I don't claim to know how their login system works. If it has a database of logins or whatever. But if you look at something like Active Directory. You can't just simply see the passwords, even as a domain admin. I couldn't tell you how that would work. I'm assuming you would access to the database in order to pull that information. Something not a lot of people would have and would(or should be) very restricted.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
diablo 3 accounts hacked
- Thread starter Oomps
- Start date
I don't claim to know how their login system works. If it has a database of logins or whatever. But if you look at something like Active Directory. You can't just simply see the passwords, even as a domain admin. I couldn't tell you how that would work. I'm assuming you would access to the database in order to pull that information. Something not a lot of people would have and would(or should be) very restricted.
It's called 1 way encryption. It is literally impossible for even blizzard to know your passwords.
TheMadHatterXxX
2[H]4U
- Joined
- Sep 7, 2004
- Messages
- 3,021
In my case I didn't even know authenticatiors even existed, Last blizzard game I played was Warcraft 3 and it didn't have an authenticator. I had never herd authenticators being using for gaming before I got hacked.
Once I knew about them I turned it on but ignorance is likely the largest reason people don't use authenticators.
Sorry I thought it was pretty known. Blizzard likes to advertise them no? Either way, sorry you were hacked.
Hornet
Supreme [H]ardness
- Joined
- Oct 4, 2005
- Messages
- 6,624
IMHO, even if there was a way to hijack a person's account using ID spoofing or whatever, I doubt Blizzard would own up to it.
The problem here is if such exploit exist, it completely nullifies the authenticator's protection here. So if they have some kind of policy where say they will only restore your WoW account if you got hacked and have an authenticator attached, admitting to this flaw in Diablo 3 will still prove that the authenticator is useless and people could use that to argue against their authenticator policy, whatever it may be.
In other words, admitting to any possible flaw that bypass the authenticator will open a large can of worms for them.
Not that I would defend Blizzard if they are hiding any exploit of course.
The problem here is if such exploit exist, it completely nullifies the authenticator's protection here. So if they have some kind of policy where say they will only restore your WoW account if you got hacked and have an authenticator attached, admitting to this flaw in Diablo 3 will still prove that the authenticator is useless and people could use that to argue against their authenticator policy, whatever it may be.
In other words, admitting to any possible flaw that bypass the authenticator will open a large can of worms for them.
Not that I would defend Blizzard if they are hiding any exploit of course.
ashmelev75
[H]ard|Gawd
- Joined
- Nov 29, 2007
- Messages
- 1,815
FYI, Dian-in authenticator does not work with Diablo3.
http://us.battle.net/support/en/article/battle-net-dial-in-authenticator-faq#q-7
Use a physical key-fob or smartphone app.
http://us.battle.net/support/en/article/battle-net-dial-in-authenticator-faq#q-7
Use a physical key-fob or smartphone app.
I'm sure it is well known and advertised but I was just one of the few that was out of their advertisement range. I don't cruse their forms I don't play MMO's and haven't touched a blizzard game since Warcraft 3. The entire idea that someone would want to hack into my account and steal my fake gold and fake items was rather foreign to me.
cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,152
The Blizzard authenticators were hacked long ago before I quit WoW I believe. Or am I remembering wrong? Anyone remember?
Can't view anything at work but a quick google search said that the Blizzard authenticators were not affected. Article was at Joystiq last March.
I'm not sure they're hiding anything or not. It's entirely possible they have no idea how it's happening. I do find it odd that they aren't gathering data from the users on what they see when it happens though, there is a very clear pattern emerging when you read the boards.
The ones who are phished/keylogged lose everything.
The ones who are hit by the theorized mystery exploit only have their stash and a single character attacked, and so far it seems to always be the character they logged out on.
When I called in to report my losses they told me they couldn't help me because there was no record of any suspicious logins. Which directly contradicts the support ladies assertion that I'd give away my account info one way or another. If their attack on me was a simple password grab and use, why is their no record of anyone logging in as me after I shut down my machine for the night?
I try to give people benefit of the doubt, but if they aren't considering the possibility something strange is afoot I think they're in denial. The unfortunate part is a lot of people are willing to jump all over those who have valid concerns, and if you drown out the concerns it will probably not get fixed.
Having an always online connection even for solo/single player is fun isn't it!
Knowing who Blizzard is they should have seen this coming from a mile away, especially with the rmah. As usual instead of being proactive these companies get reactive only after shit hits the fan. This is not a bash just on Blizzard because you see this same scenario playing out over and over...
Knowing who Blizzard is they should have seen this coming from a mile away, especially with the rmah. As usual instead of being proactive these companies get reactive only after shit hits the fan. This is not a bash just on Blizzard because you see this same scenario playing out over and over...
This sounds like a rollback or database sync problem. You said earlier there is no strange people in your recent friends list. So they didn't trade things away. Only recent items were touched on the most recent character. I wonder if something is broken on the blizzard backend.
Seems like that would be easy to figure out/restore and even just tell people about?
cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,152
Draxanoth there are some people that love Blizzard Entertainment like the Nvidia vs AMD vs Intel guys on these boards. There are also some that put on tin foil hats and make up things to sensationalize bad situations. In general the the fanboys and tin foil crowd tend to drown each other out and you can discern what the true issues and solutions are from the few voices of reason.
I'm with you on the missing items off one character thing. It sounds more like an internal Blizzard server mess up than a hack per se. Like those accounts are getting rolled back to an earlier time or something. I've dealt with WoW hackers before and the destruction that they reaped. I've met some that take a few things in anticipation of wiping out the account later. They don't leave your Collector's Edition items in your bags in a neat row as if you've just bought the game. They might try to vendor them, but not arrange your bags for you. And why are they only able to touch items that you used on your last login? Seems very suspicious to me!
Sorry about your conversation with Blizzard phone help. Post what happened on the official forums and ask for help there. Start a new thread in Support and explain that the lady on the phone says that nobody accessed your account while you were offline, but you're missing X,Y, and Z. Make sure that you ask in the beginning of the thread that you are seeking Blizzard official help as you just talked to their phone line service and they couldn't help you.
Good luck!
I'm with you on the missing items off one character thing. It sounds more like an internal Blizzard server mess up than a hack per se. Like those accounts are getting rolled back to an earlier time or something. I've dealt with WoW hackers before and the destruction that they reaped. I've met some that take a few things in anticipation of wiping out the account later. They don't leave your Collector's Edition items in your bags in a neat row as if you've just bought the game. They might try to vendor them, but not arrange your bags for you. And why are they only able to touch items that you used on your last login? Seems very suspicious to me!
Sorry about your conversation with Blizzard phone help. Post what happened on the official forums and ask for help there. Start a new thread in Support and explain that the lady on the phone says that nobody accessed your account while you were offline, but you're missing X,Y, and Z. Make sure that you ask in the beginning of the thread that you are seeking Blizzard official help as you just talked to their phone line service and they couldn't help you.
Good luck!
The support forum doesn't typically address this sort of thing. They usually tell you they only deal in tech support and lock the topics with the advice to open a real ticket. Help tickets get construed and misunderstood like crazy, a phone call is really the only way to convey your information accurately in my experience.
I thought that too, but there is always the possibility someone used my million gold to buyout their million gold lvl 2 blue item auction, so I can't say it's definitive evidence. That would be the smartest way for a thief to go since then your Battletag won't get reported.
I actually asked her if it could be a bug but the phone folks seem adamant that any account loss is related to your credentials being compromised. Even when there was no sign someone logged in as me they would not abandon that stance, even after passing it up to the next support level. And apparently if there is no sign of foul play they are not willing to help you, as she stated since there were no unexpected login events they would not be offering me a rollback.
Honestly I was lucky. Since I employ mules instead of buying stash space the amount of good stuff I could lose seemed to be limited, asssuming the last logged on character was in fact a limitation for what happened. The million gold loss hurt, but it could have been MUCH worse.
You would see that in your transaction log as a huge purchase.
I know they had a least a few mini rollbacks or data loss or whatever after going live. My account doesn't have a few achievements and stuff related to late act1/early act2 that I got and a few other things were missing. Like I dont have the level 20 achieve even though I got it and have a 60 now.
That's a good point, I forgot all about the log. I'll take a peek at it when I get home.
RealityCrunch
[H]ard|Gawd
- Joined
- Nov 16, 2011
- Messages
- 1,393
If so... I've got to start making popcorn for when this piece of news gets revealed (if it does)
Well just logged in real quick to play while I ate lunch (furlough half day) and found that my account has been hacked and my 21 monk is now naked... GREAT!!!! Everything on her including money is gone... guess its time to start the recovery forms and what not.
Seriously? Do you have an authenticator?
No I had never setup the authenticator. It is now though... Went on to public game (which I NEVER have done) and got a screenshot of all the names of the people that "played" with me last night. Going to see if I can find my ticket for the hack and add the screenshot.. That makes things a LOT easier. Funny thing is that my Barbarian had some magic and rare items equipped that I found with my Monk. Guess they didn't pay that close of attention.
Here is the screenshot for those that are interested.
NOTE: IF YOU GET HACKED IMMEDIATELY CHECK YOUR SOCIAL SCREEN FOR UNKNOWN NAMES
Here is the screenshot for those that are interested.
NOTE: IF YOU GET HACKED IMMEDIATELY CHECK YOUR SOCIAL SCREEN FOR UNKNOWN NAMES
Last edited:
another-user
Gawd
- Joined
- Dec 27, 2006
- Messages
- 984
i got hit this morning too. cleared out all the gear on my lvl 60. they were nice though, and left a 2 defense cloth armor for me in my inventory.
what really confuses me, with the exception of how they got in, is why the fuck they took my chipped gems, and left a flawless square. and my staff of herding. or why the moved my 2 black rock (thats what it was called, right? black something...) pages from my stash to my inventory.
what really confuses me, with the exception of how they got in, is why the fuck they took my chipped gems, and left a flawless square. and my staff of herding. or why the moved my 2 black rock (thats what it was called, right? black something...) pages from my stash to my inventory.
LOL.. just logged in real quick to see if anything happened to my account and I am talking to "koreanmicro" trying to get information. He says he was hacked too but is unwilling to give me any information about when and how.
Will the information help blizzard address the problem? Probably not. But it is mor to satiate my own need for the information. I have a random string for my account password which is not a combination of birthdays or anything retarded like that. So the fact that they hacked my account means that they ahve the ability. This guys doesnt seem to really give a isht about losing his stuff or attempting to "help" but would rather just blatantly blame someone else without attempting to help. Got to love it
Will the information help blizzard address the problem? Probably not. But it is mor to satiate my own need for the information. I have a random string for my account password which is not a combination of birthdays or anything retarded like that. So the fact that they hacked my account means that they ahve the ability. This guys doesnt seem to really give a isht about losing his stuff or attempting to "help" but would rather just blatantly blame someone else without attempting to help. Got to love it
another-user
Gawd
- Joined
- Dec 27, 2006
- Messages
- 984
well fuck, my bnet account is compromised now. some one just reset the password on it.
boredreflux
Limp Gawd
- Joined
- Aug 31, 2007
- Messages
- 140
Well, to be fair, I wouldn't want to talk to some random after I got hacked either.
So, I had a response typed out intending to scare the shit out of you but I decided against it. I just want to say you made an awful, easy mistake in a public forum that you might want to fix (hint: it's your screenshot). Then again you may not really care if randoms can get things like your address, cell #, or email addys (gmail, .gov) from it. Your "critical thinking skills" didn't seem to help out much here.
I also reported the post so it could get deleted in case you cared.Simple mistakes happen.
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
I mentioned this on the Diablo 3 forums already and I'll repeat it here (as a warning):
I'm assuming the hacks are mostly being done by people in the RMT business (goldsellers and the like). I remember similar incidences in Final Fantasy XI around 2007 or 2008. Characters would be hacked, cleaned of their gear and items and re-used as chat-spam bots on the same server or moved to other servers. In a few cases the character would be re-sold on an RMT website if the character(s) had notable job levels and craft levels.
Similar may happen here but to the items being looted off the victim's character(s) and transferred to another person such as those seen in "gregnash's" screenshot above. And, the items will be sold for real money on the real money auction house.
Given that the real money auction website is going to go live around May 29th., these incidences may increase. And, as a warning to others:
I'm assuming the hacks are mostly being done by people in the RMT business (goldsellers and the like). I remember similar incidences in Final Fantasy XI around 2007 or 2008. Characters would be hacked, cleaned of their gear and items and re-used as chat-spam bots on the same server or moved to other servers. In a few cases the character would be re-sold on an RMT website if the character(s) had notable job levels and craft levels.
Similar may happen here but to the items being looted off the victim's character(s) and transferred to another person such as those seen in "gregnash's" screenshot above. And, the items will be sold for real money on the real money auction house.
Given that the real money auction website is going to go live around May 29th., these incidences may increase. And, as a warning to others:
CHANGE YOUR PASSWORD BEFORE MAY 29TH. GET THE AUTHENTICATOR-- MOBILE APP IS FREE, OR KEY FOB FOR $6.50. (NOTE: DIAL-UP/CALL-IN AUTHENTICATION IS WOW ONLY.)
MAKE SURE YOUR BATTLE.NET ACCOUNT SECURITY REQUIRES AUTHENTICATOR DURING LOG ON FOR ALL ACCOUNTS AND SERVICES.
MAKE SURE YOUR BATTLE.NET ACCOUNT SECURITY REQUIRES AUTHENTICATOR DURING LOG ON FOR ALL ACCOUNTS AND SERVICES.
Whats the deal with making authenticators American continent only? We europeans get nothing. I dont even have an actual smartphone, just Nokia 5230, that would be compatible with authenticator app and could try it out.
*edit* Oh yeah, I could always try out european Blizzard store. It has one available, Starcraft themed. No mention of Diablo 3 compatibility but I guess it works the same?
Last edited:
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
Yes it does support Battle.net.
http://eu.blizzard.com/store/details.xml?id=221004517
And, here's the mobile version which is free:
https://eu.battle.net/account/support/mobile-auth-download.html
I think there may have been an attempt on my account earlier today but luckily I had an authenticator on it. When I tried to login it prompted me for an authentication code which only happens when logging in from a new location(my IP& location are still the same). It didn't surprised me though cause I was using 1 of my easy passwords that I've used on forums & mmo's in the past.
It also happens randomly like once a week.
Well apparently someone is still trying to use my account. Twice today I have logged into my battle.net account and received the "error 503 to many attempts" and typed in my password and then used the authenticator. Approved the rollback this morning so hopefully will be fixed by the time I return home from camping on Monday.
RMAH delayed indefinitely.
My friend got hacked yesterday. He logged on and he was completely naked. Fuck this, when I get home I am getting the smartphone authenticator. I use a complex password and D3 is the only thing I use it for, but I'm too worried about losing my shit.
My friend got hacked yesterday. He logged on and he was completely naked. Fuck this, when I get home I am getting the smartphone authenticator. I use a complex password and D3 is the only thing I use it for, but I'm too worried about losing my shit.
RMAH delayed indefinitely.
My friend got hacked yesterday. He logged on and he was completely naked. Fuck this, when I get home I am getting the smartphone authenticator. I use a complex password and D3 is the only thing I use it for, but I'm too worried about losing my shit.
You know, the indefinite delay of the RMAH is probably the strongest argument so far that Blizzard might not be on the up and up of all the hacking attempts.
Eh, I'd blame it more on the fact that the gold auction house isn't the most stable thing right now. Don't want missing transactions and items when people are actually paying money.
cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,152
Websites can access your clipboard if you allow them. Gmail asked could it access mine today while using Internet Explorer.