I don't think strength of password matters any in this situation. Mine was 1234Red$#@! which is a pretty strong password and I was hacked like like a bitch. So I say fuck strong passwords and picked something simple as it obviously matters little.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
diablo 3 accounts hacked
- Thread starter Oomps
- Start date
I don't think strength of password matters any in this situation. Mine was 1234Red$#@! which is a pretty strong password and I was hacked like like a bitch. So I say fuck strong passwords and picked something simple as it obviously matters little.
Astral Abyss
2[H]4U
- Joined
- Jun 15, 2004
- Messages
- 3,074
It really doesn't anymore. No one uses brute force methods for gaining passwords these days, they just steal the info outright. Your only hope is keeping them from it entirely.
DeathPrincess
Fully [H]
- Joined
- May 15, 2010
- Messages
- 18,205
It makes no sense that so many accounts are bypassed when on earlier games using the exact same level of entry security it didn't happen. The only difference between the occasions is the game. Earlier games had the junky authenticator and the same password security. If that was the point of attack, then why didn't this happen with SC2/WoW?
/Conspiracy theory
Waiit a second! They make money off selling the junky authenticators. If everyone gets panicked and believes that some security magic bullet will save them, it's good for Blizzard financially.
/conspiracy theory.
It kind of makes sense... They have the means. Maybe theres a few bad admins in there? But is just silly.
the mobile app is a free download. It's better to get the physical unit though. In the event you reformat your iPhone with a good backup you will find yourself calling into customer service and asking them to remove the old app authenticator and add the new one.
it happened in every version of WoW they made.
DeathPrincess
Fully [H]
- Joined
- May 15, 2010
- Messages
- 18,205
You have to have a shitty iphone? What kind of crap is that?
Not to this level. If a system has this level of intrusions, then it is broken, and they need to do something. Well, something othwer than blame their customers.
AMD T-type
Supreme [H]ardness
- Joined
- Aug 26, 2002
- Messages
- 4,590
From what I saw you just select "restore" from the app's menu and put in your key and restore code that was first given to you when you installed it.
Seems pretty simple to me
It's on both the App store and Google PlayYou have to have a shitty iphone? What kind of crap is that?
If that was true, why vendor the fancy gems, and leave the mid level ones? You'd really need to see the before and after to understand why I'm puzzled, it literally looks like only the items I added/moved/modified in the last hour or so I played are the ones that are gone.
There's also no recently played with on my list I don't recognize. Nor new friends. Nor blocked people who tried to get rid of their recently played entry. How is that possible if we had to be in the same game together to transfer gold?
I agree it seems more likely that someone's stuff was compromised through traditional means, but this whole scenario reminds me of when Battlenet v1 was infecting people with that virus umpteen years ago.
Not to this level. If a system has this level of intrusions, then it is broken, and they need to do something. Well, something othwer than blame their customers.
I would honestly say that WoW is worse and has more hacked accounts than D3 by a very large amount and percentage. Its been going longer and has more subs so it would go to figure as well, plus they have had an extensive amount of time to master the way they get the information for the WoW accounts as well.
Astral Abyss
2[H]4U
- Joined
- Jun 15, 2004
- Messages
- 3,074
You'd be surprised the things these folks do. I've seen people go to log into their account after a few months of not playing WoW and an authenticator was added to it by the hacker. They get the account unlocked and the authenticator removed only to find out that 20000 gold has been moved into their account and the hacker was using them as a mule and farm bot. They'll dump items they don't want or move them to another account. There's no rhyme or reason to what they do to your account. Looking too far into it is probably not valuable or going to net any insight. You could be used as a mule, farm bot, dummy account, grab and run, or a combo. You could be hacked by one person, traded to another for AH trading and muling, then traded to another for bot farming until your account gets banned for cheating. I've played WoW for about 7 years now. I've seen it all.
The amount of time, effort, and experience that has gone into learning to hack WoW, and by its battle.net association, Diablo 3, is staggering. Gold selling is a huge business. It's going to be just as big, if not bigger, in Diablo 3, made even worse becuase there's now going to be actual hard currency involved in the hacking. It's not just virtual gold anymore.
Yeah, I remember watching some TV show several years ago that had a segment on gold sellers. They were showing how they would have teams of people playing the game and teams of people stealing others info, just to make currency in WoW and then sell that currency. The one guy that was being interviewed behind the blurred image was saying he makes more than a million a year after paying his workers...
There ALWAYS been a real money auction house for diablo. Only D3 built it into the game. At least this way they can track down cases of hacking and reverse any real money transactions.
no, only extremely valuable stuff will go to RMAH
people should also only plan on selling in RMAH if they think they will also want to buy RMAH level stuff although I'm guessing it will be possible to convert RM to gold
imo, RMAH is going to be for PvPers that want to pay to win or for PvE players that absolutely love Inferno and are willing to spend RM on gear to try to get to the point of farming Inferno comfortably (if that is even possible)
cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,152
In APB the RMAH was for casual players that didn't feel like grinding the levels for a new gun or doing the missions to unlock it. The hardcore players never bought a thing off it. They just listed their old items for sale when they got a new shiny version.
I sold cars on the RMAH and bought my guns as I didn't want to play 24/7, but didn't want to be behind the top players at the same time.. It paid for my subscription to boot.
I sold cars on the RMAH and bought my guns as I didn't want to play 24/7, but didn't want to be behind the top players at the same time.. It paid for my subscription to boot.
ITSTHINKING
[H]ard|Gawd
- Joined
- Mar 1, 2006
- Messages
- 1,260
I agree pick something outlandish, that seems to be better than the LYjhsuydbrt5666##$$@jsajbs (you get the picture) type of password.
D
Deleted member 214115
Guest
I want a class action lawsuit if possible. I lost my gold and my stash gear, but not my characters and their equipment. But now, I cannot trust Blizzard, and I will never buy another Blizzard game.
I want my money back for purchasing Diablows 3, and deletion of my account! Seriously, I was hacked,never joined public games, strong password, etc. I am not compromised-IT IS BLIZZARD AND THEY NEED TO ANSWER FOR THIS BULLSHIT.
I want my money back for purchasing Diablows 3, and deletion of my account! Seriously, I was hacked,never joined public games, strong password, etc. I am not compromised-IT IS BLIZZARD AND THEY NEED TO ANSWER FOR THIS BULLSHIT.
I believe I read a statement a while back that they were going to allow listing gold on the RMAH.
I can't remember all the details they announced, but assuming there's no up-front listing fee I would put every possible item up for $ over gold.
Shantarr.Dalrae
[H]ard|Gawd
- Joined
- Mar 23, 2010
- Messages
- 1,074
I would be interested to know from those hacked if they, honestly, have ever used the registered battle.net e-mail address and password anywhere else on a network connected device or site in the past; to include incorrectly typing the battle.net password in an account login page tied to the same e-mail, elsewhere.
In 100% of the cases from those here locally that have been hacked, this is the case.
In 100% of the cases from those here locally that have been hacked, this is the case.
I have just read the first piece of evidence Blizzard is full of BS...
From http://www.gpforums.co.nz/showthread.php?s=&postid=8956153#post8956153
So basically, he got hacked. After this he used his first rollback to restore his account. He then changed his password and added an authenticator.
Then he got hacked again. Solid proof the authenticator is not working, and that it is unlikely they are keylogging.
In the same thread another guy who only plays Diablo 3 on a mac got hacked too.
From http://www.gpforums.co.nz/showthread.php?s=&postid=8956153#post8956153
So basically, he got hacked. After this he used his first rollback to restore his account. He then changed his password and added an authenticator.
Then he got hacked again. Solid proof the authenticator is not working, and that it is unlikely they are keylogging.
In the same thread another guy who only plays Diablo 3 on a mac got hacked too.
But that still doesn't explain getting around the auth.
Has anybody ever been hacked for the FIRST time while already having an authenticator that prompts for a code on every login? Every time I read something I see "I got hacked, then I added an authenticator and changed my password."
boredreflux
Limp Gawd
- Joined
- Aug 31, 2007
- Messages
- 140
No, he's saying he did but, forgive me for not believing anything anyone not from Blizzard posting about this is saying. There have been so so many lies being spit out about this issue. You read the official forums and everyone that has gotten hacked are "security/It professionals that have been in 'the biz' for 65 years and fingerblasted a giraffe once", the absolute retardation that comes out of their fingertips makes me wonder how they even know how to turn their computers on.
Now let's say he did add an auth, had to be a mobile one if it was that quick. How many other apps are installed, sure none are malicious, any unsupported diablo apps, ever log in to bnet from the phone? Roommates, kids? The only known way (so far) to get around an auth is a man in the middle attack, in which case congratulations you've got a trojan and I'm not talking about the condoms, that happens in real time. Most of the people doing this aren't going to bother going that way because it's so much easier to phish or poach the info. People have the "smarter than them" or "it can't/won't happen to me" mentality. Well, newsflash, they're not, it can and does.
Nope, no proof, just a "he said" on the internet, where people have no problem being dishonest. People want to pass the blame because they don't want to blame themselves. "Blizzard Entertainment" sent me this email yesterday (they're normally picked up as spam but this one wasn't), everything looks to be on the up and up until you look at the url that hitting the play now button would bring you to. I've also gotten the real and spoofed versions of D3 and WoW:MoP beta invite emails for the past few months, no idea if they would bring me to a spoofed battlenet page or try to drop a keylogger on me. Just because you got hacked today doesn't mean you did something to compromise yourself yesterday, or 3 days ago, or a week ago. It could've happened months ago and you don't remember or realize or thought it was insignificant at the time. The people who do this have no problem sitting on the info for awhile, tons of instances in WoW where accounts have been canceled/inactive for months then all of sudden are brought back to life to strip everything or be used as a bot. Shit happens, people make mistakes. I myself was guilty of using the same user/pass for all my game accounts, Steam, EA, WoW..............and PSN.
This right here is proof...........proof that you and them don't understand how phishing works. Listen, there very well may be an exploit/bug/whatever causing this to happen but until there's actual proof, not speculation, not "he said", I'm going to believe Blizzard on this that it's user error. My account, that's 7 years old (last 2 with a keyfob), has never been hacked. I bought the keyfob a couple years ago after a mass hack wave in WoW where people were screaming then that Blizz's security was compromised, and it turned out to be a vulnerability in Flash iirc. In D3 I've played in tons of public games, bought and sold handfuls of auctions, none of my gold or items have disappeared. I'm not an expert or anything but I will gladly apologize if I'm wrong.
My account was definitely hacked. All of my money was gone and some of my items from my stash were mysteriously missing yesterday morning.
I haven't played any public games or anything like that. I changed my password and got an authenticator just in case.
The only thing I have is DarkD3, so I am wondering maybe there is something embedded in one of the files in there? Not sure, but it COULD be the case.
I haven't played any public games or anything like that. I changed my password and got an authenticator just in case.
The only thing I have is DarkD3, so I am wondering maybe there is something embedded in one of the files in there? Not sure, but it COULD be the case.
You know, I really wonder why Blizzard doesn't add an "Authenticate PC" option. I'm not talking about tying the game down to a PC, but doing something similar that online banks do, which is send an email, allowing you to log on via a specific PC, and if not, email you that you're account has been comprismised. Of course, it should be optional (for all the paranoid people worried that Blizzard will use their knowledge you're running an i7 with a Geforce 690 to their advantage), but there are ways of even removing that information.
I'm using DarkD3, so is the GF, no issues. Never been hacked. I've always used an authenticator since they were available. I did have it off my account for a while after I STOPPED playing WoW, but once the D3 beta hit I got another on my phone.
Yep, 6 days in with a Battle.net account and I was hacked last night.
Blizzard locked it and sent me an email and i got it back this morning. Authenticator time!
Sorry, but why wouldn't you have just put an authenticator on in the first place?
leezard
Supreme [H]ardness
- Joined
- Aug 24, 2004
- Messages
- 4,949
I've been playing wow since the friends and family beta of vanilla, I've had an authenticator on my account ever since they were first available. I only have the starter edition of D3 but have put in quite a few hours ion both single player mode and public games.
I've seen a lot of friends and guildmates get hacked over the years but I havent been hacked myself.
If you take the time to read the German forum it does look like it's an exploit for the majority, not a phishing or keylogger deal. Not to say there aren't people falling for that, but in every response on the information gathering thread on the German and US forums there is one very obvious commonality between every response. No matter how many characters people have, 2 to 8, only the one they last played is attacked. So lvl 20's got raided when some people have 3 60's just sitting there untouched.
This coincides with what I said. Why would they only hijack my last played char when I have legendaries stashed on my other ones? It seems like the method they're using only allows access to that one character. I was lucky. Using mules instead of buying stash pages seems to have saved me a lot of pain. I mostly lost gold, which is easier to replace.
Blizzard refused to give me a roll back because there is "no evidence anyone but me accessed my account". If a 3rd party had accessed my account through real login measures there should be a record of it. Blizzard said there were 0 logins between when I logged off at night, and when I logged on again the next morning. They basically insinuated that I gave my stuff away before I logged off, and now I was trying to get rolled back to duplicate it.
One thing to remember is that even having your computer comprimised does not necessarily mean you will be hacked today, or even 3 years from today. The amount of people hacked is fairly insignificant.
As I've stated before, at this point in time I don't entirely believe the people stating they've been hacked and are entirely not at fault, nor do I believe Blizzard that they're not at all at fault. The truth is probably somewhere in between.
That being said, I haven't been hacked yet (and I do have the authenticator), but probably the fact that I only have 700 gold and no real good items probably helps my situation.
Outside of doing something entirely illegal, and publicly posting how to exploit the servers, if what it hypothesized is true, the only real way to force Blizzard to make a correction would probably be to have a live stream of your account being comprimised. And even then, who knows if Blizzard would respond.
Bosom
[H]ard|Gawd
- Joined
- Apr 23, 2003
- Messages
- 1,763
I can't read this whole thread, but there was a comment page 1 that says Blizzard is responsible for these.
I agree. My wife and I had quit world of warcraft, and when we did, the last thing I did was change the passwords to a a couple of long complicated alphanumeric phrases, from the relatively simple number+word passwords that they were.
Never logged in one with them, as we were done.. the changing of the PWs was partially to remove the temptation. We never logged in with these passwords. That means there was never any chance for them to be compromised.
Almost a year later... it was 10 months iirc, one of my IRL friends that we played with emailed me and asked if my wife was playing.. evidently her account had been logged in for a week or so straight, and not responding to whispers.
The compromising of that account had to come from someone at Blizzard with access to passwords. I don't think there would be any way someone would spend the time to bruteforce that password.... just for a wow account.
I agree. My wife and I had quit world of warcraft, and when we did, the last thing I did was change the passwords to a a couple of long complicated alphanumeric phrases, from the relatively simple number+word passwords that they were.
Never logged in one with them, as we were done.. the changing of the PWs was partially to remove the temptation. We never logged in with these passwords. That means there was never any chance for them to be compromised.
Almost a year later... it was 10 months iirc, one of my IRL friends that we played with emailed me and asked if my wife was playing.. evidently her account had been logged in for a week or so straight, and not responding to whispers.
The compromising of that account had to come from someone at Blizzard with access to passwords. I don't think there would be any way someone would spend the time to bruteforce that password.... just for a wow account.
Did you have new people on your 'recently played with' list?
Well, they could have also just gotten the registered email password and reset it that way and removed the email from blizzard so you didn't see it.
Dark Shade
[H]ard|Gawd
- Joined
- May 2, 2006
- Messages
- 1,872
If this is true then it would preclude any password brute-forcing attempts or MITM attacks, which would point the blame to Blizzard's access to accounts being compromised.
Astral Abyss
2[H]4U
- Joined
- Jun 15, 2004
- Messages
- 3,074
Classic denial.