Diablo® III

I Lost All My Money and Items?

Posts: 1,127
Yeah a lot of people could easily have just opened a ticket or maybe tried to call them directly.

This is crazy though. I didn't play all day on a weekend because I don't know if my account is safe or not. No official responses and no ticket responses other than automated responses trying to sell me an authenticator.
I have reviewed my friends list and realized that I have been hacked by asdasd as well. unfortunately for me I didn't see it sooner, this is not a bug. We all just got hacked around the same time. I dont have the authentication but will do so now. I hope that they can assist us in recovering our items.
I logged into my account about an two hours ago and noticed all my stash was emptied and only had 15k gold where before i had somewhere around 200k, did have a person added in my friends list, ran virus scans and malware scans nothing came up, just activated mobile authenticater, just glad to see more people are having the same problem
I have this same problem. I'd like to say to all the critics on the matter, just because you have an authentication code to use doesn't give you the right to harass other people because they don't have it. Some of us weren't aware that such security features would be needed. If you want to let off some steam because your mad at something in your own life do it in a psychiatric forum...don't take it out on people who have more important problems then putting up with your nonsense.

Sorry to those who don't pertain to that...It's just silly for someone to have a problem, post about it, and then get stupid nonsensical responses...
- Technical Support
Posts: 16,242
View profile
There are two schools of thought on this. Some seem to think it is a Blizzard database issue like achievements. Others feel it is most likely an issue of account compromise. There are some reports of a popular gaming website having malicious software on it, maybe a bad banner add. Others have reported entering login information on phishing sites or emails. The free D3 or Beta access ones got a lot of people.

Gold selling is a multi-billion dollar business run by highly organized crime syndicates, often outside of the US. Yes, they want in to your account, they want your gold, and they are very good at getting it. No, Blizzard has probably not been compromised at their end. If they have, we will see a public announcement at the CNN level. They have to do that by law.

How to know if you were likely compromised
1. Your gold and/or gear are gone
2. You keep getting logged out when someone else logs on
3. Your character may not be where you left it. Most often it is in Act 1 starting area.
4. You will probably see strange names under “recent players” on your friends list that you do not recognize.

The best course of action for now is:
-Secure your PC http://us.battle.net/support/en/article/account-and-computer-security. When you run a malware scanner like Malwarebytes, do it with D3 login open and gibberish typed in. Some malware only activates when that screen is up.
-If you are locked out, call Billing http://us.battle.net/support/en/article/contact
-Change your account and email passwords from a secure PC
-Request restoration via the ticket system and wait on the ticket. It may take a while and opening multiple tickets does not make it go faster. Billing also can not restore your items. All they can do is reset your password or deal with billing issues.
-Consider an authenticator. The mobile version is free and the keyfob is only $6.50

Following the security steps hurts nothing and is good general PC maintenance anyway while you wait to see what Bliz says about the issue.
Posts: 1,744
same thing happened to me i lost all my gold and money but the items in ah was not affected, wtf is going on, i already filed a ticket but it seems like i am not the only one with this problem
Posts: 1,127
This could easily be a bug in their software that is letting users with a certain tool full access to your account credentials.

I was hoping I would have found some type of malware on my computer but I didn't. I have also monitored my router's logs for the last month and found nothing strange.

I'm pretty confident we'll see a blue post eventually saying an exploit was found in the AH which allowed users to sniff out other player's information by spoofing session IDs (which were found out by the tool). Something like that is a possibility. They won't say anything until a fix is rolled out though.
This could easily be a bug in their software that is letting users with a certain tool full access to your account credentials.

I was hoping I would have found some type of malware on my computer but I didn't. I have also monitored my router's logs for the last month and found nothing strange.

I'm pretty confident we'll see a blue post eventually saying an exploit was found in the AH which allowed users to sniff out other player's information by spoofing session IDs (which were found out by the tool). Something like that is a possibility. They won't say anything until a fix is rolled out though.


I would have to agree with this person, i've also ran scans for malware and other malicious files, found nothing. My firewall has ALWAYS been active...i rarely use the net other then gaming and i don't see how i could've contracted a malicious file from facebook or other sites frequently used by many people.
Edited by Symbiote#1378 on 5/19/2012 2:00 PM PDT
Please explain this, I lost gold and according to Blizzard support no one but me have used my account?
Posts: 1,127
Also, a web server and a game server aren't really much different. They just use different protocols to transfer the data.

A game server like diablo 3 will have multiple services. One of which is a login service. How do you think certain web sites keep your login information saved? Simple, session IDs. You login once, and it saves a session id to a cookie file on your computer, you come back and the server reads this session id and compares it to the one they have the on the server and if the match then it logs you in as you.

You don't even need someone's password to login as them. A tool could in theory exist that lets someone send a fake session ID to the d3 login server and the server will authenticate them as you (or whoever the session belongs to).

I was talking to my friend about this and he noticed that when they logged into my account, they logged in twice very quickly without a disconnect thrown in. That sounds kind of suspicious to me and further leads me to believe that some type of exploit is being used.

I've seen people decrypt the lineage game client and re-wrote it to be a desktop application so they could control their buff stations. I never played linage but technology and game coding is interesting to me and I remember reading that a long time ago. My point is, don't think something is impossible because you don't understand it. There's very little magic going on to make software work.

All it takes is one silly mistake by a developer and that's it. Hover over an item or buy/sell in the AH and you get access to that item's user's session ID and then in the next packet you send to the server, you send your new session ID over the wire. Congrats, you're logged in as that person in real time (or whenever the client updates the results) WITHOUT knowing their password.

Authenticators will not save you here.

Edit:
That's only 1 possibility of how a potential security flaw could be exploited, I'm not saying this is guaranteed to be how it's working. There's numerous other ways too but it's not my job to explain them.
Edited by viscrom#1983 on 5/19/2012 2:14 PM PDT
Posts: 24
05/19/2012 01:53 PMPosted by Shelledfade
Me too. I had 900k, 10 stacks of ectos and 17 stacks of obsidian shards. Hopefully Blizzard will give those back to me.


900k? Not possible unless you're doing something you're not supposed to be doing.

actually that's totally possible, i had over 600k without going into bs/jc and i had about ~24 hours logged over the past 4 days, granted it's a lot but there are people who do more
05/19/2012 02:15 PMPosted by Justince


900k? Not possible unless you're doing something you're not supposed to be doing.

actually that's totally possible, i had over 600k without going into bs/jc and i had about ~24 hours logged over the past 4 days, granted it's a lot but there are people who do more


ecto's and obsidian shards are in d3? they sound like guild wars items to me
Posts: 1,744
i just registered a mobile authenticator and started a full scan right now, but this is the first time ive been hacked ive played d2 before and never got hacked and now this wtf is going on and other people having the same problems, i hope they have a log of when your acc was accessed, because i know when i logged off and when i logged on there shoudn't be any logons anywhere inbetween, and i told them the times when i submitted my blizzard ticket
Posts: 1,744
while i am at is is there a phone number you can call and talk with customer support at blizzard? i already filed my ticket but it says it can take 24-48 hours i would like to speak with someone asap
Posts: 1,127
The last time I tried to call the phone wait was over an hour. Also the phone reps are likely to be the same people who answer tickets. They are going to tell you that you were hacked and then try to make you buy an authenticator from their store.
Edited by viscrom#1983 on 5/19/2012 2:23 PM PDT
Posts: 28
I don't think I was hacked in the sense that they actually got my password and stuff. I've never read any of these fansites or anything, and I have a full protection suite with firewall/antivirus etc, all the usual stuff. Unless they managed to get something onto Team Liquid. That's the only Blizzard game community website I frequent. I guess it is a possibility, but man it just sucks.

I was in Act I on NM on my main character, so that didn't surprise me. I did see some random recent player, but he wasn't added to my friends. Could have been some guy I was playing with on a public session, I don't remember.
Well I'm finally back home. Guess what? There is someone on my friends list.

alexbad19#1595
Character - Ipanema
Level 11 Barbarian
Total Time Played 11 Hours 9 Mins
Offline

I have never seen this person nor have a ever played in a public game. I've only ever played with 2 personal friends.

Never even heard of that inc diablo or whatever site people were mentioning. I think I've only ever been on this Diablo site.

Would be nice if my authenticator would show up.
Posts: 1,744
i don't care i will wait, if this is a security compromise on my end i will have to follow up, but i don't think it is and i think its something with their servers, and its not just me 11 pages of people had the same problem as me so something is up and i need to find out, i coudn't find the number to call can anyone tell me where it is?
Edited by zheng1234#1781 on 5/19/2012 2:26 PM PDT
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]