diablo 3 accounts hacked

im sorry but i tend to lol @ people who post "I have a separate gaming rig that is used for NOTHing but gaming.

So let me ask you the following if I may and please do not take this as an attack.

When you installed windows.. How did you patch it? Did you install and update antivirus software before plugging it into your home network? If not.. then your computer was at risk.

When you updated your drivers on your freshly installed windows.. Was the computer patched to Microsoft latest patch level at the time? Was antivirus / malware protection installed and updated? Lastly did you surf directly on the computer or did you thumb drive the files over? If you surfed the net to download the files.. your computer was at risk

On any of the installed games you run on your separate rig.. Are you running only the game or do you have add on's/plugin's installed? If you do.. your computer is at risk

Bottom line.. No one knows how this happening. Nothing is hack proof. The second you connect your computer to a network it's at risk. Firewalls, antivirus, maleware protection software is hacked every minute of every day. There is not one single person who is at fault here. Stop blaming solely blizzard and open your mind up to the fact you had a part in it.

If you tend to LOL at this kind of post, then I really do hope you read the rest of this thread before making a post like this.

How hard is it to find a driver? www.nvidia.com? www.realtek.com.tw?
Windows Update?
Going on internet making your computer vulnerable? No shit Sherlock...

It sounds like you are making none sense there for a making excuses on Blizzard's part.


Let me recap the thread for you.
There are tons of people getting their hero strip, and the number is way too damn large even if the keylogger do exist for D3 or any computer vulnerability in questions.

Something is definitely off, and I am pretty sure this time is largely involved with Blizzard's role since I have ever seen massive account jack since games like Lineage 2, and its not even as bad as this.

If my account is really hacked by someone, I will be really surprised that the person line up all my CE exclusive items like I just created a new hero.
 
Something very similar to what we're seeing here happened on the Diablo 2 closed realms 8 or 9 years ago (or maybe it was a decade+ ago? Damn, I feel old...). I don't remember the exact specifics, but it involved creating a new account with the name of the character who you wanted to steal items from, or something along those lines. They eventually did a rollback on all the realms once the issue had been made public. I looked through the Internet archives of the Chaos Sanctuary/Arreat Summit site, but I couldn't find anything that mentioned it specifically (though there was a mention of missing items/characters back in January of '03, I recall that being a different issue).

The interwebs seems to have largely forgot about this issue, and I can't find any old news articles or anything mentioning it. Does anyone else remember this happening?
 
Last edited:
If you tend to LOL at this kind of post, then I really do hope you read the rest of this thread before making a post like this.

How hard is it to find a driver? www.nvidia.com? www.realtek.com.tw?
Windows Update?
Going on internet making your computer vulnerable? No shit Sherlock...
I feel as if you do not understand what im saying by my post. I took the person who posted "I have a separate rig for gaming" as "there is no way i could have gotten anything on the rig since all it does is game". I was merely sharing some insight why that thought process may not hold up to much.

It sounds like you are making none sense there for a making excuses on Blizzard's part.
Again.. Just trying to spout off a little what if. That is the point of forums. Also from what blizzard is telling us... there systems are showing users are getting hacked via someone entering a username and password combo. I can only assume they have logs to back that statement up.

Let me recap the thread for you.
There are tons of people getting their hero strip, and the number is way too damn large even if the keylogger do exist for D3 or any computer vulnerability in questions.

Something is definitely off, and I am pretty sure this time is largely involved with Blizzard's role since I have ever seen massive account jack since games like Lineage 2, and its not even as bad as this.
A simple google search will show you that world of warcraft accounts, eve, and rift accounts were all hacked in rather large numbers close to launch. Not sure how you missed that.
 
I feel as if you do not understand what im saying by my post. I took the person who posted "I have a separate rig for gaming" as "there is no way i could have gotten anything on the rig since all it does is game". I was merely sharing some insight why that thought process may not hold up to much.


Again.. Just trying to spout off a little what if. That is the point of forums. Also from what blizzard is telling us... there systems are showing users are getting hacked via someone entering a username and password combo. I can only assume they have logs to back that statement up.


A simple google search will show you that world of warcraft accounts, eve, and rift accounts were all hacked in rather large numbers close to launch. Not sure how you missed that.

I have play WoW and EVE at launched, hell there is NO WAY its like this...Plus, it happened weeks and months later...
I don't know where you pull that large numbers from, but based on the forum posts, this is far more crazy.
Heck, a person who only bought the game and have not access anything for the past 3 month (The computer wasn't even turned on), and still got their account strip, please explain that.

You are making a assumption that its player's fault to begin with, while Blizzard did not stated anything that its not their end for all these problems.
 
I sadly got compromised today on my account. Logged in after getting out of work to see all my gold, and good gear and gems gone on my guy. Sad to see this as I just made this bnet account for D3.
 
my friend got hacked last night...a couple legendary items...2.6m gold, etc.. Blizzard told him he could roll back his character but he only gets two times his account can roll back a toon. He said nope, and will continue to rebuild his character...kind of BS to me.
 
My buddy got hacked either today or yesterday, all items and gold stripped. He's only getting into nightmare so nothing stellar was taken. Still pretty annoying though.

The only person in his "recent players" tab was "yang". He's never played in public games either.
 
wtf? this is freaky. After reading this I changed my PW and did SMS verification, authenticator, and require everytime. Take that hackers! Although I am only a lvl 16 wizard just getting on Act 2 lol.
 
I did the same, but When they open today I'm going to call and request that Diablo 3 be removed from my account, a refund given, and the battle net account associated to my email address deleted. If this happened once it's a good rule of thumb that it will happen again.

Timeline:
Tuesday 9pm = I log out of the game and go to bed.
Wednesday 4:30pm = I get home from work and log on. Realize that all my gold and gear is missing.
Wednesday 4:35 = I open a ticket with Blizzard, change my password and add sms verification
Wednesday 11pm = I get an account password reset notification emailed to me.
Wednesday 11:30pm = Blizzard responds that I only get two rollbacks on my ticket. (Pissed because it was a copy paste responsec and took 7 hours?)
Thursday 5am = I get up to get ready for work, see the email, try to log in, and lo and behold my password is wrong.
Thursday 5:15am = add RSA token ad get ready to call for a refund. (This is not worth my time for this game nor do they deserve my money.)
 
I don't get how people are STILL getting hacked. I don't play Diablo III but have been following the news. It's been how many days since the news broke about the hacking/security issue and people are still playing without the "authenticator"...I don't feel bad for you. Take a damn hint or turn your computer off. I'm embarrassed for you.
 
Way too many people getting hacked on here for it to be something on the end users end. Normally i side with the company on these issues but so many people on here and a couple other forums I respect getting hacked. When all of the other reported mass hackings happened no one i knew ever got hacked, but all of my friends who play as well as a dozen or so online friends have all been hacked I've got to start doubting the veracity of Blizzard's PR.
 
You are making a assumption that its player's fault to begin with, while Blizzard did not stated anything that its not their end for all these problems.

well.. they kinda did.

Their official position is that it's all on the user's end:
http://us.battle.net/d3/en/forum/top...46?page=29#571

We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.
 
well.. they kinda did.

I do not remember when I was installing the game about any warnings from blizzard about using an authenticator. Hell, would've not known they had one had I not been in the diablo 3 forums perusing around. A lot of the casual gamers who do not spend time researching, chatting, eating, breathing the game may not have a clue that one of these is highly recommended or not.
 
I do not remember when I was installing the game about any warnings from blizzard about using an authenticator. Hell, would've not known they had one had I not been in the diablo 3 forums perusing around. A lot of the casual gamers who do not spend time researching, chatting, eating, breathing the game may not have a clue that one of these is highly recommended or not.

Agreed. Blizzard could do a lot more to make there users aware of the account security features available too them.
 
I don't get how people are STILL getting hacked. I don't play Diablo III but have been following the news. It's been how many days since the news broke about the hacking/security issue and people are still playing without the "authenticator"...I don't feel bad for you. Take a damn hint or turn your computer off. I'm embarrassed for you.

Not everyone lives online, some of us (obviously not you ) actually spend time doing things other than trolling forums. This is the first Blizzard game I have purchased in 10 years and there was no way to know that D3 would degenerate into either using the phone / key fob authenticator or losing all your gold / gear + character deleted days after release.
 
I got hacked sometime between midnight and 7 this morning. Never played a public game. I haven't so much as browsed the web since it came out, devoting pretty much all my computer time to playing. It doesn't seem likely they hijacked my password, and since it's always been a large set of random numbers and characters it should have been impossible to guess. (I changed it anyway out of paranoia.)

If they are exploiting some sort of session code to accomplish this though, how is the authenticator supposed to protect you? I enabled mine today, never used one before because it will prevent me from playing on my laptop away from home (no mobile phone), but how will it stop this sort of exploit if they aren't logging on as you to accomplish their theft?
 
I got hacked sometime between midnight and 7 this morning. Never played a public game. I haven't so much as browsed the web since it came out, devoting pretty much all my computer time to playing. It doesn't seem likely they hijacked my password, and since it's always been a large set of random numbers and characters it should have been impossible to guess. (I changed it anyway out of paranoia.)

If they are exploiting some sort of session code to accomplish this though, how is the authenticator supposed to protect you? I enabled mine today, never used one before because it will prevent me from playing on my laptop away from home (no mobile phone), but how will it stop this sort of exploit if they aren't logging on as you to accomplish their theft?

The thing that does not make sense to me on the theory of session stealing... I would assume you would need an active session to steal. As in your playing and suddenly get kicked off the game. Here it sounds like you were not playing for several hours and were hacked. Is anyone able to shine more light on the session stealing theory?
 
Blizzard screwed up big time with this. It's not just a few users its happening to and when it starts to happen to users here, you can tell something is totally wrong on their side.
 
The thing that does not make sense to me on the theory of session stealing... I would assume you would need an active session to steal. As in your playing and suddenly get kicked off the game. Here it sounds like you were not playing for several hours and were hacked. Is anyone able to shine more light on the session stealing theory?

That doesn't necessarily mean it happened hours after I logged off though. It's possible it happened 2 minutes afterward. I was just stating the fact I was offline for that time span.

I would usually say they must have grabbed my login credentials somehow, but when I look at what was taken it almost seems like the only items they were able to lift are the things I recently touched. So I rearranged my gem piles, got more gold, new offhand, added some smith tomes. Those are the only things that disappeared. My 80 jewelcrafting tomes are there, my horrifyingly expensive amulet and weapon. It's almost like all they could do is redirect my latest changes to one of their guys.
 
I am confused about this hacking spree. I mean majority of us here know their way around computers. Maybe not indepth programming kind but know how to keep our computers clean and secured, check it periodically and have complex passwords for whatever we use and understand its better to be slightly paranoid whenever being online.

Our important personal "merely" password protected email accounts for example are either never or rarely compromised to keyloggers/hackers, and yet now alarming number of people are suddenly losing their Blizzard accounts to hackers.

The math simply doesnt add up or there is something else I dont understand.
 
Last edited:
Blizzard screwed up big time with this. It's not just a few users its happening to and when it starts to happen to users here, you can tell something is totally wrong on their side.

I tend to agree with this, the community here is typically much more informed and knowledgeable than the average Joe. When Blizzard finally finds root cause of the hacks and admits some error on their side, it will be a PR nightmare for them.
 
i will admit that my password are not always secure. In fact i only use extra secure password when the system forces me too. I'm lazy and okay with admitting that. Just b/c I'm on this forum does not mean i clean my pc, run the best software to protect my pc, and use the strongest password. I'm also very sure I'm not the only user who is like this and on this forum.

frankly you would be very shocked what my password is for this very forum. it's all lower case, is only 7 chars long, is word based, and has letters only.
 
The session stealing is complete BS. If this was legit it would be all over the hacking sites/private sites. I have been apart of the d2 hacking community for over 10 years. Its BOGUS.
 
The session stealing is complete BS. If this was legit it would be all over the hacking sites/private sites. I have been apart of the d2 hacking community for over 10 years. Its BOGUS.

D2 didn't have an auction house. I find myself thinking this hacking problem may have more to do with that system than anything else. There's a reason you get dumped from your game to access it, and I'm wondering if it's because you're sort of joining a "public game" to enter the auction house.

Has anyone here been hacked on a day they DID NOT touch the auction house or play in a public game?
 
Well Blizzard has posted some more info regarding this subject:

http://us.battle.net/d3/en/forum/topic/5149181449?page=1#1

Battle.net®/Diablo III Security Concerns

Over the past couple of days, players have expressed concerns over the possibility of Battle.net® account compromises. First and foremost, we want to make it clear that the Battle.net and Diablo III servers have not been compromised. In addition, the number of Diablo III players who’ve contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we’ve investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player’s account, and we have yet to find any situation where a Diablo III player's account was accessed outside of “traditional” compromise methods (i.e. someone logging using an account's login email and password).

To that end, we’ve also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these “traditional” methods -- for example, by “session spoofing” a player’s identity after he or she joins a public game. Regarding this specific example, we’ve looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we’ve determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.

The best defense against account theft still includes smart password management (e.g. using a unique password for every site/service and keeping your password to yourself) and scanning for malware and viruses regularly, as well as following additional preventative steps found here. In the end, while no security method is 100% foolproof, the physical Battle.net Authenticator and Battle.net Mobile Authenticator app are great ways to provide your account with an extra layer of protection.

So they are not wavering from their current position that the account compromises are occurring using non-traditional methods.
 
I would go to my old hacking websites to see what the latest exploit is but they want you to give up a hack to enter the elite room and personally I stopped hanging around those websites as they stopped exciting me. And Kenjiwing the most deviious hacks are on the elite section of the forums where you have to be intimate with the guys to get access. There's no amount of money you can pay to get access to that part of the forum. You have to be a part of the "in" crowd to get access and a regular contributor. That's where this type of hack would be posted.
 
Nemesis that's the same thing that NCSoft told me when I posted that I was playing another guy's account in Aion. So I posted back so it's ok that I play other people's accounts since you say it can't happen right? Then a month or 2 later they came up with a fix to stop the server spoofing. Not saying Blizzard is suffering from the same thing. Just I know it can happen.
 
I am confused about this hacking spree. I mean majority of us here know their way around computers. Maybe not indepth programming kind but know how to keep our computers clean and secured, check it periodically and have complex passwords for whatever we use and understand its better to be slightly paranoid whenever being online.

Our important personal "merely" password protected email accounts for example are either never or rarely compromised to keyloggers/hackers, and yet now alarming number of people are suddenly losing their Blizzard accounts to hackers.

The math simply doesnt add up or there is something else I dont understand.

I think the issue here is that any game, no matter the publisher, that has as many subscribers or purchasers as Diablo 3/WoW, there is going to be rampant attempts at hacking into accounts, amoung other nefarious actions. Its just profitable right now for D3 for them to break into accounts, steal the gold and items, just to sell back to other players for money. They will go out of their way to find ways to get your log in and password. They don't care about your email or forum passwords because there isn't much money in it. In these games there are significant amount of cash to be made...

And I don't care how careful people think they are with their systems, without a third or fourth security blanket, its just not enough. Just get the authenticator and eliminate some of the fear/worry...
 
Not everyone lives online, some of us (obviously not you ) actually spend time doing things other than trolling forums. This is the first Blizzard game I have purchased in 10 years and there was no way to know that D3 would degenerate into either using the phone / key fob authenticator or losing all your gold / gear + character deleted days after release.

And how does tryin to insult me play into this conversation? If it really concerns you, I barely post on this forum, check out my user profile genius. 9.5 year member and I'm only a "limp gawd" title or whatever [H] dubs it.

Sorry if you think I'm "trolling", I thought I could share my view just like everyone else on this thread has.

Back to the conversation, my comment was for those who are just recently hacked, as in AFTER blizzard even made a statement regarding the issue and recommended using the authenticator. I agree with you, though. It's pretty sad that the game, without the authenticator, is such a security risk. Why not just make the authenticator a requirement if the game is so F'd without it?
 
In the end people are responsible for their own information..if you feel threatened download the authenticator. It's that simple..
 
i will admit that my password are not always secure. In fact i only use extra secure password when the system forces me too. I'm lazy and okay with admitting that. Just b/c I'm on this forum does not mean i clean my pc, run the best software to protect my pc, and use the strongest password. I'm also very sure I'm not the only user who is like this and on this forum.

frankly you would be very shocked what my password is for this very forum. it's all lower case, is only 7 chars long, is word based, and has letters only.

You're not, but by an large, members of this forum are more computer savvy and likely to have a better managed system than the average computer user, thus less likely to be hacked. (Unless they are running bots/hacks themselves, then they are taking a known risk.)
 
i will admit that my password are not always secure. In fact i only use extra secure password when the system forces me too. I'm lazy and okay with admitting that. Just b/c I'm on this forum does not mean i clean my pc, run the best software to protect my pc, and use the strongest password. I'm also very sure I'm not the only user who is like this and on this forum.

frankly you would be very shocked what my password is for this very forum. it's all lower case, is only 7 chars long, is word based, and has letters only.

"hardocp" ?

And how does tryin to insult me play into this conversation? If it really concerns you, I barely post on this forum, check out my user profile genius. 9.5 year member and I'm only a "limp gawd" title or whatever [H] dubs it.

Sorry if you think I'm "trolling", I thought I could share my view just like everyone else on this thread has.

Back to the conversation, my comment was for those who are just recently hacked, as in AFTER blizzard even made a statement regarding the issue and recommended using the authenticator. I agree with you, though. It's pretty sad that the game, without the authenticator, is such a security risk. Why not just make the authenticator a requirement if the game is so F'd without it?

The game isn't F'd. People are stupid. They will do really dumb things on their computer, like going to crack key sites or a site with tools to reset admin passwords etc, they'll do a Google search and click on any random website that comes up, type in their personal info on a public computer, connect to free open wifi channels, give their information to someone they "trust"... and the list goes on and on... yet they will still vehemently reaffirm that their computer and information couldn't possibly be compromised. Hell, I'm in IT and work with techs that have been dealing with issues like this for years from clients and yet they'll still turn around and do stupid things like this and be baffled when their computer is compromised.

So am I surprised that people claim that Blizzard is crap, Blizzard is lying, and Blizzard should have warned them of this? Not at all. People love to throw blame around whenever they do something stupid that would force them to have to admit they're stupid if they can't find someone else to blame.

Now, I'm NOT SAYING that Blizzard isn't to blame or hiding something, but their claims that people are getting hacked through traditional means is probably closer to the truth, because I've been dealing with the same clueless people and guildmates in World of Warcraft for years. They'll get hacked over and over again and everytime, it's never their fault. It's got to be Blizzard.

When you buy and play a game that already has sold 6.3 million copies, setting new records, maybe you should take a moment and realize that this makes it a huge target for hackers and that there is money to be made in games like this so that is what they go after. Any MMO is like this so it's time to realize that's the reality we live in and take responsibility for yourself. If that means you give up and don't play or buy Diablo 3, so be it, but don't go complaining it's someone elses fault your computer was compromised prior to Diablo 3 launching and they were just waiting for you to log in to take advantage of you.
 
People are stupid. They will do really dumb things on their computer, like going to crack key sites or a site with tools to reset admin passwords etc, they'll do a Google search and click on any random website that comes up, type in their personal info on a public computer, connect to free open wifi channels, give their information to someone they "trust"... and the list goes on and on... yet they will still vehemently reaffirm that their computer and information couldn't possibly be compromised. Hell, I'm in IT and work with techs that have been dealing with issues like this for years from clients and yet they'll still turn around and do stupid things like this and be baffled when their computer is compromised.
I've been a WAN server admin a long time, I'm about as paranoid as they come, but lets assume I missed something.

Why limit the damages? The ones who find their entire account emptied I can see being victims of their own mistakes, but why would they leave my most valuable stuff, and only take the items I'd touched in the last hour of play before I logged off? Not a single thing was missing from any other character, and I have 3 purely dedicated to muling awesome finds.

Why take just the blue shield and rare pants when there's millions worth of other equipped stuff staring you in the face? The hijacker takes smith tomes, but not the jewel tomes? Only the stuff I had physically interacted with in like the last hour before I logged off went missing. I changed all my passwords and whatnot anyway, but this doesn't strike me as the sort of event where someone has total access to your account. They could have cleaned out millions worth of other gear, and they took my 2 least rare ones instead?
 
I've been a WAN server admin a long time, I'm about as paranoid as they come, but lets assume I missed something.

Why limit the damages? The ones who find their entire account emptied I can see being victims of their own mistakes, but why would they leave my most valuable stuff, and only take the items I'd touched in the last hour of play before I logged off? Not a single thing was missing from any other character, and I have 3 purely dedicated to muling awesome finds.

Why take just the blue shield and rare pants when there's millions worth of other equipped stuff staring you in the face? The hijacker takes smith tomes, but not the jewel tomes? Only the stuff I had physically interacted with in like the last hour before I logged off went missing. I changed all my passwords and whatnot anyway, but this doesn't strike me as the sort of event where someone has total access to your account. They could have cleaned out millions worth of other gear, and they took my 2 least rare ones instead?

I've seen/heard that happens many times in WoW and EQ2, where there was only like a few missing items, mostly of no value, then a week later, bam, everything was gone... Not sure if the attacker is testing something and will come back later or what, but I have seen issues like you posted before in other games...

Is the mobile phone authenticator app free? I know the keyFob cost like a buck or something...
 
I've been a WAN server admin a long time, I'm about as paranoid as they come, but lets assume I missed something.

Why limit the damages? The ones who find their entire account emptied I can see being victims of their own mistakes, but why would they leave my most valuable stuff, and only take the items I'd touched in the last hour of play before I logged off? Not a single thing was missing from any other character, and I have 3 purely dedicated to muling awesome finds.

Why take just the blue shield and rare pants when there's millions worth of other equipped stuff staring you in the face? The hijacker takes smith tomes, but not the jewel tomes? Only the stuff I had physically interacted with in like the last hour before I logged off went missing. I changed all my passwords and whatnot anyway, but this doesn't strike me as the sort of event where someone has total access to your account. They could have cleaned out millions worth of other gear, and they took my 2 least rare ones instead?

They most likely vendored the crap they didn't want, flagged your account, and will try again to access it soon. You had basically done their work for them with the mules... They may have just been going down a list of compromised accounts and see if they could get in. Seen that happen before in World of Warcraft. Famous last words of fellow guildmates, "I think I've been hacked, so I changed my password so I'm ok now." Two days later the entire guild bank is looted... guess who?

And don't think I'm blaming you, I miss things as well, and at least you're open to the fact there might be something wrong with your PC. I appreciate that. My tech reference in the previous post above is to point out that even those of us that feel the most safe and knowledgable can be the ones most susceptible to attack.

I just get tired of people telling me it's not their fault and could never be their fault. I hear it all day long as a tech analyst, as I'm sure you do in your job. As soon as you even hint it could be their fault a shit storm of fury emerges.
 
Back
Top