Diablo® III

Hacked with an authenticator

(Locked)

Posts: 3,600
View profile
If a "hacker" was wanting to get your information, your diablo game would be the last thing they'd go after. You were keylogged, phished or there's a glitch. MITM would be after your bank accounts and credit cards, not diablo. lol
My whole problem with this is that I just don't see real hackers wasting time stealing a few gold and weapons... no sense at all.

I could see someone hijacking your account and reselling it...
I could see someone getting your credit card info....

but all this effort for what?


Much easier to sell the gold and items than either of those you posted. Less legal consequences.

Gold and items may prove quite valuable given the nature of this game.
Think about this. If someone or some group out there was going to go to all the effort to pull off a man in the middle attack on all these accounts within the same time frame, which is no small feat, wouldn't they wait until the RMAH is online?
Edited by athrian#1344 on 5/20/2012 4:21 PM PDT
My whole problem with this is that I just don't see real hackers wasting time stealing a few gold and weapons... no sense at all.

I could see someone hijacking your account and reselling it...
I could see someone getting your credit card info....

but all this effort for what?


Much easier to sell the gold and items than either of those you posted. Less legal consequences.

Gold and items may prove quite valuable given the nature of this game.


That is fair enough, and I can see the "terror" appeal of people freaking out over lost stuff...
eh. I miss the days when Hackers were reall hackers...
05/20/2012 04:18 PMPosted by athrian
[quote]
In a system this complex there are literally thousands of possibilities as to what happened to items/gold/characters. There could be a security flaw allowing attackers to access accounts. Could be MITM. Could be something else entirely. Nothing wrong with discussing possibilities.


That is correct. Which is why I think it's ridiculous that a few people are focusing on MitM with their only reasoning being "well, it's technically possible". I never said it wasn't, or that it hasn't happened in the past. But it's one of the more out-there explanations this early into the problem.


I agree 100% with your last statement. If there is a security failure it is entirely possible it is a server side issue (or a vulnerability in the game code/etc) given the nature of this game. Seems more probable than a massive MITM scheme.
100 Night Elf Hunter
11885
Posts: 9,224
Think about this. If someone or some group out there was going to go to all the effort to pull off a man in the middle attack, which is no small feat, wouldn't they wait until the RMAH is online?


When they'll have thousands, maybe even millions of direct competitors selling gold with Blizz's help?

Why would they do that?
05/20/2012 04:20 PMPosted by athrian
Think about this. If someone or some group out there was going to go to all the effort to pull off a man in the middle attack on all these accounts within the same time frame, which is no small feat, wouldn't they wait until the RMAH is online?


money is worth more when the economy isn't full and when there is only a black market.
Sad , games been out just days and this happeneds.

hey people lets help this dude out, if you come across a decent item msg /prevail and see if he can use it.

I know he aient looking for charity but still.

This !@#$ happened to me in D2 , after that I ended up quiting and never looked back
Posts: 3,600
View profile
05/20/2012 04:19 PMPosted by hsram
People MITM attacked in WoW all the time.


Proof or it didn't happen.
The MitM article is kind of irrelevant.

Mainly because there are a lot of reports coming from people without an authenticator and only a few coming with an authenticator. In this case the authenticated users are a minority.

The only thing it shows us is that it's possible for an authenticator to be bypassed, but I don't think that is the case for this specific issue. It might have been an issue 2 and a half years ago when the article was written but for the thing that's getting all of us today, it's likely not a MitM attack on authenticators. It's something else.

The part where multiple people (with and without) authenticators reporting that official blizzard ticket reps are telling them nothing is suspicious AFTER they notice people named like dcsdsc on their recent list directly after their items/gold are stolen makes me think the entire login authentication (not the authenticator) service is vulnerable to something.


My money for the authenticator accounts having that happen is just that they're not set to authenticate every login.
Posts: 220
05/20/2012 04:20 PMPosted by athrian
Think about this. If someone or some group out there was going to go to all the effort to pull off a man in the middle attack on all these accounts within the same time frame, which is no small feat, wouldn't they wait until the RMAH is online?


I was just thinking this. Really it seems like it would have been far better to wait until the RMAH in order to cash in.
When they'll have thousands, maybe even millions of direct competitors selling gold with Blizz's help?

Why would they do that?


So that they can use your paypal-linked account to buy their stuff off the AH and get your money?
90 Draenei Shaman
6150
Posts: 8
How is OP sure he got hacked and there wasn't a server glitch of some sort?
Edited by EvilDonkey#1937 on 5/20/2012 4:27 PM PDT
Posts: 345
if you guys wish to know how I know there was a server problem that resulted in peoples chars being deleted, just 2-3 days ago right after my copy came in the Mail on the 17th, i went in-game and there was a notice in that little Breaking News window right beside the D3 Login screen, it claimed there was a server problem effecting some users that resulted in them losing characters, so this is NOT necessarily Hacking, and with so many people playing D3, its quite possible some people ARE having this issue and blaming it on Hacking

regardless if its Hacking or Server Issues, Blizzard is responsible either way, they would have to fix whatever holes in the system allow the Hacking assuming its NOT done by Malware/Spywae/Trojans, AND if its a Server Issue, they have to solve that too

edit: also, if it IS indeed as i suspect a Server Issue, that would correlate to all the Support Tickets that get responded to with "we didnt see anyone elses IP login on your account" meaning its basically more likely thats the issue given their Support replies
Edited by Lavos#1265 on 5/20/2012 4:32 PM PDT
I just want to point out that in response to the error 3007 problem several blizzard persons recommended :
a - turning off your firewall
b - opening ports manually
c - placing your machine in the DMZ
d - disabling antivirus

I'm not saying that I think the people who are getting "hacked" aren't completely at fault through their stupidity or naivite but none of these four "fixes" are ever a good idea, and blizzard should not have been encouraging people to drop security so they could play a game.
100 Night Elf Hunter
11885
Posts: 9,224
When they'll have thousands, maybe even millions of direct competitors selling gold with Blizz's help?

Why would they do that?


So that they can use your paypal-linked account to buy their stuff off the AH and get your money?


Only if I have a Paypal-linked account, which there's no guarantee I will. However, I do have gold--and they can beat out all the legitimate gold sellers by filling those orders now.
Posts: 41
happening right before the pay to win feature goes live...

inside job blizzard?
Posts: 220


So that they can use your paypal-linked account to buy their stuff off the AH and get your money?


Only if I have a Paypal-linked account, which there's no guarantee I will. However, I do have gold--and they can beat out all the legitimate gold sellers by filling those orders now.


Yeah, I know I would choose millions in fake gold over real money any day.
This is not a hacking issue. It's a problem on Blizzard's end that is losing characters and data.

However since they already have your money, I wouldn't expect anything to be done.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]