diablo 3 accounts hacked

[evilsofa]

Because if you're not using an authenticator, you're being silly in thinking your account is secure. That's why. Email address + a password that's not case-sensitive with no backup is just asking to get hacked.

Blizzard did its customers a disservice by not posting something like this before the game was released:

http://us.battle.net/d3/en/blog/6020037

Is a mugging victim silly for not carrying a gun and staying near a police officer at all times?

It is extraordinary that D3 seems to require an authenticator to keep the player's data safe. Other than WoW, I'm not aware of any other game for which this is necessary.

Does Blizzard make the need for authenticator use evident in any way or at any point in either the boxed or digital download editions? Do they even mention authenticators? (I have to ask this because I have not yet bought the game, and will not until these security issues are resolved to my satisfaction).

 

[jester1176]

Is a mugging victim silly for not carrying a gun and staying near a police officer at all times?

It is extraordinary that D3 seems to require an authenticator to keep the player's data safe. Other than WoW, I'm not aware of any other game for which this is necessary.

Does Blizzard make the need for authenticator use evident in any way or at any point in either the boxed or digital download editions? Do they even mention authenticators? (I have to ask this because I have not yet bought the game, and will not until these security issues are resolved to my satisfaction).

No. But a mugging victim would be silly for going out at night in a dangerous area of town by themselves and venturing into dark alleys, especially after the authorities have told you to travel in groups and only in well-lit areas. Fuck I hate speaking in analogies.

I'm not saying Blizzard is in the right here. It seems that they'd be serving their customers better by requiring passwords to meet certain guidelines (upper and lower case, with numbers and at least 8 characters long, for starters).Authenticators are not necessary in other games because honestly, other games don't sell 5 million units overnight (or whatever).

(did some digging, SWTOR has an authenticator http://www.swtor.com/info/security-key )

They've made numerous blog posts and forum posts about the authenticator. In fact, I just saw a Tweet from them about it:

Defend yourself from evil, in-game and out! Grab an Authenticator! This and other security tips can be found here: http:///M7TNv2

Blog post here: http://us.battle.net/d3/en/blog/6020037/Battlenet_and_Diablo_III_Account_Security-5_25_2012#blog

 

[Draax]

. It seems that they'd be serving their customers better by requiring passwords to meet certain guidelines (upper and lower case, with numbers and at least 8 characters long, for starters

There is no uppercase/lowercase recognition in blizzard passwords.

 

[jester1176]

That's what I was getting at. Simply recognizing upper/lowercase would be a huge step in the right direction.

 

[Bash]

That's what I was getting at. Simply recognizing upper/lowercase would be a huge step in the right direction.

While I agree with you I would think that brute force attacks make up a very small percentage of all hacked accounts.

 

[jester1176]

While I agree with you I would think that brute force attacks make up a very small percentage of all hacked accounts.

I know speculation is what internet forums are for, but speculating on something like this isn't for any of us to do. Only Blizzard knows the answers.

 

[TheMadHatterXxX]

OMFGGGGGGGGGGGGGGGG ROFL!!!

http://www.youtube.com/watch?v=xLLhG8ReSDI&feature=youtu.be

I hope this lightens up the mood for a little.

 

[collegeboy69us]

just submitted a ticket to start the refund process on my account - I explained in a detailed professional manner why I require my money back. And that if the request can't be handled smoothly I would have to escalate the issue with my bank.

Maybe in 6 months or a year they will have these issues fixed, nobody really knows for the time being I refuse to pay money for something this broken. It's like buying a sports car that's fun but you can't enjoy it because everyone has a set of keys to it.

I explained to them that when trying to call their support line, a 2 hour wait is unacceptable and that I refuse to blow $20 worth of my minutes on the small chance a person might answer the phone after 2 hours and "maybe" help me.

 

[jester1176]

just submitted a ticket to start the refund process on my account - I explained in a detailed professional manner why I require my money back. And that if the request can't be handled smoothly I would have to escalate the issue with my bank.

Maybe in 6 months or a year they will have these issues fixed, nobody really knows for the time being I refuse to pay money for something this broken. It's like buying a sports car that's fun but you can't enjoy it because everyone has a set of keys to it.

I explained to them that when trying to call their support line, a 2 hour wait is unacceptable and that I refuse to blow $20 worth of my minutes on the small chance a person might answer the phone after 2 hours and "maybe" help me.

Good for you.

 

[Climber]

just submitted a ticket to start the refund process on my account - I explained in a detailed professional manner why I require my money back. And that if the request can't be handled smoothly I would have to escalate the issue with my bank.

Maybe in 6 months or a year they will have these issues fixed, nobody really knows for the time being I refuse to pay money for something this broken. It's like buying a sports car that's fun but you can't enjoy it because everyone has a set of keys to it.

I explained to them that when trying to call their support line, a 2 hour wait is unacceptable and that I refuse to blow $20 worth of my minutes on the small chance a person might answer the phone after 2 hours and "maybe" help me.

Lol all you had to do was ask for your.money back. No justification required. It is part of their eula.

 

[TheMadHatterXxX]

Good for you.

Lol all you had to do was ask for your.money back. No justification required. It is part of their eula.

The defensiveness that is oozing from the fonts in your posts is just hilarious. Wow.

 

[Climber]

The defensiveness that is oozing from the fonts in your posts is just hilarious. Wow.

Really? I feel the same about your posts. I'm not trying to be defensive, but honestly your posts are the exact opposite of mine so while mine seem defensive yours are 100% offensive.

Look, I'm just as perplexed as the next guy as to what is going on with the account hacks. It really is mind boggling that only 1 character, that being the last played, are affected. It tells me the game isn't hacked as if it was all the characters would be hit and all the players world wide would be hit.

So something else is definitely going on; however, to point the finger at Blizzard and say you've got a problem and I know it is you because it isn't me doesn't help a whole lot, especially when numerous other people are entirely unaffected. Stop and think about it, if it was Blizzard's side then every single character is affected; however, it isn't every single character and it isn't affecting accounts using the mobile app or the hardware dongle. There hasn't been a single verified account of an authenticator being hacked.

Would Blizzard admit it if there was? Who knows; however, the shit storm that would follow if it came to pass that they knew they had a security breach and continually lied to customers as well as sold them defective security devices would damage their credibility beyond measure and more than likely open them up to a host of lawsuits.

What drives me crazy and more than likely makes me seem defensive is the rabid amount of logical fallacies and jumping to conclusions everyone is doing. The majority of posts, especially here, have contained little to no information and we're just supposed to take their words as fact? Seriously wtf? Have so many people lost their common sense and critical thinking that anyone can spout whatever they want and have it believed as 100% veracity? Especially when so many have been found to be lying about their situation? As Chris Carter would say "C'mon man!"

 

[Bdonedge]

I was 50/50 on getting a refund - but the more I think about it, the more I'm tempted. Did you already go through the refund process? Were they smooth or combative on giving your your 60 dollars back?

I just had my account rolled back after a hack yesterday and have lost almost all excitement for playing. I could use that 60 dollars and buy the upcoming BF3 map pack with some cash left over for beer

VERY easy. It was a 50 minute wait on the phone but I just put my phone on speaker and left it beside me while I played battlefield. They picked up, asked me my account info, I told them I wanted a refund and BOOM, that was it. No questions asked about it, just gave it back to me

 

[robble]

Link to video?

http://www.youtube.com/watch?v=8iQoOMJ9n8k

 

[collegeboy69us]

VERY easy. It was a 50 minute wait on the phone but I just put my phone on speaker and left it beside me while I played battlefield. They picked up, asked me my account info, I told them I wanted a refund and BOOM, that was it. No questions asked about it, just gave it back to me

Good to know

I went the ticket route - mainly because of my weird weekend work schedule combined with the fact I'm not wanting to blow 60 of my 450 minutes allowed per month on my verizon plan. Yes, there are free nights and weekends but I'm at work during these free weekend hours, so the ticket system is really my best option. I'd love to do handle it here at work but I tend to not play on the phone due to circumstances here on the job.

Either way - not to thread jack but speaking of you playing BF3, I just recently discovered the FXAA injector and color enhancer. Instead of the flat washed out tones its more vibrant! and much much sharper with the FXAA tweaks.

 

[Draax]

How long has the rollback process taken for others? I sent my ticket in on the 31st, and it was answered about 24hrs later. I have replied telling them to do the rollback and it is now 17 hours later and I am still waiting.

 

[Dallows]

http://www.youtube.com/watch?v=8iQoOMJ9n8k

Honestly I don't know what I'm watching. This guy was in a game with other people who were apparently being hacked. This claim you made before that items were disappearing from a person without the mouse moving is because he's inspecting the other players. It's not his shit being hacked.. He's watching and inspecting a player as they go to the vendor and sell items. Then they claim that one of the players just standing there is the hacker? Interesting.

Now if you had shown me a video of someone being hacked where they were not moving the mouse or whatever and stuff was disappearing I'd be more inclined to believe. But this doesn't really help.

The video is also shot from a phone or something, not captured from the computer itself.

 

[collegeboy69us]

How long has the rollback process taken for others? I sent my ticket in on the 31st, and it was answered about 24hrs later. I have replied telling them to do the rollback and it is now 17 hours later and I am still waiting.

I found out I was hacked monday -- submitted a ticket and they replied about 30 hours later asking for confirmation to rollback. Another 36 hours later I had the rollback.

24 hours after all that? I submitted a ticket for to start my refund process. What's the point of playing and putting the effort into crafting and farming if you are just going to randomly lose it?

And yes, I had authenticator. (smart phone)

You should see your rollback complete after 24 hours -- sadly though I've heard of people that are still waiting after like a week of requesting the rollback. Just another example of unpredictable shitty service.

 

[Climber]

And yes, I had authenticator. (smart phone)

Which one? The sms or the code version?

 

[Draax]

Well my rollback was finally processed ~42 hours after I first sent my ticket in. Finally have my characters back, I hope this authenticator works.

 

[Bdonedge]

Good to know

I went the ticket route - mainly because of my weird weekend work schedule combined with the fact I'm not wanting to blow 60 of my 450 minutes allowed per month on my verizon plan. Yes, there are free nights and weekends but I'm at work during these free weekend hours, so the ticket system is really my best option. I'd love to do handle it here at work but I tend to not play on the phone due to circumstances here on the job.

Either way - not to thread jack but speaking of you playing BF3, I just recently discovered the FXAA injector and color enhancer. Instead of the flat washed out tones its more vibrant! and much much sharper with the FXAA tweaks.

I have no idea what FXAA injector is but I will be looking it up now, thanks for the info!

 

[KarsusTG]

do you mind sharing what kind of authenticator they are using?

Two were using the phone mobile authenticator. One had the little usb keychain looking one. I have the mobile one as well...

I need more detail. I need know how long they've had it. What kind of losses did they experience? What did Blizzard say in regard to their claims?

You people keep leaving out important details like it doesn't matter. And I'm meant to sit here and believe your every word.

The guy with the keychain/usb looking device has had it for years.

I think blizzard has a real problem. If you are paying them another $7 for an authenticator service that is compromised in some fashion or another, it's a problem. I know there is no way that every user that has had their account ever hacked/compromised with an authenticator has a key logger or malware on it. It just doesn't make sense.

 

[DJ Big T]

I'm already bored of this game so I could care less if mine gets hacked. I don't have an authenticator because I share an SC2 account with other people so I don't want to deal with one. I haven't been hacked yet and I have my fingers crossed.

 

[Oomps]

I'm already bored of this game so I could care less if mine gets hacked...I haven't been hacked yet and I have my fingers crossed.

WUT

 

[LeninGHOLA]

WUT

Makes sense in that he "could" care less.

 

[DJ Big T]

WUT

I've never had my account hacked and I use a complex unique password that I don't use anywhere else. I have never needed an authenticator.

Makes sense in that he "could" care less.

Yes I could care less because I've already beaten the game and I have moved on. At this point I got tired of it and all the gold farming needed for the AH. Your mileage may very.

 

[LeninGHOLA]

Don't mind the grammar police.

 

[robble]

Yes I could care less because I've already beaten the game and I have moved on..

he is making fun of you because you don't understand which phrase to use.

could care less = you do care to some extent.
could NOT care less = you don't give a damn.

 

[Ebernanut]

I've always considered "I could care less" to be the sarcastic version of "I couldn't care less".

 

[RobustDude]

I've always considered "I could care less" to be the sarcastic version of "I couldn't care less".

It is... Don't get involved in this one.

 

[socK]

Nice, just had it happen to me.

Double digit password length, did a scan with both spybot and malware bytes and security essentials in safemode, clean. I really don't get why I assumed a clean system with a long, secure password would be safe without more measures but apparently it wasn't.

edit: The moral of the story is: logic, or at least my logic, doesn't apply to b.net accounts apparently so err on the side of caution and always use everything security wise.

 

[KarsusTG]

I don't understand how you could not care less. You do realize it has your name, address, phone number, and probably some sort of CC info tied to it...

 

[Shantarr.Dalrae]

I would be interested to know from those hacked if they, honestly, have ever used the registered battle.net e-mail address and password anywhere else on a network connected device or site in the past; to include incorrectly typing the battle.net password in an account login page tied to the same e-mail, elsewhere.

In 100% of the cases from those here locally that have been hacked, this is the case.

No response to this, any insight from those compromised?

Had another 'real-life' friend hacked yesterday, heavy internet user, no authenticator.

The sheer volume of players in this game, combined with the fact that all items are tradeable, as well as gold, makes this a high priority target for hackers. WoW will make them (the hackers) a fraction of the income that D3 will, quantitatively speaking.


EDIT: Wanted to mention that both myself and my wife have not been compromised, both with almost 200 hours in D3 so far. Several friends in the same boat, no issues, authenticator enabled.

Discussion was also made regarding Blizzard pushing the authenticator to plug a security hole that they have made by not allowing more secure passwords. While it is true that case sensitive and alpha-numeric passwords should be a standard, it is not a end all to the issue. Should those requirements have been made standard, these issues would still exist and for the same reasons. The authenticators serve a purpose and a good one at that; adding a physical requirement to your account security. Yes, it is optional, but it is highly secure. To the best of my knowledge, there have been no confirmed cases of authenticator enabled accounts that were compromised, without the secret question and answer being compromised as well to remove them prior to account access.

Ultimately, it is your account and the authenticators are an optionally provided tool that -you- decide to implement. How important is the security of your account, to you?

 

[Oomps]

.

Discussion was also made regarding Blizzard pushing the authenticator to plug a security hole that they have made by not allowing more secure passwords. While it is true that case sensitive and alpha-numeric passwords should be a standard, it is not a end all to the issue. Should those requirements have been made standard, these issues would still exist and for the same reasons. The authenticators serve a purpose and a good one at that; adding a physical requirement to your account security. Yes, it is optional, but it is highly secure. To the best of my knowledge, there have been no confirmed cases of authenticator enabled accounts that were compromised, without the secret question and answer being compromised as well to remove them prior to account access.

Ultimately, it is your account and the authenticators are an optionally provided tool that -you- decide to implement. How important is the security of your account, to you?

You can't remove the authenticator using the secret question.

 

[socK]

Long passwords don't help on bnet accounts...I don't know why people think they do...no one is brute forcing their way into your bnet.

Does this not strike you as odd? If large, unique passwords provide shit for security, there's a pretty fucking big problem somewhere.

 

[Shantarr.Dalrae]

You can't remove the authenticator using the secret question.

Apparently, malevolent individuals have been talking customer support into doing so using secret Q/A's; if I recall the blue post correctly. This has since become a less used tactic as awareness of the issue has been raised.

Though, in automated cases, you are correct.

 

[Neb]

Does this not strike you as odd? If large, unique passwords provide shit for security, there's a pretty fucking big problem somewhere.

Long passwords are mainly an issue if the login rate isn't throttled, but the battle.net login does throttle logins so brute forcing is highly unlikely.

 

[maverikv]

Has anyone gotten a refund out of Blizzard for this?

I'm pretty busy with work/family so I don't get to play games much anymore. I logged into my 26 monk tonight and he was naked with 0 gold. I opened a ticket then called them up. They are so backlogged you can't even hold. I looked it up and it is taking 48 hours to respond to these tickets?!

I found my ticket and asked for a refund. Its tragically ironic that this online only crap was put in as a "security measure" for the real money auction house (which incidentally is still MIA) and as a result my single player game, which I have no interest in taking beyond a single player game, is essentially unplayable for two days while these goons roll back my account.

I'll get Torchlight 2 instead. AND have $40 left over for another game. And you know what? I'll be able to play both of them whenever I want.

Ridiculous.

 

[Daggah]

I asked for a refund, but they closed my ticket saying that they were too busy.