diablo 3 accounts hacked

WildMonkey

Gawd
Joined
Nov 1, 2007
Messages
886
This is serious, it's not just some stupid game getting looted. It's a serious compromise of your password, and personal information. Although, you should never use the same password for multiple sites.

Are there any class action lawsuits brewing? Cause I'm pretty sure this is a server side issue, I seriously doubt that most of you were careless with your account information.
 

Orddie

2[H]4U
Joined
Dec 20, 2010
Messages
3,131
This is serious, it's not just some stupid game getting looted. It's a serious compromise of your password, and personal information. Although, you should never use the same password for multiple sites.

Are there any class action lawsuits brewing? Cause I'm pretty sure this is a server side issue, I seriously doubt that most of you were careless with your account information.

no lawsuits brewing that i'm aware of. Besides this has been going on for years with accounts that do not have an authenticator.
 

-Sn1PeR-

2[H]4U
Joined
Dec 26, 2002
Messages
2,950
Do all of yall use authentication programs for your online banking, gmail, bills, etc.?
 

Orddie

2[H]4U
Joined
Dec 20, 2010
Messages
3,131
Do all of yall use authentication programs for your online banking, gmail, bills, etc.?

Nope. But my bank does not have 25% of the customer base battle.net / blizzard does. Also when battle.net accounts are getting hacked.. there have been reports that the gmail account was taken as well.

also to note... you hack my bank that's federally regulated your going to jail. You hack my blizzard account.. I piss and moan about it on a forum.

so.....?
 

leezard

Supreme [H]ardness
Joined
Aug 24, 2004
Messages
4,908
Also when battle.net accounts are getting hacked.. there have been reports that the gmail account was taken as well.

well yeah, if you use the same password for your bnet account and your email of course they are both going to get compromised.

Use a different password for everything. dont be lazy. If you have a hard time remembering passwords use keypass
 

WildMonkey

Gawd
Joined
Nov 1, 2007
Messages
886
I'm just amazed how lax the security is for Blizzard, when several publications (some not even from the gaming community!) blast you for your lack of server side security and their response is basically "screw you, it's your fault, give us moar monies!" something is seriously wrong with their management.
 

Orddie

2[H]4U
Joined
Dec 20, 2010
Messages
3,131
I'm just amazed how lax the security is for Blizzard, when several publications (some not even from the gaming community!) blast you for your lack of server side security and their response is basically "screw you, it's your fault, give us moar monies!" something is seriously wrong with their management.

huh? What's the difference between blizzard security and your banks that requires username and password auth? Or Steam's password auth.. Again username and password combo.

Blizzard is going the step further and providing additional optional security options. About the only thing they could do differently here is make the optional security, required security.
 

zoobaby

Supreme [H]ardness
Joined
Jun 7, 2004
Messages
6,179
ROFL!

Supposedly this guy claims he followed all proper procedures with using the appropriate authenticator and still got hacked:

So what do Blizzard staff do? Well unlike previous examples where they were quick to correct people who made similar claims and made sure to tell everyone that the compromised account didn't have the correct authenticator or it wasn't active at the time of the compromise or some other excuse, they lock the thread and sweep it under the rug since they probably can't deny the truth behind this claim.

http://us.battle.net/d3/en/forum/topic/5589541172

You didn't post the best part:
Blizzard Blue said:
Locking thread as it's not really a Technical Support issue that can be addressed in this forum. Please check the following post over on the Diablo III General Discussion forum:

...I installed it after the first time my account was hacked. So I typed wrong and will not change it as that would only cause more problems with these trolls.
Read it carefully. He was hacked once, then added the mobile authenticator (not sure if iPhone or Android), then got hacked again.
 

Orddie

2[H]4U
Joined
Dec 20, 2010
Messages
3,131
You didn't post the best part:



Read it carefully. He was hacked once, then added the mobile authenticator (not sure if iPhone or Android), then got hacked again.

Blah.. This guy (the guy on the blizzard forum) toots his own horn to say he is certified in security. Just blah...

Certifications mean nothing. You can be certified in security and still be compromised. The US government has security professionals working for them and there still hacked. There is no evidence to say blizzard does not have staff on site with the same certifications as him.

If i was blizzard I would invite this guy in and have there own security team review his setup and make suggestions on his shit. I really dislike his superior attitude.
 

Kerkain

Limp Gawd
Joined
May 3, 2011
Messages
140
Can you guys clear this up for me. If Blizzard is saying that the authenticator is the end all to the hacks, why isn't it preinstalled with the game in some way?

Lets say if I wasn't part of these forums. If I were to go out and buy the game right now and install it I wouldn't know to download an authenticator first. I would just play the second it was installed. Until I were to potentially get hacked. Then be blasted for not having an authenticator. How would I have or possibly known to use one to begin with?

I certainly don't have one for SC2. Or D1/D2.

Does a warning come up and say it'd be a good idea to have one and Blizzard can't be held responsible if you don't have one and the account is compromised?

Don't be that guy and bash me for posting in a thread that deals in a game I dont have. I wanted to buy D3 day one but didn't due to the always online stuff. My internet would have a hissy fit.
 

Orddie

2[H]4U
Joined
Dec 20, 2010
Messages
3,131
Can you guys clear this up for me. If Blizzard is saying that the authenticator is the end all to the hacks, why isn't it preinstalled with the game in some way?

Lets say if I wasn't part of these forums. If I were to go out and buy the game right now and install it I wouldn't know to download an authenticator first. I would just play the second it was installed. Until I were to potentially get hacked. Then be blasted for not having an authenticator. How would I have or possibly known to use one to begin with?

I certainly don't have one for SC2. Or D1/D2.

Does a warning come up and say it'd be a good idea to have one and Blizzard can't be held responsible if you don't have one and the account is compromised?

Don't be that guy and bash me for posting in a thread that deals in a game I dont have. I wanted to buy D3 day one but didn't due to the always online stuff. My internet would have a hissy fit.

It's blizzard stand point that if the end user does not partake in what they consider to be risky internet usage, that the account will not get hacked. With that line of thinking is my understanding what they are not forcing it upon there users.

I just said nuts to this after our GM got hacked and got an authenticator on my account.

So to answer your questions directly.. There is no warning or box to alert the users of the alternate security features available.
 
Last edited:

Draxanoth

Gawd
Joined
Aug 30, 2011
Messages
567
huh? What's the difference between blizzard security and your banks that requires username and password auth? Or Steam's password auth.. Again username and password combo.

Blizzard is going the step further and providing additional optional security options. About the only thing they could do differently here is make the optional security, required security.

You just said why the authenticators are making people angry. It's really not a second layer of security, Blizzard is trying to plug a security hole with them.

Anyone who takes the time to read the information gathering threads knows this is not a simple phishing scenario. If I had that many people telling me someone is stealing their stuff off one of my servers, especially with such a limited access pattern, I'd be red flagging everybody to get in here and figure out what's going on.

Authenticators are just getting all the hate because Blizzard has a horrendous PR stance, not because a secondary security layer is a bad idea in general.
 

WildMonkey

Gawd
Joined
Nov 1, 2007
Messages
886
This guy from Forbes got hacked with a fresh account, this is not a phising problem. This is obviously a server side problem, as it stands now I can safely say that Blizzard servers are NOT secure in any way, he even suggests that there is some kind of script running server side that is doing all of this, who knows, but definitely not user side. Be careful what you do there.

http://www.forbes.com/sites/insertcoin/2012/05/30/the-horror-of-being-hacked-in-diablo-3/
 

gregnash

2[H]4U
Joined
Jun 8, 2005
Messages
2,164
Something interesting happened last night.. I have recently heard about LittleSnitch and decided I would give it a try and see what it was all about (see where my traffic is going).

While playing last night I was watching the traffic logger and saw that D3 constantly shows the same direct IP address for the game. I am not a security professional by any means but wondering if that could easily be gathered by these guys jumping into public arenas and grabbing IPs to attempt hacks.

Just a thought?!
 

Nytegard

2[H]4U
Joined
Jan 8, 2004
Messages
3,432
The Forbes article actually brought up an interesting idea. What if you were actually limited in how many items you could transfer to another player?

The main problem with this would be preventing the selling of every item and then just transferring the gold. (Obviously this would not make the thief as much gold, but still would cause just as much grief). You could flag an account fairly easily which did this, but not sure what to do after that. That would require investigation (for both people trying to scam another player or scam blizzard), which would probably be more work than Blizzard would want. But at least you could mitigate the damage done.
 

Tempest_Prime

I choke on balls regularly
Joined
Jul 7, 2005
Messages
376
You guys know the dude isn't "From Forbes" - he's just a guy who wrote an article that Forbes is using to drive clickity clicks. The fact that his blurb is on Forbes doesn't necessarily lend him any credibility.

Who's to say that the guy didn't use the "fluffykins1234" password he's used on countless other accounts and the so-called 'hackers' aren't just trolling up and down bnet accounts with a password list they nabbed off of pastebin? Sure, we all love to hate the big guy, but I can't help but think the people factor is more involved than folks are willing to admit.
 

Bdonedge

Gawd
Joined
Jun 10, 2010
Messages
969
I can't believe people are still playing this game/haven't returned it. Aside from the "hacks" (I think its more serverside error than anything), the game is full of bugs, server issues, isn't even finished yet (See PVP) and has a rigged drop rate. Get your refund while the gettin' is gettin'
 

collegeboy69us

Supreme [H]ardness
Joined
Jul 27, 2003
Messages
5,256
I think it's funny -- in the era of 64bit computing, IPv6, massive server farms, encrypted communications why we have this crap going on.

I'm convinced it's server side based on the things I've seen. Do I know for sure? Not unless you give me unrestricted access to blizzards racks. (and an unlimited supply of hot pockets)

One thing I'm surprised never got put into develpoment is unique item ID's for every item in the game. You obviously can have certain items that are bound to your account. (those freaky mushrooms and bone fragments - of which I still don't know what to do with)

But think about it - if that super awesome rare staff you picked up on a loot run has a unique item ID, it would be incredibly easy to find out who took it, who sold it, etc etc. I'm not sure how much storage it would take to keep a transaction history of items when done player to player transfers... but it's not unreasonable.

This method alone would make it easy to roll back a hacked account, gather a list of all the unique item IDs and run a query to see where they are in the world at that time. A pattern would emerge VERY quickly as to who's doing the stealing.
 

collegeboy69us

Supreme [H]ardness
Joined
Jul 27, 2003
Messages
5,256
I can't believe people are still playing this game/haven't returned it. Aside from the "hacks" (I think its more serverside error than anything), the game is full of bugs, server issues, isn't even finished yet (See PVP) and has a rigged drop rate. Get your refund while the gettin' is gettin'

I was 50/50 on getting a refund - but the more I think about it, the more I'm tempted. Did you already go through the refund process? Were they smooth or combative on giving your your 60 dollars back?

I just had my account rolled back after a hack yesterday and have lost almost all excitement for playing. I could use that 60 dollars and buy the upcoming BF3 map pack with some cash left over for beer :)
 
Joined
Sep 7, 2004
Messages
2,959
I was 50/50 on getting a refund - but the more I think about it, the more I'm tempted. Did you already go through the refund process? Were they smooth or combative on giving your your 60 dollars back?

I just had my account rolled back after a hack yesterday and have lost almost all excitement for playing. I could use that 60 dollars and buy the upcoming BF3 map pack with some cash left over for beer :)

I got mine done tuesday, have yet to see the money back however...they are pretty smooth after their initial jibber jabber offer about getting an authenticator.

Gonna use the money to buy Max Payne 3 :)
 

wiseoracle

2[H]4U
Joined
Aug 22, 2002
Messages
2,305
Can you guys clear this up for me. If Blizzard is saying that the authenticator is the end all to the hacks, why isn't it preinstalled with the game in some way?

Blizzard has never admitted that this would end all hacks. They say it would "help" protect your account.



In the end, while no security method is 100% foolproof, the physical Battle.net Authenticator and Battle.net Mobile Authenticator app are great ways to provide your account with an extra layer of protection.
 
Joined
Sep 7, 2004
Messages
2,959
http://www.forbes.com/sites/insertcoin/2012/05/31/for-diablo-3-hacking-the-buck-stops-where/

According to most, I was wrong. I can’t even repeat some of the names I’ve been called for daring to suggest that perhaps Blizzard needs to look at some of their security practices based on how easy it is to get hacked. The idea that the hacking was anyone’s fault but mine, my friend’s or the thousands of others who have been compromised is unheard of, and it’s “disgraceful” for Forbes to run a piece suggesting otherwise.

lawl... Blizzard fanboys are out of control.
 

zoobaby

Supreme [H]ardness
Joined
Jun 7, 2004
Messages
6,179
Blah.. This guy (the guy on the blizzard forum) toots his own horn to say he is certified in security. Just blah...

Certifications mean nothing. You can be certified in security and still be compromised. The US government has security professionals working for them and there still hacked. There is no evidence to say blizzard does not have staff on site with the same certifications as him.

If i was blizzard I would invite this guy in and have there own security team review his setup and make suggestions on his shit. I really dislike his superior attitude.

By your own logic Blizzard isn't secure and could itself be hacked. Yet still choose to go after the end user... :rolleyes:

You just said why the authenticators are making people angry. It's really not a second layer of security, Blizzard is trying to plug a security hole with them.

*snip*

Authenticators are just getting all the hate because Blizzard has a horrendous PR stance, not because a secondary security layer is a bad idea in general.

QFT on the bolded parts...

Blizzard has never admitted that this would end all hacks. They say it would "help" protect your account.
QFT....yet we have people here that refuse to acknowledge that someone using an authenticator could be hacked.

Blizzard has an issue whether real or perceived, it is a PR nightmare.

/Enjoys D3
//Enjoyed WoW
///Still thinks Blizzard doesn't know WTF is going on with the hacking
 

Climber

Supreme [H]ardness
Joined
Jul 27, 2007
Messages
5,283
You didn't post the best part:



Read it carefully. He was hacked once, then added the mobile authenticator (not sure if iPhone or Android), then got hacked again.

I did read it carefully. He changes his story 3 seperate times. Im flat out saying it, the guy is a liar.

I find it humorous how fast people are willing to jump all over Blizzard and just randomly accept some anonomous internet user's word, especially when so many are caught lying about their story. Do I think Blizzard is 100% hack proof, no; however, Im more inclined to believe them then random internet users who think typing in all caps is cool or change their stories every time they post.
 
Joined
Sep 7, 2004
Messages
2,959
I did read it carefully. He changes his story 3 seperate times. Im flat out saying it, the guy is a liar.

I find it humorous how fast people are willing to jump all over Blizzard and just randomly accept some anonomous internet user's word, especially when so many are caught lying about their story. Do I think Blizzard is 100% hack proof, no; however, Im more inclined to believe them then random internet users who think typing in all caps is cool or change their stories every time they post.

If he was a liar, then Blizzard would've responded to it like they did to the others that claimed they had an authenticator. But this one was just dismissed and locked without a response from Blizzard. Does that not seem strange, given how quick Blizzard was at invalidating other's with similar claims?
 

robble

Supreme [H]ardness
Joined
Jun 6, 2004
Messages
6,488
Im flat out saying it, the guy is a liar.

I've read three very credible accounts of people with real authenticators - not the SMS or dial in - getting hacked.

Then people like you just say "they are lying" because you refuse to believe there could be a problem on blizzards end.

Hell, I saw a video (he used his cell phone to video it) where a guy was in a public game and with his hands completely off the mouse and keyboard (you could see the mouse being stationary onscreen) his inventory/stah opens up and his items start disappearing one at a time. perhaps the video was a fake but it opens up a whole new can of worms if it isn't.

several people said:
If there was a breach BY LAW they have to tell us

really? just how well has that law worked with sony? Major credit card companies? sure they eventually told us but how long afterwards?

If there is a breach they are going to try like hell to fix the problem without anyone knowing about it.
 

Dallows

Supreme [H]ardness
Joined
Jun 18, 2004
Messages
6,816
Hell, I saw a video (he used his cell phone to video it) where a guy was in a public game and with his hands completely off the mouse and keyboard (you could see the mouse being stationary onscreen) his inventory/stah opens up and his items start disappearing one at a time. perhaps the video was a fake but it opens up a whole new can of worms if it isn't.

Link to video?
 
Joined
Sep 7, 2004
Messages
2,959
really? just how well has that law worked with sony? Major credit card companies? sure they eventually told us but how long afterwards?

If there is a breach they are going to try like hell to fix the problem without anyone knowing about it.

People don't seem to understand this. They think that just because Blizzard has not admitted to anything, that it's not Blizzard's fault . The Sony thing wasn't disclosed until a few months later..and wasn't there a few other cases like that also?

It's common sense that if Blizzard is compromised, they won't necessarily put a statement out saying that, until everything is "under control"-what that even means at this point I don't know, and that's if they're going to say anything at all.

That would be like leaving your front door open 24/7 and posting signs all over your neighborhood telling everyone that.

The law doesn't mean anything until their offices are raided and someone finds evidence that they knew they were compromised but failed to disclose it.
 

jester1176

[H]ard|Gawd
Joined
Sep 26, 2002
Messages
1,553
This is serious, it's not just some stupid game getting looted. It's a serious compromise of your password, and personal information. Although, you should never use the same password for multiple sites.

Are there any class action lawsuits brewing? Cause I'm pretty sure this is a server side issue, I seriously doubt that most of you were careless with your account information.

Stop the freaking insanity.

http://wow.joystiq.com/2012/06/01/you-cannot-get-hacked-by-playing-public-games-in-diablo-3/
 

shansoft

Supreme [H]ardness
Joined
Oct 20, 2008
Messages
5,076

Please explain a computer that have not turn on for 3 month, and have only access facebook, nothing else... still manage to get strip.
There are no other computer on the same network but iPad...

I find that "session hijack" is bullshit none sense, but there MUST be a glitch somewhere which allow all this hack to happen.
Especially when a game just got launch, there is no way such amount of people getting keylogged at this rapid rates.

This is sort of reminds me of how blizzard fixed the dupe method in Diablo 2, but very limited people still manage to dupe for some reason....
 

jester1176

[H]ard|Gawd
Joined
Sep 26, 2002
Messages
1,553
I've played so many freaking hours of D3 it's disgusting. I've logged over 176 hours on the game since its release. Yes. I play a lot.

I have also played World of Warcraft since its launch. I have every expansion pack and have raided top-end content.

0I have Starcraft II and have beat the single player campaign while also achieving Gold level (ho hum) in 1v1 matches.

I have been online so much on battle.net, you'd think I'd get hacked. Hell, my name is out there enough. I post on their forums, I share screenshots with my character names on public forums...

But no. I haven't. Because I have an alpha-numeric password and an authenticator. And so does my wife who plays WoW and she's never got hacked. Her mom, who is our guild leader? Also has an authenticator and has never been hacked.

We have had people in our guild get their accounts hacked and lose all their stuff. Multiple of them. Know what they all had in common? No authenticator.

So you know what's new with Diablo? People who are new to system. Who aren't aware of how aggressive these people are and are new to the concept of a password just not being enough any more. Get the app. Get a keychain. Whatever. Stop assuming that your password is good enough.
 

shansoft

Supreme [H]ardness
Joined
Oct 20, 2008
Messages
5,076
I've played so many freaking hours of D3 it's disgusting. I've logged over 176 hours on the game since its release. Yes. I play a lot.

I have also played World of Warcraft since its launch. I have every expansion pack and have raided top-end content.

0I have Starcraft II and have beat the single player campaign while also achieving Gold level (ho hum) in 1v1 matches.

I have been online so much on battle.net, you'd think I'd get hacked. Hell, my name is out there enough. I post on their forums, I share screenshots with my character names on public forums...

But no. I haven't. Because I have an alpha-numeric password and an authenticator. And so does my wife who plays WoW and she's never got hacked. Her mom, who is our guild leader? Also has an authenticator and has never been hacked.

We have had people in our guild get their accounts hacked and lose all their stuff. Multiple of them. Know what they all had in common? No authenticator.

So you know what's new with Diablo? People who are new to system. Who aren't aware of how aggressive these people are and are new to the concept of a password just not being enough any more. Get the app. Get a keychain. Whatever. Stop assuming that your password is good enough.


If you still like to defend for Blizzard, please explain all these anomalies we been talking, instead of going off and point finger.

Seriously, instead of telling other people to get authenticator please tell us HOW does it happen. And please don't give me "keylogger" bullshit..

On the Asia Battle.net forum already been reported people who have authenticator been hacked, and was confirmed by their customer support.
It was posted somewhere in US battle.net forum, and the funny part is the Mods are totally silent about that thread and let it disappeared without a word.
 

jester1176

[H]ard|Gawd
Joined
Sep 26, 2002
Messages
1,553
If you were the type to be able to hack into an autheticator system that many companies use to secure their networks (mine uses one to secure our remote access), wouldn't you target something bigger than just a game? And even if you DID get your jollies off of fucking with people's Dibalo accounts, wouldn't you do it on a MUCH larger scale? They have MILLIONS of people with this game in their hands!

Yah, I'm speculating, but so are you. See how silly it is?
 

shansoft

Supreme [H]ardness
Joined
Oct 20, 2008
Messages
5,076
If you were the type to be able to hack into an autheticator system that many companies use to secure their networks (mine uses one to secure our remote access), wouldn't you target something bigger than just a game? And even if you DID get your jollies off of fucking with people's Dibalo accounts, wouldn't you do it on a MUCH larger scale? They have MILLIONS of people with this game in their hands!

Yah, I'm speculating, but so are you. See how silly it is?


Why does hacking Diablo 3 have to be involve with authenticator system ?

You clearly did not read any posts that have been discuss in this thread.

Speculation? I am just stating the facts that CANNOT BE EXPLAIN by any of the blizzard defend force.
 

jester1176

[H]ard|Gawd
Joined
Sep 26, 2002
Messages
1,553
Why does hacking Diablo 3 have to be involve with authenticator system ?

Because if you're not using an authenticator, you're being silly in thinking your account is secure. That's why. Email address + a password that's not case-sensitive with no backup is just asking to get hacked.

Blizzard did its customers a disservice by not posting something like this before the game was released:

http://us.battle.net/d3/en/blog/6020037
 

shansoft

Supreme [H]ardness
Joined
Oct 20, 2008
Messages
5,076
Because if you're not using an authenticator, you're being silly in thinking your account is secure. That's why. Email address + a password that's not case-sensitive with no backup is just asking to get hacked.

Blizzard did its customers a disservice by not posting something like this before the game was released:

http://us.battle.net/d3/en/blog/6020037

You still not answer any of my questions or explains the facts that I and other have stated.

Because we have no authenticator means we are silly?
Woohoo right there....

Does paypal or other online banking have such thing to protect your account?
What is the ratio of your banking account gets hacked?

Just because we don't use authenticator doesn't mean its OUR FAULT for account gets stripped. From such amount of cases, it simply emphasize that this is something more than just keylogging, more like game exploit in some way.

If you are not bothering to explain any of the anomalies that people stated in this thread, then I guess there is nothing more to discuss further from you.
 

jester1176

[H]ard|Gawd
Joined
Sep 26, 2002
Messages
1,553
Honestly, at this point, if you're still playing Diablo 3 and not using an authenticator...you are being silly.

Paypal requires you to, at the very least, have a case-sensitive password.

Blizzard, to your detriment, does not.
 

shansoft

Supreme [H]ardness
Joined
Oct 20, 2008
Messages
5,076
Honestly, at this point, if you're still playing Diablo 3 and not using an authenticator...you are being silly.

Paypal requires you to, at the very least, have a case-sensitive password.

Blizzard, to your detriment, does not.

Ok, I ain't going to discuss further now...
It's pointless.....

You simply ignore every facts that have been stated so far and say the same thing over an over again to put blizzard at the innocent spot.
 

jester1176

[H]ard|Gawd
Joined
Sep 26, 2002
Messages
1,553
Sweet. Then I can have the last word -

Get an authenticator. Stop visiting questionable sites. The numbers seem huge because they've sold millions of copies.

Stop creating chaos.
 
Top