diablo 3 accounts hacked

RMAH delayed indefinitely.

My friend got hacked yesterday. He logged on and he was completely naked. Fuck this, when I get home I am getting the smartphone authenticator. I use a complex password and D3 is the only thing I use it for, but I'm too worried about losing my shit. :p

Good. Last thing we need to encourage the already growing problem.

Blizzard needs to get its shit in order. I hated dealing with this in WoW and I can't believe that its still such a problem for "single" player , forcing online DRM has been a mistake honestly. Sure , people buy the game but how many will stick around with the rampant hacking going on? WoW manages to keep people obsessed with patches/expansions but how long will Diablo players put up with this?
 
Good. Last thing we need to encourage the already growing problem.

Blizzard needs to get its shit in order. I hated dealing with this in WoW and I can't believe that its still such a problem for "single" player , forcing online DRM has been a mistake honestly. Sure , people buy the game but how many will stick around with the rampant hacking going on? WoW manages to keep people obsessed with patches/expansions but how long will Diablo players put up with this?

There's nothing to buy so far from Blizzard other than an authenticator. So what's their incentive to want to keep you around? At it's heart this is a single player game tied to a MMO style auction house. Losing a customer doesn't do much to Blizzard other than save them on bandwidth costs.

Of course this all changes if an expansion comes out.
 
There's nothing to buy so far from Blizzard other than an authenticator. So what's their incentive to want to keep you around? At it's heart this is a single player game tied to a MMO style auction house. Losing a customer doesn't do much to Blizzard other than save them on bandwidth costs.

Of course this all changes if an expansion comes out.

This is the sad truth, doesn't matter how shitty the game is, Blizzard has already made a ton of cash on the game and only benefits from people leaving.
 
I was hacked yesterday. Logged in last night to find myself naked, empty inventory, and all the good stuff in my stash gone along with all my gold.

I've never played with anyone else - strictly single player/solo although I do use the auction house quite a bit.

My social panel shows I last played with qqqqqqqqqqqq and DDeadShadow <- I've no idea who those people are other than they must be the ones who hacked me.

Already requested a rollback. Lucky it doesn't look like I'm going to lose any levels.

I also have now changed my pw and gotten the mobile authenticator.


p.s. I noticed the auction house is completely closed down right now.
 
I made a change to my account about 20 minutes ago - to make authenticator mandatory eveyr log in. I just now got the SMS text telling me I changed it.

How is an alert that is 20 minutes late going to help? PW could be changed and account cleared out in that amount of time.
 
Remember the WoW hacks through the Adobe Flash exploit? I'm guessing that this is similar to that.

I was "hacked" last night. I work with malware removal and computer repair, and have been for 8 years now. I know what a phishing site is and how to keep my computer and passwords secure.

I have since changed my PW and started using the authenticator. I don't LIKE using it. But I also don't like losing all of my gear. I already have ~60 hours into the game.

The people with authenticators need to stop crying "people need to stop going on phishing sites" and the people getting hacked need to stop crying "blizzard has been compromised, zomg blizzard was hackzord."

Exploits like these are generally undetected, therefore they happen en-masse and are not stopped by anti-virus programs. Until Blizzard and/or the company responsible for the compromised software figures it out, it will probably stay undetected.

I highly doubt that this involves a brute force login attack. That would require access to players account names, which isn't available by just playing with someone. Not only that, I'm sure Blizzard has prevention for high volumes of login attempts in a short period of time. Phishing sites are possible, but I am ruling that out since I do not log into battle.net from ANYWHERE but inside the game itself and on battle.net. I personally know of three people who were "hacked", one being my roommate who does not get "phished".

IMO, what Blizzard should do is require some form of authenticator. In fact, I would suggest that they bundle the $6 Authenticator keychain WITH every game. Hell, I wouldn't mind paying another $6 for the game, knowing that I am secure. At least with a secure login, you don't have to worry (as much) about everything else being unsecure.

Just my 3 or 4 cents.
 
Remember the WoW hacks through the Adobe Flash exploit? I'm guessing that this is similar to that.

I was "hacked" last night. I work with malware removal and computer repair, and have been for 8 years now. I know what a phishing site is and how to keep my computer and passwords secure.

I have since changed my PW and started using the authenticator. I don't LIKE using it. But I also don't like losing all of my gear. I already have ~60 hours into the game.

The people with authenticators need to stop crying "people need to stop going on phishing sites" and the people getting hacked need to stop crying "blizzard has been compromised, zomg blizzard was hackzord."

Exploits like these are generally undetected, therefore they happen en-masse and are not stopped by anti-virus programs. Until Blizzard and/or the company responsible for the compromised software figures it out, it will probably stay undetected.

I highly doubt that this involves a brute force login attack. That would require access to players account names, which isn't available by just playing with someone. Not only that, I'm sure Blizzard has prevention for high volumes of login attempts in a short period of time. Phishing sites are possible, but I am ruling that out since I do not log into battle.net from ANYWHERE but inside the game itself and on battle.net. I personally know of three people who were "hacked", one being my roommate who does not get "phished".

IMO, what Blizzard should do is require some form of authenticator. In fact, I would suggest that they bundle the $6 Authenticator keychain WITH every game. Hell, I wouldn't mind paying another $6 for the game, knowing that I am secure. At least with a secure login, you don't have to worry (as much) about everything else being unsecure.

Just my 3 or 4 cents.
If it was phishing that was happening we'd be finding our entire accounts cleared out. I'm sure people still get taken that way, but it's not the majority of the complaints coming in.

Whatever method is being used only allows them access to your last played character and your first stash page. It's very easy to tell who's been phished and who's been "hacked".

Blizzard however can't see anything. They told me no one had used my account between when I shut down the night before, and when I logged on the next day, and actually refused a rollback on that basis.
 
If they have access to D3, to log in and steal your gold, doesn't it mean that hackers get access to WoW accounts?
 
My accout was hacked whilei was playing.. Game kicked me out saying some one else logged in. I was like what the hell. So I logged back in. Then the samething happen. I was line oh shit. So by the time I found the stupid password rest on battle.net and got it sent to my email my lvl 52 was. cleaned out and my stash in like 5 minutes. I have never been hacked on WOW and I have been playing since day 1. I got a roll back done. I lost 6 lvls and all the gear I had gotten up till then. I now have an authenticator on my account. I already find it a pain to make sure I have my phone at all times. Oh ans the person that hacked my account was in my battle.net account. They even bought a new copy of wow on it.
 
http://us.battle.net/d3/en/forum/topic/5149181449#1
In all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account, and we have yet to find any situation where a Diablo III player's account was accessed outside of "traditional" compromise methods (i.e. someone logging using an account's login email and password).

To that end, we've also seen discussions regarding the possibility of account compromises occurring in ways that didn&#8217;t involve these "traditional" methods -- for example, by "session spoofing" a player&#8217;s identity after he or she joins a public game. Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.

According to Blizzard you all were "hacked" by traditional methods.
What I think is strange is, if they have your b.net password, wouldn't they steal from WoW as well? I have yet to hear of someone's entire account being compromised. Maybe they are just not Wow players.... I dont know....
 
Got hacked sometime over the last night. Emptied my stash except gems and all my gold. What's interesting is that they must have come in though my level 7 barb or level 1 demon hunter, my level 37 wizard and all his gear is still on the character. Had one low level legendary in the stash, but otherwise pretty inconsequential.

It's not phishing in any traditional sense, the password I use for battle.net I don't use anywhere else and have only entered into battle.net itself. Wasn't changed, no authenticator but had the SMS alerts active.

Items where dumped too Hottel1503#2645.

Never played open games, mostly been playing with solo or a couple friends. Been using the action house quite a bit.
 
According to Blizzard you all were "hacked" by traditional methods.
What I think is strange is, if they have your b.net password, wouldn't they steal from WoW as well? I have yet to hear of someone's entire account being compromised. Maybe they are just not Wow players.... I dont know....

Yeah it seems like this session ID spoof is becoming more real. People on D2jsp aren't getting their forum accounts hacked either.
 
Yeah it seems like this session ID spoof is becoming more real. People on D2jsp aren't getting their forum accounts hacked either.

Could be a bot/script going through all of the accounts doing the last played character. That would make sense because it would work for every account.
 
Well, could be just an issue with a database sync on Blizzard side. Especially if some recent character / loot is affected.
 
Guess they did have access to my main character, since they took his potions... but left all the equipped items that are far better than what they stole from the stash. They even took so low level blue junk from the stash I was saving for starting new characters, but left the gems...

Makes no sense.

I'm sure there are Unique ID's on items... would be so easy to track the people doing the hacking. Instead they seem to be full swing pushing Authenticators and claiming nothing out of the ordinary is happening. According to the battle.net forums my machine is completely compromised and I click on all the phishing links... and yet my paypal and online backing are untouched but some level 30 and under gear from Diablo 3 and 40000 gold are taken...
 
Reading all your stories I have to come to some conclusions:
1. It's an internal security breach. Either by a group of individuals that work at or with Blizzard or a weakness in their servers that is being exploited.
2. It is more widespread than they admit to.
3. You paid $60 bucks for this? Congrats, I would suggest you change all your passwords from your banking and other important sites.
 
This seems like enough smoke to suspect a real fire rather than just haters and liars blowing smoke up our collective ass.

Just because you're paranoid doesn't mean everyone isn't out to get you. With D3 being as popular as it is, and with as much real money is at stake if someone can figure out how to hack it, you have to treat this much smoke seriously. Blizzard states that they do not see anything wrong on their end; I'm concerned that they may not be able to see something wrong on their end.

Two of my relatives want to play D3 very much, but they are also busy with other games, so I have told them to hold off on buying D3 until these questions about security work themselves out to be either false and not to be worried about, or true and resolved.
 
I honestly don't know why they have so much trouble fighting this, they're authoritative for their own servers and database of items. It's really extremely trivial to give items a unique ID, stash them in a database with a transaction log of who has owned them and for what periods of time, who transferred/traded them etc.

It's kind of retarded that they didn't learn from WoW on this one and build a system which is more secure, I mean you can log every single transaction ever made in the game and keep it forever...it's the perfect paper trail yet it still happens...it's just stupid that it's still a problem given the time they had to design and develop this and their prior experience in WoW dealing with the very same issues.

*edit*

I also have to say that I find this kind of thing hilarious upon reflection, they've forced the whole online thing presumably to try and stop piracy, and forcing all these people who just want a nice single player to put all their single player items at risk. I feel sorry for everyone getting "hacked", but honestly my sympathy is rather limited because it just seems silly to me, to buy into a product where this is even possible in the first place, at least for a purely single player experience.
 
Last edited:
My account got haxxed. I sent a support ticket- is that all I can do? I'm not playing right now but really wish I could :(

One of my 3 characters is naked, the other 2 seem to have all their gear.

I lost all of my gold and about half of what was in my storage.
 
Last edited:
I did the same, but When they open today I'm going to call and request that Diablo 3 be removed from my account, a refund given, and the battle net account associated to my email address deleted. If this happened once it's a good rule of thumb that it will happen again.

Timeline:
Tuesday 9pm = I log out of the game and go to bed.
Wednesday 4:30pm = I get home from work and log on. Realize that all my gold and gear is missing.
Wednesday 4:35 = I open a ticket with Blizzard, change my password and add sms verification
Wednesday 11pm = I get an account password reset notification emailed to me.
Wednesday 11:30pm = Blizzard responds that I only get two rollbacks on my ticket. (Pissed because it was a copy paste responsec and took 7 hours?)
Thursday 5am = I get up to get ready for work, see the email, try to log in, and lo and behold my password is wrong.
Thursday 5:15am = add RSA token ad get ready to call for a refund. (This is not worth my time for this game nor do they deserve my money.)

After several days they finally gto back to me and I'm getting my refund. Time to wait for torchlight 2.
 
My account got haxxed. I sent a support ticket- is that all I can do? I'm not playing right now but really wish I could :(

One of my 3 characters is naked, the other 2 seem to have all their gear.

I lost all of my gold and about half of what was in my storage.


Pretty much. To rule out potential keylogging by some hidden trojans run an antivirus, spybot and super antispyware on full scan and check your firewall is up to date (or install a better one if you rely on windows POS firewall). After making sure your computer is 100% clean change password to something you dont use anywhere else.

Then there is of course authenticator and make your game ask for it during every login. SHOULD make your account as hacking proof as possible unless there really is something else going on, like spoofing or inside job.
 
My account was hacked while I was playing it last night. Hit my high level character and wiped out the stasch and my gold, but left what I had equipped. Probably because I was changing the password as fast as I could.
 
My account was hacked while I was playing it last night. Hit my high level character and wiped out the stasch and my gold, but left what I had equipped. Probably because I was changing the password as fast as I could.

That's interesting, since I had the same thing but during the middle of the night so I had no notice and didn't update my password until the next morning.

Any others hacked, but had their equipped items untouched?
 
For those with an authenticator, probably still worth using a unique password for battle.net. Since whatever they are using to gain user email and password could still be used for your account, they just wouldn't be able to actually gain access to your characters with it.
 
I ordered the keyfob authenticator today. My PC is clean, I fix and clean peoples computers for a living. I don't go on diablo sites except for battlenet itself. The whole thing seems fishy to me.
 
Added an authenticator, haven't had my account hacked yet but there seem to be A LOT of people just on this forum alone getting hit. Seems odd.
 
Kinda feel like maybe it's a game bug or something, just so many haxxed accounts.
 
Whoa just saw this thread after creating my own.

- I've had my account hacked as well! everything wiped clean
 
Wow, this is weird. So many accounts are already hacked. I wonder if this is some random system error or that easy to hack an account? Bunch of people on [H] got hacked, so we are probably talking about thousands more...
 
Add me to the list. My account was compromised today. I have a level 52 Wizard...all my gold around (70,000) and gear in my inventory was stolen. i guess the gear that I was wearing wasn't valuable enough so that was spared. Blizzard is a fucking joke, I feel no more motivation to play this game. I will request a refund and if I don't get a prompt response I will file a chargeback with my creditcard.
 
Chase doesn't require you to signup for online banking in person; you can do it online with an existing checking account. The big difference is probably in the sophistication of the neural net (or if they're even using a neural net instead of a simple rules-based system). Chase will be able to see full login details, geolocation, OS, IP, transaction details (did you look at your account, transfer funds, etc) and many more details. It will take all of that and compare it against your historical patterns to determine whether or not someone should review the login, or potentially temporarily block access to online banking entirely. As a financial institution you're required to have layered security; different methods of front-end authentication are one piece, back-end monitoring is another.

Blizzard really should have the same thing; with all the money they make and the number of accounts on B.net, there really is no excuse not to (if they don't, however I haven't seen any evidence to show they have).

Chase doesn't have the best security, IMO. In fact, the US banking security system is very weak compared to EU. I have a bank account in EU and you get a special card generated with certain numbers that you must enter everytime you log in and if you enter 3 times incorrectly your online banking is locked forever until you show up at the bank and fill out necessarily papers to unlock the account.
 
Add me to the list. My account was compromised today. I have a level 52 Wizard...all my gold around (70,000) and gear in my inventory was stolen. i guess the gear that I was wearing wasn't valuable enough so that was spared. Blizzard is a fucking joke, I feel no more motivation to play this game. I will request a refund and if I don't get a prompt response I will file a chargeback with my creditcard.

No authenticator I'm guessing? Shame.
 
No authenticator I'm guessing? Shame.

You are a mindless sheep, you have no idea why you are uselessly braying authenticator. Keep drinking your Blizzard koolaid you simple minded knave.

I'm not buying a !@#$ing authenticator because Blizzard runs their %^-* too un-secure. This is Blizzard's fault on their end whether they will admit it or not, and they have chosen NOT to admit it and blame the users. LOL really?!?!? REALLY SO MANY PEOPLE AND IT'S EVERYONE'S FAULT BUT NOT BLIZZARD? Maybe I should buy 500 different authenticators for all the games I have too!

A fucking authenticator is not going to save your personal information from being stolen.
 
Last edited:
Still, not a single reported/verified account of anyone with an authenticator being haxored... I have had them for aion, rift, swtor, wow, eq2 and now diablo, (same as wow one). I think they should almost be standard equipment for a game purchase now days really.
 
If you believe blizzard, sure.

LOL let me throw out a question for everyone:

Does any company every readily admit that all their user's personal information and data has been compromised? You think you're going to get the truth from Blizzard any time soon about how serious this is?

I created a ticket for a refund and I instructed them to delete all my personal data and my blizzard account. And I really hope everyone does the same.
 
Right before I bought Diablo 3 I decided to add a mobile authenticator. I only have it set to the once a week option, wondering if I should set it to every login. I just noticed theres an SMS option also and was just gonna add that, but apparently pre-paid phones don't work ( virgin mobile monthly pre-paid is what I have ). Think I'll be fine with how it is or should I change it to every login?
 
Back
Top