Diablo 3 Account Hacked

[Fahim]

So I was cruising along my Witch Doctor Level 57 through Act 2 Hell in Diablo 3 all week, and log into my account on Saturday morning to find all my items stripped from my character, and all my items in my stash and gold gone!

Anyone else experience this? I did a scan of my system and I have no malware or viruses. I built a new computer and new image of Windows XP 64bit and I do nothing but play Diablo 3, I don't even check my email on this computer. My system was fully up to date, and all anti virus software loaded before anything else was installed. I can smell a phishing scam a mile away and I have not responded to anything, or received anything of the like for a year now.

Blizzard can restore my account back to Level 55, which is a bummer because there was a good amount of time put in to even get to Level 57. Better than nothing, but my concern is what is there to stop it from happening again?? I turned on the Authenticator to check every time I log in and put in a stronger password. How does someone simply take my items?? Is Blizzard's security weak? Are there any repercussions of the person who did this to me? I feel like they should easily be able to track who logged into my account via IP addresses, verify which IP address is mine, and which is not. Track any other account that unknown IP address is logging into and shut that account down for violating Blizzard's policies. They should also be able to track which accounts have been in the same party as another. I haven't logged into any other party since I was hacked, so why can't they just follow up with that user??

I'm not sure why I would continue to play this game if my account is going to keep getting hacked?

Anyone else have any similar experience? Have you had to turn on the Authenticator? Have you been hacked twice?

 

[MisterSkills]

Is it possible you've created an account on a message board or any online services with the same email and password you use on battle.net ?

That's how i got compromised myself on wow ...

 

[DarkSaturn]

Welcome to the club.

According to the Blizzard forums we are all running compromised systems and click on every phishing email, usually twice. Plus is all our faults for not having an authenticator.

The fact that they have announced the Real Money Auction House won't be opening at the end of the month, tells me at least internally they are aware of an issue even though they continue the suggest that all the breaches are happening through traditional methods.

Haven't heard of any repercussions for any of the hackers. Would be really easy for Blizzard to track, but guess blame the users is easier yet. Big thread in the PC subforum on this topic.

Luckily when I was hacked on the weekend, it was done by idiots who took all my gold and items in the stash, and the potions from my character but left all the gems in my stash and my equipped items.

I was good since launch, the only thing that changed was that I logged into the battle.net forums, so I'm wondering if they are getting info via a compromise on the website rather than the game itself. Been some speculation about session ID spoofing, since a lot of people seem to be hacked while they are playing. Nothing concrete.

 

[Hornet]

Keyloggers and phishing will always be a problem with any online games, but I am finding it very hard to believe that within a few days time, a large number of users get compromised by them. At this rate, we're probably talking about thousands of victims and counting.

Right now, I'm avoiding any public games, and I'm also changing my password every week. I don't know whats going on, but I have nothing to lose taking those precautions I guess.

 

[DarkSaturn]

Keyloggers and phishing will always be a problem with any online games, but I am finding it very hard to believe that within a few days time, a large number of users get compromised by them. At this rate, we're probably talking about thousands of victims and counting.

Right now, I'm avoiding any public games, and I'm also changing my password every week. I don't know whats going on, but I have nothing to lose taking those precautions I guess.

I never played a single public game but was hacked, I was however using the auction house. Should be safe since it doesn't show which user is selling, but who knows.

On the battle.net forums there was a thread doing a list of who had been hacked, was up to 300 names pretty quick before Blizzard deleted it like they seem to be doing to all the 'I was hacked' threads now.

 

[Hornet]

I never played a single public game but was hacked, I was however using the auction house. Should be safe since it doesn't show which user is selling, but who knows.

On the battle.net forums there was a thread doing a list of who had been hacked, was up to 300 names pretty quick before Blizzard deleted it like they seem to be doing to all the 'I was hacked' threads now.

Thanks for that info. Pretty much rules out that ID spoofing during public games theory then.

Its really worrying to me now that we still have no idea how it works or what we can do to protect our account. I log in every morning just to check if all my gold and items are still there, not knowing if and when I might be one of the victims.

 

[Fahim]

Is it possible you've created an account on a message board or any online services with the same email and password you use on battle.net ?

That's how i got compromised myself on wow ...

No man - haven't joined any message boards, and I keep my passwords varied between sites and accounts. Sucks that you also were hacked - did you turn on Authenticator now? Have you been in the clear since?

Only thing I noticed was one of the last public games I was playing another Witch Doctor entered the game and started completely hating the way I was playing since there are so many different ways you can play Witch Doctor. He was straight up harassing me and calling me names so I reported him. He then proceeded to just chill in town and not move or log out of the game. So I tried to Kick him, but the servers wouldn't respond to this request. I wonder what he was doing... like setting up for a hack.

Welcome to the club.

According to the Blizzard forums we are all running compromised systems and click on every phishing email, usually twice. Plus is all our faults for not having an authenticator.

The fact that they have announced the Real Money Auction House won't be opening at the end of the month, tells me at least internally they are aware of an issue even though they continue the suggest that all the breaches are happening through traditional methods.

Haven't heard of any repercussions for any of the hackers. Would be really easy for Blizzard to track, but guess blame the users is easier yet. Big thread in the PC subforum on this topic.

Luckily when I was hacked on the weekend, it was done by idiots who took all my gold and items in the stash, and the potions from my character but left all the gems in my stash and my equipped items.

I was good since launch, the only thing that changed was that I logged into the battle.net forums, so I'm wondering if they are getting info via a compromise on the website rather than the game itself. Been some speculation about session ID spoofing, since a lot of people seem to be hacked while they are playing. Nothing concrete.

Dude - It would be so easy for Blizzard to track who is doing this and shut them down. Publicly banning them would be a right step, even though these hackers can probably just take on another account, it would be a step in the right direction.

It's so irritating that they won't support their own players that are victims. And they will ONLY restore you account TWICE what happens after the second time? They keep getting hacked and it's your fault? I almost just want a refund at this point since this company is so lame with security! No point to keep playing unless I can control the IP address that log into my account, and authenticator is a solid solution.

I don't believe that passwords or authenticators have anything to do with this compromise and I'm looking solely at Blizzard's server weakness.

 

[DarkSaturn]

Dude - It would be so easy for Blizzard to track who is doing this and shut them down. Publicly banning them would be a right step, even though these hackers can probably just take on another account, it would be a step in the right direction.

It's so irritating that they won't support their own players that are victims. And they will ONLY restore you account TWICE what happens after the second time? They keep getting hacked and it's your fault? I almost just want a refund at this point since this company is so lame with security! No point to keep playing unless I can control the IP address that log into my account, and authenticator is a solid solution.

I don't believe that passwords or authenticators have anything to do with this compromise and I'm looking solely at Blizzard's server weakness.

The other bonus is that if you request ONE rollback, and then don't add an authenticator... no RMAH for you. Then again, I wouldn't let my real money anywhere near battle.net at this point.

 

[Trimlock]

Personally I'm upset at blizzards lack if response and continual run around on the subject. You don't get this many compromised accounts out if the blue. Sure every system had problems, every game has accounts get hacked but with the large volume of hacking going on it sure does seem blizzard is just handing them the info and but not giving a crap about fixing the game. I'm very tempted to return my b day gift and not bother.

 

[Fahim]

Personally I'm upset at blizzards lack if response and continual run around on the subject. You don't get this many compromised accounts out if the blue. Sure every system had problems, every game has accounts get hacked but with the large volume of hacking going on it sure does seem blizzard is just handing them the info and but not giving a crap about fixing the game. I'm very tempted to return my b day gift and not bother.

Yeah dude I feel ya - super lame of them.

 

[Mokkat]

I was hacked for all my items and gold too. Same story as OP, though I do use my comp for everyday use and my Win 7 install is some months old by now. If it's phishing/keylogger/etc, it's some pretty advanced stuff.
And of course, according to Blizzard's officials, and the entire internet, it is my own fault.

Could the auction house possibly have anything to do with it? Because I was hacked the night after I started using the AH seriously by putting up multiple auctions.


I filed a ticket immediately after I found my character empty, but when I found out the harsh penalties for using restorations, I opted not to get one.
I wouldn't think about using 1 of only 2 yearly restos, when I might get hacked again tomorrow at this stage. Also, though I fully understand the logic behind disabling compromised accounts from the RMAH, I find it principally wrong that I have to give up an official game feature to continue playing with my acquired gear, if I don't put an additional 10€ towards an auth.
The authenticators came into existance as a 10€ extra layer of protection to keep people's WoW accounts with hundreds of € and real life days racked up, safe - not to add an mandatory 10€ onto my 60€ game so I can play without worrying for my items disappearing.

 

[DoubleTap]

I had D3 in my shopping cart at Target last night. These threads are why I handed it back to the cashier.

 

[Johnked6]

I urge anyone who doesn't have an authenticator to pick one up. It's a free downloadable app if you own an ios or android device. Otherwise it's $7 at the battlenet store. It's an inconvenience but you're playing with fire if you don't have one.

 

[bigdogchris]

So I was cruising along my Witch Doctor Level 57 through Act 2 Hell in Diablo 3 all week, and log into my account on Saturday morning to find all my items stripped from my character, and all my items in my stash and gold gone!

Anyone else experience this? I did a scan of my system and I have no malware or viruses. I built a new computer and new image of Windows XP 64bit and I do nothing but play Diablo 3, I don't even check my email on this computer. My system was fully up to date, and all anti virus software loaded before anything else was installed. I can smell a phishing scam a mile away and I have not responded to anything, or received anything of the like for a year now.

Blizzard can restore my account back to Level 55, which is a bummer because there was a good amount of time put in to even get to Level 57. Better than nothing, but my concern is what is there to stop it from happening again?? I turned on the Authenticator to check every time I log in and put in a stronger password. How does someone simply take my items?? Is Blizzard's security weak? Are there any repercussions of the person who did this to me? I feel like they should easily be able to track who logged into my account via IP addresses, verify which IP address is mine, and which is not. Track any other account that unknown IP address is logging into and shut that account down for violating Blizzard's policies. They should also be able to track which accounts have been in the same party as another. I haven't logged into any other party since I was hacked, so why can't they just follow up with that user??

I'm not sure why I would continue to play this game if my account is going to keep getting hacked?

Anyone else have any similar experience? Have you had to turn on the Authenticator? Have you been hacked twice?

Couple questions.

Did your email that is attached to your game account get it's password changed?

Did your game password get changed?

 

[TRex]

I urge anyone who doesn't have an authenticator to pick one up. It's a free downloadable app if you own an ios or android device. Otherwise it's $7 at the battlenet store. It's an inconvenience but you're playing with fire if you don't have one.

Windows Phone 7 also has the free authenticator app. I agree, everyone should be using the authenticator otherwise you are a sitting duck.

 

[MrWizard6600]

Is it possible you've created an account on a message board or any online services with the same email and password you use on battle.net ?

That's how i got compromised myself on wow ...

This is a really good point. You really want separate passwords for every domain, and the only way you could even hope to manage that is with Lastpass or OnePass.

 

[bigdogchris]

I think the best thing you can do is to make sure your email password is secure and that your security question is not something stupid easy like ...

What's your dogs name? Hint:Spot

^^^^^^ some people actually do this!

Once your email account is compromised, hackers can then easily reset your battle.net account information username and password.

 

[ounumen]

I think the best thing you can do is to make sure your email password is secure and that your security question is not something stupid easy like ...

What's your dogs name? Hint:Spot

^^^^^^ some people actually do this!

Once your email account is compromised, hackers can then easily reset your battle.net account information username and password.

I agree people are stupid. My axe to grind is the lack of support, sympathy or appology for having a compromised system. You cant have an epidemic like this and pass it all off as user error. Maybe and I say maybe half of these are the result of user error. Hell even if 75% of it is user error there is still a shit load of people getting boned by their crappy security. I am sure some die hard Blizz fanboi will roast me but Blizzard/Activision is screwing the pooch on this. News flash we turned on Bioware we can turn on you

 

[Trimlock]

I agree people are stupid. My axe to grind is the lack of support, sympathy or appology for having a compromised system. You cant have an epidemic like this and pass it all off as user error. Maybe and I say maybe half of these are the result of user error. Hell even if 75% of it is user error there is still a shit load of people getting boned by their crappy security. I am sure some die hard Blizz fanboi will roast me but Blizzard/Activision is screwing the pooch on this. News flash we turned on Bioware we can turn on you

I think you are spot on, but I think you give too much credit to user stupidity. Thats just me though.

 

[Ryom]

Instead of going all out with hardware fobs, SMS, phone calls, and custom programs for authentication, why doesn't Blizzard just send an auth code to the email address that the account registered to? Seems like it would be vastly simpler and less of a headache for 99% of the user base. Something akin to Steam Guard like Valve does... and if a login is attempted from a different IP address you'd get an auth code sent to your email as well regardless of if you had extra account security setup or not.

 

[HeavensCloud]

I've been safe but after hearing all these horror stories I installed the authenticator on my Droid last night. Sorry for you OP.

 

[Fahim]

This is a really good point. You really want separate passwords for every domain, and the only way you could even hope to manage that is with Lastpass or OnePass.

Yes - although I do this already, i found how important is even more nowadays to do so.

Couple questions.

Did your email that is attached to your game account get it's password changed?

Did your game password get changed?

No - they didn't change anything on my account, no email changes or password changes. They just took my items. I would like Blizzard to prove someone else logged into my account. I bet they could not.

I've been safe but after hearing all these horror stories I installed the authenticator on my Droid last night. Sorry for you OP.

You did the right thing - but I've heard people getting hacked even with the Authenticator. doesn't seem anyone is safe from the server side vulnerability

on a side note - i've seemed to have created another thread when there is already a much larger discussion going on on another thread.

 

[SixFootDuo]

Easy solution to never ever getting hacked again.

Use a pass phrase for a password. Nothing simple.

Here is a slightly changed example of an actually password I somewhat used a year or so ago.

OrangeOrangesAreTastyAndSweet

Easy to remember and and extremely hard to crack. It can also be typed out rather quickly if you have any sort of typing skills, which, you should have

Also, get a great anti virus solution. Bitdefender or Panda Cloud Pro are both extremely highly rated on average above other solutions. Or use whatever you think is cool.

I picked up a legit Panda Cloud Pro 2012 serial for $7 off eBay. Love it. I also bought Bitdefender but it's a pain in the ass to stop if you know you have a false positive.

Also, if you use a lot of keygens or cracks. Always ALWAYS run them through http://virusscan.jotti.org/en or http://virscan.org/.

If you are using a ISO of an OS for Windows. Run it through ISO Verify. It's a free app directly from Microsoft. Avoid shady ISO's of an OS period.

You can also use sandboxie.

For the advanced, you have cloud computing and VMware to avoid this type of stuff.

You dudes and dudettes should be way more advanced than to get anything ganked from you I would think. Use your head.

 

[collegeboy69us]

I was playing last night fine -- after the patch today I logged back in and my level 53 Monk is stripped and naked.

Never had a problem before, havent signed up for any sites, clicked on any email, or installed any programs. my password is nothing you could find in a dictionary or phrase list. I find it funny RIGHT after the patch a HUUUUGE majority of people woke up to find their accounts stripped.

I wrote into support and put in a ticket to have my account rolled back. I have an authenticator as well.

I was happy to play and defend the game up until this point. I realize nothing is perfect but they shoved this "always on" DRM down our throats to prevent EXACTLY this.

Funny after 10 years my Diablo2 account has never been hacked. Something is wrong SERVER SIDE with this issue.

If they can't restore my character I'm requesting a refund, (which I know they will not do) I will be more than happy to do a chargeback via my credit card for a product that does not work as intended.

Yes - I'm going to be one of "those" guys. I spend 60 without hesitation thinking it was going to be an awesome experience. It wasn't perfect, and it wasn't worth 60 dollars but I soldiered on and enjoyed myself. The fact they have these problems with a system designed from the beginning to be secure tells me its simply BROKEN.

If I buy a ladder from walmart and it works for 2 weeks and then breaks because of a weakness in the bolts, I'm taking it back and getting my money back. If Blizzard wants to fight me for that 60 I'm more than ready.

It's amazing how quickly you have have someone who supported the game, the DRM, the implementation, the changes, and every thing else... can quickly change their tune to be one of the guys telling anyone and everyone to not buy it.

 

[tickle_me_emo]

Has anyone found this magical key logger that Blizzard claims everyone has? What malicious site is tricking people into downloading this trojan?

It seems like we would have found the source of this malware by now if all these high tech gamers getting hacked?

It's probably not malware, it's probably Blizzards shitty code that's is letting these hackers bypass the authentication on their servers.

 

[fattypants]

Has anyone found this magical key logger that Blizzard claims everyone has? What malicious site is tricking people into downloading this trojan?

It seems like we would have found the source of this malware by now if all these high tech gamers getting hacked?

It's probably not malware, it's probably Blizzards shitty code that's is letting these hackers bypass the authentication on their servers.

Obviously the correct answer is that they're all liars who downloaded "DIABLO.4.REAL.ISO.SKIDWOR.EXE (319kb)" from Kazaa and they give their passwords out to anyone just for the asking and Blizzard has done nothing wrong.

Didn't you see that Blizzard confirmed that their security was perfect a few days back?

 

[Trimlock]

Has anyone found this magical key logger that Blizzard claims everyone has? What malicious site is tricking people into downloading this trojan?

It seems like we would have found the source of this malware by now if all these high tech gamers getting hacked?

It's probably not malware, it's probably Blizzards shitty code that's is letting these hackers bypass the authentication on their servers.

I was confirmed that everyone who plays diablo has a computer thats so compromised it would even be able to bypass the authenticator app. Yup everyone elses fault, not blizzard.

 

[TheMadHatterXxX]

Obviously the correct answer is that they're all liars who downloaded "DIABLO.4.REAL.ISO.SKIDWOR.EXE (319kb)" from Kazaa and they give their passwords out to anyone just for the asking and Blizzard has done nothing wrong.

Didn't you see that Blizzard confirmed that their security was perfect a few days back?

Ok, actual laughter here on that one.

Btw its "SKIDROW" not SKIDWOR

 

[Nasty_Savage]

I found the Beta boring. I got D3 for free for re-upping WoW so I can't really complain. Haven't logged into it in a few days, but even if it got hacked with authenticator I wouldn't care that much. If they were willing to give it away for nothing just by commiting to a one year WoW sub, that right there told me it was nothing to write home about. I get a few giggles from it but its kind of boring.

 

[tory]

Dont know about anyone else but I believe its Data loss not "Hax".

 

[Troub]

Dont know about anyone else but I believe its Data loss not "Hax".

Last night after the patch I went straight to the AH and it showed I have nothing in storage or in my character inventory and went to resume my game and yes everything was all there, it’s like the item data base needed to restore itself.

 

[Bdonedge]

I found the Beta boring. I got D3 for free for re-upping WoW so I can't really complain. Haven't logged into it in a few days, but even if it got hacked with authenticator I wouldn't care that much. If they were willing to give it away for nothing just by commiting to a one year WoW sub, that right there told me it was nothing to write home about. I get a few giggles from it but its kind of boring.

They are giving Diablo 3 away for free for subbing to WoW for a year? I don't know why but I didn't expect them to do something like that. WoW must be hurtin'..

 

[ssnyder28]

Wow, guess I'll hold off on getting D3 for a while.

 

[Trimlock]

They are giving Diablo 3 away for free for subbing to WoW for a year? I don't know why but I didn't expect them to do something like that. WoW must be hurtin'..

Double whammy honestly. More subscribers to wow and then you get more possible customers to the RMAH.

 

[Godmachine]

They are giving Diablo 3 away for free for subbing to WoW for a year? I don't know why but I didn't expect them to do something like that. WoW must be hurtin'..

10.6 Million active subscribers at last official confirmation. I wouldn't call that "hurting" at all.


Its an incentive to sub for a year , more money up front for Blizzard and you are much more likely to play for that year since you paid to do so and if you are playing than you are more likely to spend money on other Blizzard goodies. Adding D3 as even more incentive is a pretty intelligent tactic. Won't thing I won't call Blizzard's marketing team , is dumb.

 

[collegeboy69us]

Well they responded to my ticket and despite me asking in the original ticket had to "re ask to confirm" i wanted my account rolled back.

Basically they are rolling me back 1 level from my previous one -- and had the balls to tell me that every account is "only allowed 2 rollbacks in their lifetime".

I realize their ticketing system is no place to bitch, but what happens if i get hacked a 3rd time? I have an authenticator in my account, my password is seperate from anything I have in my personal or business world. And my system is clean as the day it was built. I find it hilarious that according to Blizzzard everyone in the world has their PC hacked.

If that was the case my bank account should be empty, my credit card should be maxed, and countless other accounts I Have should be messed up. In every case they aren't.

I went from being a happy diablo3 player to just straight pissed. I missed 3 days of playtime (my only off days) thanks to this. I went from someone who would have no problem reccomending D3 for someone to a guy who would just shrug his shoulders and say "play at your own risk".

After all the work you put into a character and you wake up and its just flat gone after a patch gone wrong... makes you wonder why the hell you should keep playing.

 

[DarkSaturn]

Well they responded to my ticket and despite me asking in the original ticket had to "re ask to confirm" i wanted my account rolled back.

Basically they are rolling me back 1 level from my previous one -- and had the balls to tell me that every account is "only allowed 2 rollbacks in their lifetime".

I realize their ticketing system is no place to bitch, but what happens if i get hacked a 3rd time? I have an authenticator in my account, my password is seperate from anything I have in my personal or business world. And my system is clean as the day it was built. I find it hilarious that according to Blizzzard everyone in the world has their PC hacked.

If that was the case my bank account should be empty, my credit card should be maxed, and countless other accounts I Have should be messed up. In every case they aren't.

I went from being a happy diablo3 player to just straight pissed. I missed 3 days of playtime (my only off days) thanks to this. I went from someone who would have no problem reccomending D3 for someone to a guy who would just shrug his shoulders and say "play at your own risk".

After all the work you put into a character and you wake up and its just flat gone after a patch gone wrong... makes you wonder why the hell you should keep playing.

That sucks. I didn't even bother requesting a rollback, my character was only level 35 or so, and only my stash items and gold was taken. Figured I'd in the three days a rollback would take I'd find more gold/items then they would restore.

My situation sounds very much like what Troub describes, I discovered I'd been hacked upon going straight to my auction house after login and noticed the empty stash and no gold, but upon starting my character I didn't come back, and an unknown name showed up in my recently played list.

 

[Climber]

Get your refund then. You have 30 days from the time of purchase to collect your refund.

 

[SBSuperfly]

I just logged in to discover all my gear and gold gone. Fuck Blizzard and Diablo3

 

[EvanH]

I realize their ticketing system is no place to bitch, but what happens if i get hacked a 3rd time? I have an authenticator in my account, my password is seperate from anything I have in my personal or business world. And my system is clean as the day it was built. I find it hilarious that according to Blizzzard everyone in the world has their PC hacked.

Did you have the authenticator setup to require the code each time you log in prior to being hacked? If so, you may want to point that out to Blizzard, as they're still claiming there have been no instances of hacked accounts with authenticators...