Diablo® III

I Lost All My Money and Items?

Posts: 1,127
I'm not spending $6.50+tax to make my account more secure because of a problem on Blizzard's servers.

I'd rather stop playing the game and then never buy a blizzard product again (Note: I've bought D1, D2+expansion, D3, SC2, and played wow for a year when it was first released).
- Technical Support
Posts: 26,736
View profile
Wow... I can see quite a few people are new to hacking and Bliz games! I can certainly understand the confusion and why some folks would think it was maybe (hopefully) an issue with the data not being saved. Sadly, most of these really do sound like hacking. Those of us how played WoW and hung out on the forums there are VERY familiar with the symptoms/solutions. Maybe someone else clarifying how they do it will help!

1. Blizzard has NEVER had a database or server compromise. They are legally obligated to publicize it if they do. Any compromise is on the user end, not Bliz end. We see no end of accusations on the WoW forums only to then see the player find the keylogger or admit to responding to a phish.
2. Selling gold from Bliz games is a multi billion dollar business run by crime syndicates, often conducted outside of the US. Yes, they have strong motive to steal your gold and are VERY organized.
3. Compromises (infections) happen sometimes months before they access your account.
4. Once you have the keylogger (often from a malicious web site or phishing email), it can lie in wait for the right moment such as running ONLY when the WoW or D3 login screen is open and you are typing.

How does it work?
-They send phishing emails, compromise sites, put infected banner adds on web sites advertising gold, leveling, items, strats, troubleshooting, etc. Bottom line is you get a keylogger or they get you to answer a phish.
-When you go to log in to the game it starts the malware and steals your data.
-You go to sleep or work and they log onto your account
-They have someone else on another account join them in a low level game and hand off your gold
-You end up seeing that in the recent player list under Friends

The Mobile Authenticator is FREE... but making sure you acknowledge that even the most careful person can be compromised is even more important. Account security in this case is a user issue, not a Bliz one.

Sounds like Bliz really needs to put the same safeguard on D3 accounts as WoW. If you try to log into WoW from a new location it will lock the account for a password reset that you do through your email. So unless they have that compromised as well it is an additional way to keep bad guys out.
Edited by MissCheetah#1661 on 5/19/2012 11:23 AM PDT
- Technical Support
Posts: 26,736
View profile
Yes, yes it does. D2 players need to learn what WoW players have...that your account has value and bad guys will go after your gold if you do not keep your PC and data secure.

1. Ensure your PC is clean http://us.battle.net/support/en/article/account-and-computer-security and that you change your passwords to your account and email from a clean PC.
2. Once clean, submit a ticket to recover your account. This may mean a roll back so chose wisely.
3. Consider an authenticator - the mobile version is free for Android and iPhones. Keyfob is $6.50.
Edited by MissCheetah#1661 on 5/19/2012 11:22 AM PDT
I logged out last night on my level 43 Demon Hunter and everything was fine. Logged in today and everything on my character except a bound page in my stash was gone. Thing is I HAVE the authenticator...the free one, but got no notification anything suspicious happened etc.
Posts: 1,127
You didn't read the thread misscheetah.

Go a head and browse the bug report, general discussion and tech support threads. Tons of people are suddenly logging in today to see their gold and/or items gone.

It's not a coincidence when this many people are affected.

Also not everyone has a mobile phone so you certainly cannot say the the authenticator is free. I bought diablo 3 and paid tax, it was $65.16. I'm not about to fork over an additional $6.50+tax to protect myself against potential Blizzard issues.

I guess people's achievements got hacked too right? Someone logged into their account and then modified the game code to send achievement delete actions to the server?

Obviously not right? Certainly it's an issue on Blizzard's end. Why can't there be an issue with the AH that allows people to get your authentication credentials. I'm also not talking about stupid db injection methods like Blizzard reps forgot to escape a field.

There's a million things that could go wrong that would allow people to potentially access confidential information.
Edited by viscrom#1983 on 5/19/2012 11:28 AM PDT
- Technical Support
Posts: 26,736
View profile
If you are using the Dial-in authenticator, be aware that it is NOT as secure as the Mobile phone app and keyfobs. Also, did you have your account set to ask for the authenticator at every log in or were you letting it ask weekly?
90 Tauren Death Knight
Posts: 10
I love hearing stories of naive people assuming they are unhackable because they use a "special" password or have the "best" AV/Antimalware running.

Nothing is safe, if you keep poking at it... this is why I made a completely new build for playing D3... to keep it off my everyday OS.

A tip to the QQers... read more... or else you will continue to be victims in this digital age.
I think I might have some proof that my account was not hacked, and it was a server problem when my items were erased.

Like I said the character in question was a level 48 monk in hardcore. I am currently in act 3 nightmare doing the quest "The breached keep"

When I logged in this morning, my monk was inside the keep in the hostile area. This creates the first problem in saying I was hacked.

#1 In order to get my gear, they would have had to have someone join my game who was also close to or on the same quest in was in act3 NM HARDCORE.

#2 If they moved my character to normal difficulty to transfer the items, then when I logged in I would have been in normal difficulty.

#3 If they moved my character, then moved him back to the exact same spot in the exact quest I was on, it would actually be impossible because there are mobs blocking the entrance to the keep as you leave town (if you've done this quest you know what I'm talking about).

Like I said before My gold was not taken, my 3 best items ( worth 1 mil+ In game gold on hardcore) were not taken, and my stash was not emptied.

If someone can explain to me how they could accomplish getting my gear and then putting my character back onto the exact quest he was on please explain. If you think the hackers have access to a character in act3 nightmare *hardcore* then that is impressive hacking setup.

Also I did not have any unknown recently played with people on my list.
Posts: 5,889
View profile
i would not see how asking for it daily would affect getting hacked (authenticator overtime tracks ip of your computer) it know's it is you. however, when someone who want's to take the gold out of someones account has to get past the authenticator when it pop's up. they are blocked off regardless of it being daily or weekly.
Posts: 1,127
Victims of the digital age lol. I've been a software developer for probably longer than you've been alive. It's my business to make sure I know what I'm doing when it comes to this stuff.

I'm telling you that I didn't get "hacked". I would bet my life on it.
- Technical Support
Posts: 26,736
View profile
fremd, I did read the thread. You really do not understand how WoW and now D3 hacking works. Keeping your head in the sand and insisting "it has to be Blizzard's fault" is misleading and won't help. Your comparison between achievements and gold is completely....wrong. Apples and oranges.

1. The Achievements can not be modified by the end user. That can only be a DB issue and Bliz acknowledged that.
2. Missing gold and items along with unknown recent players in your friends list is hacking.
3. Blizzard has logs and can SEE the other IP address logging into your account. They can confirm you were hacked!
4. The only way someone else can get your name/pass is if you give it to them by using it on another web site, having malware, or responding to a phish. Not even Bliz employees can see your password.

And of course they struck now, they had to wait for enough accounts to have some gold in it to make it worth it. The best advice is for people to educate themselves about how these crime syndicates (yes, that is what the hackers are) work and do the best they can to prevent it!
I would have the physical authenticator if the thing would get here. Apparently next day shipping means at least a week.

IMO Blizzard should at least acknowledge whether there was a wave of hacks last night or something happened during the server reboot last night.
Posts: 1,127
Of course achievements cannot be modified by the end user. I'm assuming now that you're trolling me because I made that very clear with my reply. I was saying that it's possible for data loss to occur due to a problem on Blizzard's end.

Are you a software engineer? Do you know what it takes to manage something as large as bnet? Are you aware of what needs to be done to keep things working properly?

I can answer those questions and write a 10,000 word essay on how bnet is likely architected and many pitfalls/errors that may occur. Some of which are out of Blizzard's hands (READ: it's not because they incompetent), and some of which are due to bugs (all software has bugs, believe it or not).

Also people with authenticators are missing items/gold too. Thoughts on that?
Clearly people are losing items, the question is who is at fault, how it happened and why certain people were targeted, if the attacks were due to a specific Malware, MitM Attack, or in fact by a vulnerability in Blizzards security system.

It seems as now, you have a bunch of chickens running around with their heads cut off pointing fingers without any answers and a lack of blue post to even show that they are aware of a theoretical vulnerability to disprove it, so continue on ranting in this thread, arguing with each other and receiving zero answers.

Oh, and for the one saying, "Nothing is secure if you keep poking at it." you are wrong.
- Technical Support
Posts: 26,736
View profile
Actually.. I do know what it takes and have a LOT of experience dealing with this in WoW. Sure, there are data issues and I bet a few are mixed in to here along with the folks who had their account compromised.

As for authenticators, the dial in one is not as secure and that has been stated by Blues. Also, people need to ensure they select "ask me every time I log in" from the Security settings in Account Management. I don't know if D3 has the same location auto detect system as WoW or not so that is an important step.

Really, what you are doing is misleading many people who should be taking measures to secure their accounts. Doing so is harmless and good PC maintenance anyway. From everything we see here, MOST of these are compromises with a very tiny few being related to possible database glitches. Just because YOU don't know much about how Blizzard accounts are compromised does not mean others don't. I am guessing you did not play WoW.
Edited by MissCheetah#1661 on 5/19/2012 11:49 AM PDT
Posts: 1
I've had the same problem. Woke up this morning and logged in:
5 gold instead of the few thousands I had.
Bank stash empty.
Main char's inventory empty except for the CE wings (account bound) and the CE dyes (NOT bound).
Main's equipped inventory was complete (rares, a legendary), except that the helm was one I had tried on the night before and not kept; original +MF% helm was not equipped.
Alt's inventory were unaffected.
No new names on my friend-list, and no recently-played's. Literally none, I've been trying to play single-player as much as possible.

Laptop is only 5 months old and is only used for gaming (a "fresh" build). No internet surfing on the gaming machine (separate computer and laptop for that). Sure, nothing is 100% full-proof, but the conditions above (especially nothing on the friend-list), coupled with the timing of the numerous other people similarly affected, provide much more weight to this being a server-issue than a hacking issue.

I'm pretty sure, a vast majority of the people posting here are informed of what phishing is, remote access trojans, key loggers and other methods of hacking may be, and I am sure that before pointing to blizzard, they checked their systems.

Multiple people report the same data, some authenticators, some not, you are not an "inside source" of blizzard, you have no knowledge of their server infrastructures, yet you still point fingers and insult peoples intelligence as if you have some sort of insight, when you clearly do not.

Please, stand to the side, go about your business and allow these people to report their issues to the technical support forum without you playing miss know it all.

Edited by Versedian#1231 on 5/19/2012 11:56 AM PDT
Posts: 1,127
Experience with this in wow has nothing to do with the conversation. Most people are retarded or are lying when they say they got "hacked".

99% of the time they clicked a bad link. I'm just saying I'm not one of those people and only my D3 character's gold were stolen.

I don't visit any sites other than this for D3 news. I viewed diablo.incgamers.com a bunch before the release but that site is super popular and there's probably hundreds of thousands of people who viewed it too.

Also why are you asking me if I play wow? You said you read my posts, and I already mentioned I played it for a year. If you read it, you would have picked up on that right?
Edited by viscrom#1983 on 5/19/2012 11:57 AM PDT
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Explain (256 characters max)