how can you "help other people understand the true nature of these compromises" when you yourself dont have any proof one way or the other on how these "hacks" are being done. Your guessing, speculating and making assumptions just like the rest of us.

 

[Draxanoth]

Then why haven't accounts with authenticators been compromised?

If authenticators do indeed work I would assume it's because when you install one it actually triggers the offsite IP blocking. So if someone tries to hack in from Taiwan an immediate stop goes into effect. I don't think you can enable that without an authenticator. So the authenticator itself isn't doing anything, it's the IP blocking that comes with having one that does.

If they did IP blocking with e-mail authentication when you try to connect from a new location this issue would likely be non-existent.

Those who are hacked are getting attacked in a very specific fashion, last used character and first stash page only. And sometimes they don't even lose everything on their character, I lost a cheapo shield and leggings while my 2.5 million gold amulet was untouched... There is a reason for this limitation, and it's likely the result of whatever method is being employed to carry it out.

 

[Dallows]

Sounds like a crusade to me...Blizzard said it's not them, players say its not them. It will work itself out but Blizzard is the only one that can tell us what really happened, but don't hold your breath for that. Your not going to change anybody's mind that is already made up. This whole thing is a clusterf*ck.

Do you work in IT, and by that I really mean dealing with end-users daily?

Honestly who would you be more inclined to believe given what we've seen so far? Some end-user with limited knowledge of the back-end and how everything works, who says he was hacked and always, never, ever does anything wrong on his computer, always runs norton, doesn't visit porn sites (even though many legit sites get hacked and things like flash vulnerabilities throw that out the window), etc,etc... OR, would you believe a publicly traded well-know company with many years of experience dealing in this type of security/environment.

Hmm.. tough call.

Just to play devils advocate here, how can you "help other people understand the true nature of these compromises" when you yourself dont have any proof one way or the other on how these "hacks" are being done. Your guessing, speculating and making assumptions just like the rest of us.

True nature might not have been the best term. But you can't only see one side of any story.

I'm making assumptions to an extent. But when some guy on a forum says "I was hacked, I have an authenticator." And then a Blizzard rep checks there account and says "No you don't." or "That authenticator was just added and was not present when the account was compromised."

Those kinds of back and forth exchanges are common.

This was linked in a comment from that Forbes "article." Take a look if you have time.

http://us.battle.net/d3/en/forum/topic/5271503297

In there the guy goes through a lot of simple stuff I bet most people (remember there's some 6 million copies of D3 sold. That's a shit ton of average joe gamers) have no clue on.

He also touches on the fact, either in that post or a similar one, that there is no evidence for these hacks. There would be something on the internet about it. It would get leaked out. It always does. Yet no-one, no where, knows anything about it.

The only reason question I believe exists is "Is it a problem with Blizzard servers some how?"

Are they losing data and having to use backups, etc. But that throws a very large cog into the wheel. If they are losing data, and having people use up rollbacks for a legit issue on their end, and that information gets out. They're fucked. They have no reason to lie in that case. It would only end up bad for them.

Also, if you bother to look through these Blizzard blue posts, there's a lot of good info there. Direct from a support rep.

http://hardforum.com/showpost.php?p=1038781893&postcount=459

 

[evanisthecoastie]

My question is why is this happening so often with D3 accounts. I dont remember seeing this huge an influx of complaints from wow or SC2.

 

[ashmelev75]

My question is why is this happening so often with D3 accounts. I dont remember seeing this huge an influx of complaints from wow or SC2.

There's nothing to gain from hacking SC2 accounts. WoW hacks are happening all the time, people just don't talk about them that much. My friend's account got hacked 6+ months after he quit the game.

 

[Dallows]

You're hopeless.

 

[Nasty_Savage]

always runs norton

LOL! Right there would be your problem. Sep11 lets everything right through, and in the event that they actually find something and alert you after you get burned it can't do shit about it and you have to reformat anyway, hahaha

 

[fps4ever]

Shit is starting to get real...what a cluster fudge.

http://www.shacknews.com/article/74044/blizzards-korean-office-raided-over-diablo-3-complaints

 

[Dallows]

LOL! Right there would be your problem. Sep11 lets everything right through, and in the event that they actually find something and alert you after you get burned it can't do shit about it and you have to reformat anyway, hahaha

That would be their problem. I don't run Norton or any Symantec product. What I was saying in that post is typical of a normal everyday computer user.

 

[Orddie]

Good troll....I never said it was all Blizzard's fault. And why don't we watch it with the personal insults, as its the last form of arguing like Dallows did.

I'm sorry.. Where did i personally insult you?

 

[Astral Abyss]

I'm sorry.. Where did i personally insult you?

You disagreed with him.

This thread is endless amusement.

 

[TwistedAegis]

If there WAS a Blizzard issue, it wouldn't make sense for them to release it out until/unless it was fixed. Not that they would voluntarily release it anyway, but it wouldn't seem to make much sense to say, "Hey, you can spoof our session IDs, it isn't fixed yet, but here is how you do it!"

 

[Oomps]

Shit is starting to get real...what a cluster fudge.

http://www.shacknews.com/article/74044/blizzards-korean-office-raided-over-diablo-3-complaints

Doesn't really seem to be related.

 

[Dallows]

Doesn't really seem to be related.

And it makes you wonder. Clearly they have separate international divisions, and people in the states have been getting refunds. So there must be a disconnect. One I'm sure Blizzard and Co. will address.

 

[collegeboy69us]

I had my account restored sometime last night, didn't matter because I was asleep (5am wake up for work) sucks.

Anyways - I had my hacked account restored, now instead of a level 51 I'm a 50. Not that huge of a deal. My problem is I've been left with a very bad taste in my mouth and no desire to play anymore knowing that any moment for no reason I can lose all my work.

Blizzard's tone in the matter is negative and almost abusive. I was told that I'm only allowed "one more rollback" I've had 3 days to read on the subject (couldn't play D3 of course) and the commonality I'm seeing is that everyone who's getting hacked only loses something from their last played character, only from the first page of their stash. What this tells me is that it's server side - if someone actually did have my password why wouldn't they clean out "EVERYTHING"? Had I not already blown 60 dollars on this game, I'd wager it was an unknown glitch somewhere in their uber awesome 24/7 DRM/security scheme.

I'm happy I was able to get my account restored - but I'm still pondering if I should try to get my money back. I'm viewing this as if I'd have bought a new car, and let's say after a computer glitch in the car I suddently don't feel safe driving it. I damn sure would get my money back per federal laws. It's not a perfect analogy but you get my point I hope.

 

[Dallows]

I had my account restored sometime last night, didn't matter because I was asleep (5am wake up for work) sucks.

Anyways - I had my hacked account restored, now instead of a level 51 I'm a 50. Not that huge of a deal. My problem is I've been left with a very bad taste in my mouth and no desire to play anymore knowing that any moment for no reason I can lose all my work.

Blizzard's tone in the matter is negative and almost abusive. I was told that I'm only allowed "one more rollback" I've had 3 days to read on the subject (couldn't play D3 of course) and the commonality I'm seeing is that everyone who's getting hacked only loses something from their last played character, only from the first page of their stash. What this tells me is that it's server side - if someone actually did have my password why wouldn't they clean out "EVERYTHING"? Had I not already blown 60 dollars on this game, I'd wager it was an unknown glitch somewhere in their uber awesome 24/7 DRM/security scheme.

I'm happy I was able to get my account restored - but I'm still pondering if I should try to get my money back. I'm viewing this as if I'd have bought a new car, and let's say after a computer glitch in the car I suddently don't feel safe driving it. I damn sure would get my money back per federal laws. It's not a perfect analogy but you get my point I hope.

Unfortunately this doesn't really help. I'll politely ask again if you could shed any details about your authenticator and if Blizzard (did you speak with a rep over the phone or was this some email-type exchange?) had anything to say about the fact that your account was compromised with an authenticator attached.

This isn't some sort of attack or Blizzard fanboyism.

You claimed to have an authenticator (I have a mobile one) and you have been compromised. More detail would help me determine the level of safety of my account.

Thanks.

 

[Dallows]

If there WAS a Blizzard issue, it wouldn't make sense for them to release it out until/unless it was fixed. Not that they would voluntarily release it anyway, but it wouldn't seem to make much sense to say, "Hey, you can spoof our session IDs, it isn't fixed yet, but here is how you do it!"

I wasn't going to address this. But I guess I will. Blizzard has states that session ID stealing is impossible, or that they don't have any evidence to prove that it is possible. I don't have the exact wording but something like the system just doesn't permit it. It was one of the first things they looked at and addressed.

 

[roaf85]

Unfortunately this doesn't really help. I'll politely ask again if you could shed any details about your authenticator and if Blizzard (did you speak with a rep over the phone or was this some email-type exchange?) had anything to say about the fact that your account was compromised with an authenticator attached.

This isn't some sort of attack or Blizzard fanboyism.

You claimed to have an authenticator (I have a mobile one) and you have been compromised. More detail would help me determine the level of safety of my account.

Thanks.

Exactly. Every single one of my friends including my GF that was hacked over the last 2 years never had an authenticator. I have one and have never ever been hacked. Same with others who picked up the authenticator shortly after getting hacked.

 

[TwistedAegis]

I wasn't going to address this. But I guess I will. Blizzard has states that session ID stealing is impossible, or that they don't have any evidence to prove that it is possible. I don't have the exact wording but something like the system just doesn't permit it. It was one of the first things they looked at and addressed.

Session ID spoofing was just an example, it could be another server side issue. I believe that the majority of compromises are due to PEBKAC. However at the same time I've seen just so many compromises that I apply the, "Where there is smoke, there is fire" assumption. Mainly this is from my experiences in WOW where hacked accounts were so prevelant; it was a near weekly occurrence in a guild of about ~100 people.

 

[collegeboy69us]

Unfortunately this doesn't really help. I'll politely ask again if you could shed any details about your authenticator and if Blizzard (did you speak with a rep over the phone or was this some email-type exchange?) had anything to say about the fact that your account was compromised with an authenticator attached.

This isn't some sort of attack or Blizzard fanboyism.

You claimed to have an authenticator (I have a mobile one) and you have been compromised. More detail would help me determine the level of safety of my account.

Thanks.

I have the mobile one -- (the app on my droid)

I submitted a ticket via their system - took about 24 hours for the initial response, and another 12 for them to perform the rollback I had to confirm I wanted. Calling seemed futile as the wait times was over 1 hour. (Sorry I'm not going to blow 60-90 minutes out of my 450 allowed anytime minutes to speak with them)

Any questions or comments I made during the exchange with a customer service rep were pretty much ignored. All they wanted to know was a "yes" or "no" on if I wanted my account rolled back. Asking why it happened despite being "secure" was totally glossed over.

I'm glad you asked, and I want everyone to know what happened in my situation. I find it ODD that the loss of my character coincided exactly with the new patch. Even when all the initial hacking scare started my character was secure. Whether it's some sort of server side hack that bypasses all password/authenticator or whether it was a straight up data loss who knows.

Either way -- this has been a huge blow to my enjoyment of the game. Anyone can understand it's harder to get into the fun of buliding a character, watching them grow, and get better and better loot, when in the back of your mind you constantly have to wonder if it's going to be there in the morning.

 

[TheMadHatterXxX]

Either way -- this has been a huge blow to my enjoyment of the game. Anyone can understand it's harder to get into the fun of buliding a character, watching them grow, and get better and better loot, when in the back of your mind you constantly have to wonder if it's going to be there in the morning.

I'll refrain from saying anything hurtful to someone's ego since Dallows and/or JJandrob reported me for "trolling" but ask yourselves this:

is it really worth it? Just get a refund...by continuing this you're just sending Blizzard the message that this is all acceptable when it's really not

 

[roaf85]

I have the mobile one -- (the app on my droid)

I submitted a ticket via their system - took about 24 hours for the initial response, and another 12 for them to perform the rollback I had to confirm I wanted. Calling seemed futile as the wait times was over 1 hour. (Sorry I'm not going to blow 60-90 minutes out of my 450 allowed anytime minutes to speak with them)

Any questions or comments I made during the exchange with a customer service rep were pretty much ignored. All they wanted to know was a "yes" or "no" on if I wanted my account rolled back. Asking why it happened despite being "secure" was totally glossed over.

I'm glad you asked, and I want everyone to know what happened in my situation. I find it ODD that the loss of my character coincided exactly with the new patch. Even when all the initial hacking scare started my character was secure. Whether it's some sort of server side hack that bypasses all password/authenticator or whether it was a straight up data loss who knows.

Either way -- this has been a huge blow to my enjoyment of the game. Anyone can understand it's harder to get into the fun of buliding a character, watching them grow, and get better and better loot, when in the back of your mind you constantly have to wonder if it's going to be there in the morning.

Did you get the authenticator recently and did you have it prompt every single time you logged in?

 

[Dallows]

I have the mobile one -- (the app on my droid)

I submitted a ticket via their system - took about 24 hours for the initial response, and another 12 for them to perform the rollback I had to confirm I wanted. Calling seemed futile as the wait times was over 1 hour. (Sorry I'm not going to blow 60-90 minutes out of my 450 allowed anytime minutes to speak with them)

Any questions or comments I made during the exchange with a customer service rep were pretty much ignored. All they wanted to know was a "yes" or "no" on if I wanted my account rolled back. Asking why it happened despite being "secure" was totally glossed over.

I'm glad you asked, and I want everyone to know what happened in my situation. I find it ODD that the loss of my character coincided exactly with the new patch. Even when all the initial hacking scare started my character was secure. Whether it's some sort of server side hack that bypasses all password/authenticator or whether it was a straight up data loss who knows.

Either way -- this has been a huge blow to my enjoyment of the game. Anyone can understand it's harder to get into the fun of buliding a character, watching them grow, and get better and better loot, when in the back of your mind you constantly have to wonder if it's going to be there in the morning.

Sad news indeed. I'm almost recommending you post on their forums trying to get more info. They have Blizzard employees posting often and in your case I would definitely want, if not demand some further investigation regarding your account.

 

[Climber]

By mobile authenticator do you mean the SMS one or the actual app that you have to type in a code each time?

 

[Draxanoth]

I have the mobile one -- (the app on my droid)

If you actually have the mobile keyfob style one and they got you, you're the first one I've seen. It seemed like the unknown IP blocking that the keyfob style authenicator enables was keeping them out... Most people who claim the authenticators don't work have the SMS or Dial-in one, which doesn't work for D3. Blizzard really shouldn't have some protection services that don't apply to everything, lots of people are getting confused by it.

I think we can all be fairly certain the majority of these events are not the result of phishing either way. Too much information painting a different picture, and too many good items are getting left behind in the attacks for it to be a coincidence.

I had a very similar experience with the support center, but I actually talked to someone. The help center is not the least bit interested in gathering information to determine where a vulnerability may exist. The funniest part was when they couldn't find any sign someone logged in between when I left for the night and when I came back in the morning, they still told me that I must have given out my details somehow. So nobody logged in, but they managed to steal my stuff... that is most definitely my fault somehow right?

Hopefully Blizzard is just trying to keep the panic to a minimum and aren't actually ignoring the problem. I'm running the mobile authenticator on my PC now (I don't have a smartphone and didn't want to wait 3 weeks, so I improvised.) in hopes it'll prevent it from happening again, but we'll have to wait and see.

 

[SBSuperfly]

Sad news indeed. I'm almost recommending you post on their forums trying to get more info. They have Blizzard employees posting often and in your case I would definitely want, if not demand some further investigation regarding your account.

They have been deleting these types of threads in the forums.

 

[Dallows]

Then go back to my previous post. Get the name of the Blizzard poster and message them directly.

If you really cared. If it was really an issue. You would get answers. Giving up is a sign that something isn't right.

 

[Draxanoth]

Then go back to my previous post. Get the name of the Blizzard poster and message them directly.

If you really cared. If it was really an issue. You would get answers. Giving up is a sign that something isn't right.

The people on the forums aren't in the technical department. He could message them all day, they're PR people and they're going to point him to the posts that say don't talk about this stuff here.

They want everyone to go through their help desk, and you have to call them if you plan to convey anything more complicated than "I was hacked, can I have a rollback?" Type anything more and you will spend 2 weeks trying to unconfuse the person handling the tickets.

Most people aren't willing to deal with the 3 hour phone wait; and honestly after sitting through it, where in the end they refused to help me because there was no evidence my account had been compromised, I don't blame him.

 

[Astral Abyss]

It does seem that Blizzard needs to make changes to their login system as it's pretty obvious that it's not working well to prevent theft. Problem here is that the same battle.net login system is used by every one of their games so once it's compromised, it's compromised for every Blizzard game you play. The same WoW hacks and flash vulnerabilities that have been out for years most likely work perfectly well at hacking and/or stealing login info for Diablo 3.

One thing I do find idiotic is using our email address as a user name. There goes half our username/password security and makes hacking easy if any other account of ours has been compromised, such as PSN, Yahoo, Gmail, etc. Because while our password may have changed, chances are we still use the same email address.

 

[Dallows]

The people on the forums aren't in the technical department. He could message them all day, they're PR people and they're going to point him to the posts that say don't talk about this stuff here.

They want everyone to go through their help desk, and you have to call them if you plan to convey anything more complicated than "I was hacked, can I have a rollback?" Type anything more and you will spend 2 weeks trying to unconfuse the person handling the tickets.

Most people aren't willing to deal with the 3 hour phone wait; and honestly after sitting through it, where in the end they refused to help me because there was no evidence my account had been compromised, I don't blame him.

The employee in the thread I referenced has been dealing with compromised accounts for a long time. They're not just some PR person.

 

[zoobaby]

Then go back to my previous post. Get the name of the Blizzard poster and message them directly.

If you really cared. If it was really an issue. You would get answers. Giving up is a sign that something isn't right.

Sometimes the effort to follow through is not worth the effort, time, or money. The phone waits are over an hour and their support wont tell you what happened anyway. You will not get any details because their support is instructed not to give any details out.

If I get hacked, I'l get rolled back and either keep playing or move on. After tonight, I will have reached my break point on entertainment value for cost and time spent playing the game. For me that is $1/hour for games.

 

[TheMadHatterXxX]

ROFL!

Supposedly this guy claims he followed all proper procedures with using the appropriate authenticator and still got hacked:

So what do Blizzard staff do? Well unlike previous examples where they were quick to correct people who made similar claims and made sure to tell everyone that the compromised account didn't have the correct authenticator or it wasn't active at the time of the compromise or some other excuse, they lock the thread and sweep it under the rug since they probably can't deny the truth behind this claim.

http://us.battle.net/d3/en/forum/topic/5589541172

 

[Climber]

ROFL!

Supposedly this guy claims he followed all proper procedures with using the appropriate authenticator and still got hacked:

So what do Blizzard staff do? Well unlike previous examples where they were quick to correct people who made similar claims and made sure to tell everyone that the compromised account didn't have the correct authenticator or it wasn't active at the time of the compromise or some other excuse, they lock the thread and sweep it under the rug since they probably can't deny the truth behind this claim.

http://us.battle.net/d3/en/forum/topic/5589541172

...I installed it after the first time my account was hacked. So I typed wrong and will not change it as that would only cause more problems with these trolls.

 

[TheMadHatterXxX]

...I installed it after the first time my account was hacked. So I typed wrong and will not change it as that would only cause more problems with these trolls.

So? Are you saying that the authenticator is a useless device for your account if you have ever been hacked prior to enabling it for future use??

Did you read the whole thing where he claims he was compromised a second time AFTER setting up the authenticator? It's just curious how the Mods on there are johnny on the spot to point out and correct all the other authenticator/hacked claims to the community yet this one just gets locked. Wrong forum? It's in the technical support forum and every other claim regardless of where it was made was being addressed. They could've moved it to the correct forum if that was even the case.