Diablo® III

Hacked with an authenticator

(Locked)

Bad websites and your forum login. Happend to me. And by bad websites it can be things like an add in another website your go to.
Posts: 13
Or it could be more than that due to so many being "hacked" in such a short time frame...
OK. We need to establish how, when or around what guestimated time because these guys must have been desperate to cause that much damage. From what I have heard, the exploit or hack was determined around 19th - 21st of May.

This also took place when users were logged in. Meaning that somewhere along the line, someone or a group managed to sit and sniff packets to gain a number of credentials. I fear for my account. Strong passwords in a clear text packet mean nothing.

And from blizzard:
That being hacked more than once will cause your account to be banned permanently.

Analysis:
Sounds to me that the encryption from the client to server is not encrypted, or SQL injection is being used to query passwords through the client somehow. This is dangerous and I am afraid that if Blizzard doesn't stop this and chooses to ban accounts, it will only create further negative feed back.

Check your user agreements as well because if Blizzard isnt keeping their end of the bargain is the Masses who will win in a court case over lack of security.


There's a lot simpler explanations than a group of people actively sniffing packets (where, outside your house? Blizzard's headquarters?) or running a MoTM attack. Occam's Razor dude.
- Technical Support
Posts: 17,528
View profile


This also took place when users were logged in. Meaning that somewhere along the line, someone or a group managed to sit and sniff packets to gain a number of credentials. I fear for my account. Strong passwords in a clear text packet mean nothing.


Reading the huge threads the past couple days, people were compromised when offline as well. Does your theory apply to them too? I think the only reason we are seeing as many online compromises is because everyone is playing a LOT right now. The only consistent thing I see, is that the IP location lock is not working for anyone..nobody reported it being activated like it should have been :( I also see instances of clear compromise where bliz has no record of a diff IP being on the account. Not cool. Would your theory explain going around the IP location lock?
Posts: 19
Well if the IP lock isnt enabled. It probably means that when you authenticate your IP address even if its Dynamic isn't being recorded on their end during authentication and those tickets are not being registered. That's my gut feeling.

If you were offline or online the reason those arent being registered could mean that the sucessful logins are not being logged. Dynamic IP addresses go through ISP's from there I'm unsure how ISP's manage their users.

But the IP lock may or may not be working to the desired effect.

Simply having a game online requring internet to play this issue was bound to turn up.

Finding these hackers can take sometime. Or be blocked in the future.
- Technical Support
Posts: 17,528
View profile
Yeah, I am not an expert on the whole IP logging and lockout system but...wouldn't we have heard of people coming here asking why they were locked out? Ones who were protected because they had a secure email and were protected by the new system? We saw it all the time in the WoW CS forums..."why did I get locked out when I logged in from my girlfriend's house!" Nothing so far...that worries me.
It's amazing what pornography websites can do for you as a whole.
Posts: 19
Check if that feature is avaiable on your login client. Maybe that can be used to prevent this from occuring. The biggest weapon against this is, finding ways for now, to prevent further breaches of user security.
45 Human Mage
350
Posts: 127
bet ya its only 10% people hacked from visiting fishy sites and forums or whatever and 90% blizzard server problems why people are missing things including characters..


He has an authenticator.... can you people not read?


I can. Can you comprehend that I was stating that an authenticator can be defeated?


Most additional security measures are a joke. One that would actually help would be making our main battle.net email adress different from our login to a specific game email address, I really wish they would add this. This would make it so one compromised game doesn't equal like 10 compromised games as blizzard releases more and more.

Also make sure your email and game do not use the same password. This will do more to keep derps from stealing your account than your authenticator will. Also make sure that your email password isn't something derpy like password or success, if they get access to that they can steal all your stuff over and over.

Authenticators are actually not even particularly hard to defeat, don't rely on one. Make sure your computer is clean, do not attempt to hack or run private servers as these are FULL of keyloggers. Usually people offering them are hoping to clean your account out and sell your stuff for gold/RL moneys.
Edited by Dozey#1273 on 5/20/2012 8:52 PM PDT
- Technical Support
Posts: 17,528
View profile
05/20/2012 08:44 PMPosted by Keillen
Check if that feature is avaiable on your login client. Maybe that can be used to prevent this from occuring. The biggest weapon against this is, finding ways for now, to prevent further breaches of user security.


The lock out feature is automatic in WoW. You get no choice. If it detects a log in from somewhere "unusual" it will lock the account and email you with a request for password reset. It can also be used with the new SMS system. I was told by another users it applies to all bnet accounts...

The authenticator system also depends on that system...it asks once a week unless a new login location is detected...so if it is not working then people who set the Auth on default are vulnerable.

I think the only way right now is to get the Mobile Auth or Keyfob and set them to request the code EVERY time. Keep a clean PC with good browsing habits. Then cross all appendages!
Edited by MissCheetah#1661 on 5/20/2012 8:53 PM PDT
- Technical Support
Posts: 17,528
View profile
Yeah, that is what I was wondering... And if he responded to a phish or used the same login/pass elsewhere he would still be vulnerable. They have been collecting data for months in prep for this. Anyone with a bnet account prior to D3 could have been compromised months ago :/ That said.. IP location lockout...why did it fail to happen?
100 Night Elf Hunter
11875
Posts: 9,112
05/20/2012 08:52 PMPosted by MystiKasT
I just reformatted this computer in anticipation for diablo 3. I have no programs on here but diablo 3, an EVGA overclocker, and internet explorer. So shut your mouths. I'm also on a secure wired connection, with a legitimate copy of windows 7. I know my stuff, I majored in comp sci in college. Don't treat me like an idiot. This is not my fault.


As I stated in another thread, your info was probably stolen before you reformatted your computer and the thieves have just now got around to your account.
- Technical Support
Posts: 17,528
View profile
Well you are mad and you should have read the entire thread. There are a LOT of people with sympathy, constructive advice, and possible theories. You seem to have none of those.
Maybe your iPhone got hacked too.

Lesson Learned: Physical Authenticators are the best.

P.S. Blizzard doesn't have case sensitive passwords.

PaSsWoRd will be recognized as password.
Edited by Windchimes#1153 on 5/20/2012 9:05 PM PDT
Posts: 19
Majoring means nothing when it comes to experience.

Pull your head in MystiKasT.

The only issue with Mobile Auth or Keyfob is that people were still compromised.

Probably needs more investigation from us USers. Since Blizzard will not disclose their damage.
Mainly because to say they were hacked causes loss of confidence.
85 Undead Rogue
0
Posts: 118
It could be an inside job. not being able to detect anything is bull!@#$ how can they detect it in the first place? I seriously hope that its not an inside job and not an exploit or every single person could be hacked with no protection also blizzard should be able to detect random people massing so much gold or selling it from the hacking to know whos doing this, i mean if they can detect no problems they should be able to detect that right?
Edited by Wolfie#1356 on 5/20/2012 9:09 PM PDT
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]