Blizzard investigating Diablo 3 account hack reports
Blizzard is investigating reports that Diablo III accounts are being hacked and stripped, even if the user is 'protected' by a Battle.net Authenticator. For now, it says to hold tight and authenticate up.
Since Diablo III launched a week ago, a growing number of players have found their accounts broken into and their characters stripped bare, or even had their accounts outright taken. Blizzard is investigating these reports, initially blaming them on old-fashioned hacking techniques rather than a security hole in Diablo III, but some victims insist they've been hit even with a Battle.net Authenticator.
As with hacks in other online games--let's not forget Diablo III's DRM means it's an online game for everyone--the victims have all their characters' items sold, their stash emptied, and all gold passed onto another account. Blizzard's offering rollbacks for affected characters, but it's inconvenience and upset nobody fancies dealing with.
While Blizzard is eying the usual hack vectors--keyloggers, phishing, passwords collected from hacked websites and whatnot--some unconfirmed reports say there may be a serious problem. Supposedly, miscreants can easily hijack the session ID of someone else playing, spoofing it to get access to their account.
As a forum post from community manager Micah 'Bashiok Whiple shows, Blizzard's not buying that yet, but is investigating.
We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.
Yet there are many reports of players using an Authenticator who have been hacked regardless. Still, you may want to beef up your account security all the same, using an actual Authenticator, the free Authenticator mobile act, or the SMS Protect service, as detailed here.
"Historically, the release of a new game--such as a World of Warcraft expansion--will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III," Blizzard said. Let's hope that's all it is.
With the launch of the real-money auction house coming on May 29, delayed by the launch issues, people are about to become an awful lot more concerned about the safety of their gear.
-
Shacknews
replyAlice O'Connor posted a new article, Blizzard investigating Diablo 3 account hack reports.
Blizzard is investigating reports that Diablo III accounts are being hacked and stripped, even if the user is 'protected' by a Battle.net Authenticator. For now, it says to hold tight and authenticate up.-
-
-
-
-
-
[deleted]
-
-
[deleted]
-
-
[deleted]
-
Yeah, I've done this twice now, it's entirely painless.
-
-
-
[deleted]
-
-
-
if what some people are saying is true (hackers are duplicating your sessionID) then none of that matters. supposedly if they have your battletag (friends, joining public games, potentially the auction house) then you're vulnerable.
-
-
When I first started reading your comment I thought, what's your age got to do with it?
-
-
Hahaha. I thought "being online 24/7" was supposed to be safer Blizzard? Wasn't that the reason I can't play single-player offline? Ahahaha. Good one.
-
[deleted]
-
Tsk, you completely missed his point. Although probably placed in the wrong place I support his standpoint. DRM just enrages most people as it should.
Any game that requires me to have a constant internet connection or limits the amount of times I can install it, I will not buy.
-
[deleted]
-
Which department at Blizzard do you work at? Or is it another company in the bloated corporate structure that is Activision Blizzard?
-
Actually, he didn't miss my point, you did. A "major" talking point Blizzard sited as it's reason to go 100% was security. Here, enjoy the quotes...
"While (Rob) Pardo recognizes that people sometimes want or need to play offline (such as internet outages, or playing on a laptop during an airplane flight), he notes that the increased security, plus benefits like the above, outweigh those other concerns."
http://www.1up.com/news/diablo-3-requires-online-when-playing
"Senior producer Alex Mayberry told MTV that... We can provide a much a much more stable, connected, safer experience than we could if we let people play off-line."
https://us.battle.net/d3/en/forum/topic/5151265270
So, umm, yeah. Nothing is perfect, but when you "sell" the experience of it being safer IF it's online, and then people get their accounts hacked, it brings that entire concept into question.-
Not to mention, if the game had been designed as an offline single player experience with multiplayer support, the character data would be saved locally on their computer's harddrive and therefore not at risk for having their character stripped naked by a compromised online account.
-
-
-
-
-
-
[deleted]
-
-
-
[deleted]
-
perhaps. but it can't hurt.
Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password.
http://us.battle.net/d3/en/forum/topic/5149619846?page=29#571
funny how it's the same old shit, people 1) have fucked up malware'd machines and 2) they are fucking turbo clicking morons.... but they gotta blame blizzard !!!!
or maybe it's college idiots with their machines logged in, shared with other morons, b.net account cached, no authenticator? OH MAN I GOT HACKED !!!!!!!!!!!!!!!!!!
-
-
[deleted]
-
-
-
thing is..... Diablo 3 does NOT require the authenticator to login..... FAIL BLIZZARD !!!
-
[deleted]
-
[deleted]
-
-
Yes it does.
By default, Blizzard games will store a token on your machine. If that token exists and your ip/mac/guid didn't change, it will only ask for the authenticator string once every week or two. You can disable this in your battle.net profile and force it to ask for the authenticator string every time.-
[deleted]
-
[deleted]
-
Location meaning IP address most likely. If all those machines share the same IP address then it will not ask for authenticator code each time.
-
[deleted]
-
-
-
[deleted]
-
[deleted]
-
-
-
-
it didn't for me. I never had a battle.net account until D3's launch, so I created one and then I was able to just use my username/password to log in to the game every time I played. I actually just enabled the authenticator on my battle.net account today during work, but I haven't needed it and I've been playing all week.
-
-
-
-
[deleted]
-
A 60 hours played train wreck =/
-
[deleted]
-
Everyone who hasn't bought D3 and reads about some guy with a broken router moaning about it on Shacknews says the same thing. :) I don't speak for everyone but other than the outage on the first day, I have been able to play every time I tried to login, have a character in Hell, as well as lowbies in hardcore and normal, been playing with friends. No issues whatsoever.
-
-
[deleted]
-
-
[deleted]
-
[deleted]
-
[deleted]
-
-
-
-
-
-
-
[deleted]
-
-
If future train wrecks consist of marshmallows, beer and a new yellow helmet with sockets then sign me up!
-
The Blizzard Bootlicking Brigade is strong in this thread.
-
-
-
-
[deleted]
-
-
-
oh? I would strongly disagree my friend https://mmoauctions.com/diablo-3/accounts I would
-
-
-
-
I got hacked. I was in the last act after the rifts, logged out at 845 to watch game of thrones, and at 940pm I got a email saying my password had been changed. I got up to see, and it was, I went to battle net and confirmed myself, changed my password, added the authenticator, and put in a support ticket. I just lost all my money. No items were sold. That said, My support ticket was responded to:
I'm Game Master Kagmieth, thanks for contacting us about your WoW account. I did a little digging and found there is currently no WoW account attached to your Battle.net. Theres a chance any emails you received about the account could be fishing attempts sent to gain your account information based on old data they picked up from way back when.
Right.-
And he is talking about my WOW account is because he asked me if I had one... My ticket is for diablo... lol
-
-
