Diablo® III

Hacked with an authenticator

(Locked)

Posts: 26
Look guys. One guy complaining that he got "hacked" might be from incompetence. Maybe two. Maybe ten. But there are a LOT OF PEOPLE complaining about this in a very short window of time.

It could be that we have a sheer and sudden outbreak of stupidity around these parts.

Or the more likely solution, there is some exploit being exploited somewhere by some exploiters.

Granted, SOME of these people are quite possibly just dumb or lying. But unless this is some kind of coordinated attempt at crying wolf (something only conspiracy theorists would believe), there is probably something going on.

Its easy to assume that the reason why people are being "hacked" is from their own stupid-ness. And some of the time, you'd be right. But some of you are jumping right to that conclusion are ignoring the facts regarding these cases and are quite frankly being guilty of being as being the lack-of-thinking/common-sense type as the people you're attacking. People with AND without authenticators (including those who set for authenticate every time) are being affected. And most likely across a broad spectrum of computers with different security setups. And there seems to be an emerging similarity of stories from everybody affected. All warning signs that something bigger is going on.

Dismissing ALL these claims under some blanket statement blaming the end user is probably wrong. As far as I can reason, something is probably going on Blizzard's side. The extent of how much the end user is responsible is really unknown and frankly irrelevant. If there is a legitimate security hole/exploit on Blizzard's end, in my opinion, the onus is more on Blizzard's side to patch the hole than the players to try to avoid it. Especially if the end users don't know what exactly is causing the problem in the first place.

That is not to say the players themselves are not at fault IF it turns out there is something players would need to do on their end to expose themselves to the exploit (which in this case, doesn't seem to be the case). The responsibility ultimately lies on both parties to maintain the security of their account. But ASSUMING EVERYBODY REPORTING THE PROBLEM IS TELLING THE TRUTH (which is an assumption you have to make, otherwise you cannot make any sort of reasoning, as you're starting with a false premise), this account "hacking" is probably a result of an exploit which needs to get patched by Blizzard.

Conclusion? Something is most definitely up. And we don't know the full extent of it. Maybe this a small bug or something more alarming. Seems like common sense, but judging from all the snide comments in this thread, common sense isn't so common around here.
To me this sounds like an exploit on the server side. I remember Rift had the same thing during launch. Many people got hacked, far too many. It turned out that you could log onto someone's account without needing to use a password.
05/21/2012 02:36 AMPosted by Nefarious
video on youtube of what appears to be a bot like setup chars joining being stripped almost like an assembly line (or should I say disassembly line) so um yea, Blizzard dun goofed.


Link the video.
I got hacked yesterday as well. Playing with public game ppl, and all of a sudden, got a duplicate login. Next moment I know, my password was changed, as I received email stating that my account password was changed. Quickly recovered my password, login, and everything gone. Gold, gems, crafting materials, everything. Except equipments that I've equipped in my toon.

I did not download any files, nor do I share my account with anyone. Impossible for anyone to hack me, unless it's Blizzard's side.

Contacted CS, they told me that they have limited restoration but my account will only get to use that twice max. After first time, account will be left with a remark, without authenticator, wont be able to access RMAH, and after the 2nd restoring, access to RMAH will be blocked permanently.
Posts: 5
05/21/2012 12:36 AMPosted by Dozey
If you get "hacked" for doing any of the things in that list


Actually if you put 'A' (firewall) and C (DMZ) together you're begging for trouble - im not talking about just bnet passwords either.
hmm... anyone get hacked without playing with others? I've only played solo so far and I haven't had any of these problems, but it seems a lot of these hacks are coming from people playing group games.
Edited by soullos#1785 on 5/21/2012 2:48 AM PDT
Posts: 33
FYI.....

1.) 99.9% of all accounts that get hacked are from keylogged players. the 0.01% is brute forced accounts that have no authentication security. A lot of people do buy authenticators from e-bay or other sites due to account stealers who buy out the inventory of the blizzstore, thus making said people stupid and have no right complain about accounts being hacked. (Use mobile Authentication, it's free...).

2.) Some WoW add-on's have been "updated" since the release of diablo 3, with this allows keylogging, if you do Play World of Warcraft with lots of add-on's then expect yoru account to be hacked. If you do not play world of warcaft then you have nothing to worry about in this area.

3.) Website advertising. There are tons of "fansites" that have advertising that may contain malicious scripts that install keyloggers and send information to a sql database, mirc chat server or to a email address. All scripts are Java based exploits, to which you are at risk. "Note: not all AV programs will detect these exploits til after the damage is done".

4.) Blizzard representatives have said that the rolling restarts and server fixes can effect characters on players accounts. Like in any game. A fix and break something else like a user database. I should know this, as I am a programmer and stuff like that happens.

5.) Attention all Mac users! You can get malware now! You are no longer invunrable to keyloggers as hackers figured your systems out now!

For those who are getting hacked... It is for certain that it is your fault. Claiming that you did nothing wrong is just foolish rage. Admit that you went to a site that may have a exploit on it, or that you downloaded a "third party program", like the "MAPHACK" that I've seen floating around on sites, or that you shared your password with a online friend to who you think is "trustworthy", or that you "forgot" not log out at a cyber cafe after playing and someone ransacked your account.

My account was bring brute forced, I found this out as for a solid day whenever I logged into the b.net site to post on forums and such it always said "Too many failed attempts", I also got a mobile notification that someone was resetting my password. Which anyone can do if they know your email address.

I highly recommend to use different passwords for your e-mail and game accounts. Also frequently change your passwords. If you find anything suspicious about your account. Like billing info has changed and any other profile changes then ofc, get in contact with blizzard.
Hacked yesterday aswell.
No way of keylogging, i got !@#$load of antiviruses and antiadwares, didn't share password, never been hacked for like 10 years of playing online games.
Something is going on.
Hacked yesterday aswell.
No way of keylogging, i got !@#$load of antiviruses and antiadwares, didn't share password, never been hacked for like 10 years of playing online games.
Something is going on.


Antivirus and antiadware don't protect you from getting keylogged 100%. Those programs run off of known threats. New threats pop up all the time, it happens.

Your computer isn't an impenetrable fortress just because it has a few anti-X programs and you don't share your password.
Posts: 26
FYI.....

1.) 99.9% of all accounts that get hacked are from keylogged players. the 0.01% is brute forced accounts that have no authentication security. A lot of people do buy authenticators from e-bay or other sites due to account stealers who buy out the inventory of the blizzstore, thus making said people stupid and have no right complain about accounts being hacked. (Use mobile Authentication, it's free...).

2.) Some WoW add-on's have been "updated" since the release of diablo 3, with this allows keylogging, if you do Play World of Warcraft with lots of add-on's then expect yoru account to be hacked. If you do not play world of warcaft then you have nothing to worry about in this area.

3.) Website advertising. There are tons of "fansites" that have advertising that may contain malicious scripts that install keyloggers and send information to a sql database, mirc chat server or to a email address. All scripts are Java based exploits, to which you are at risk. "Note: not all AV programs will detect these exploits til after the damage is done".

4.) Blizzard representatives have said that the rolling restarts and server fixes can effect characters on players accounts. Like in any game. A fix and break something else like a user database. I should know this, as I am a programmer and stuff like that happens.

5.) Attention all Mac users! You can get malware now! You are no longer invunrable to keyloggers as hackers figured your systems out now!

For those who are getting hacked... It is for certain that it is your fault. Claiming that you did nothing wrong is just foolish rage. Admit that you went to a site that may have a exploit on it, or that you downloaded a "third party program", like the "MAPHACK" that I've seen floating around on sites, or that you shared your password with a online friend to who you think is "trustworthy", or that you "forgot" not log out at a cyber cafe after playing and someone ransacked your account.

My account was bring brute forced, I found this out as for a solid day whenever I logged into the b.net site to post on forums and such it always said "Too many failed attempts", I also got a mobile notification that someone was resetting my password. Which anyone can do if they know your email address.

I highly recommend to use different passwords for your e-mail and game accounts. Also frequently change your passwords. If you find anything suspicious about your account. Like billing info has changed and any other profile changes then ofc, get in contact with blizzard.


I agree partly with this. I also disagree strongly with your blanket statement. There are probably tons of scamming efforts already out there to get your information. So yes. Beware of what you're doing online. You are the first line of defense for your own account security.

HOWEVER, without any sort of proof, it is foolish to make any sort of claim proclaiming the proportion of players who are guilty of being tricked (and not "hacked"). That "99.99%" is total nonsense, nobody other than Blizzard knows anything about the real stats.

So stop saying its all the gamer's faults until we hear something official from Blizzard regarding this. We don't know the extent of the problem (if there is one) yet. With the TINY BIT of knowledge we get from the extremely small cross section of the Diablo 3 population we have, its could be just as likely that the players affected are suffering from an exploit as from downloading keyloggers by accident. Who knows.

It adds nothing and is a logically unsound argument to dismiss the problem as either entirely Blizzard's or the gamers fault because we have nothing really to go on. We can only make assumptions.... assumptions that have no real "proof" to back them up, only anecdotal stories and personal experience. And those DO NOT, I repeat, DO NOT, count as solid evidence at all. So lets stop the blanket statements please. It only serves to incite and doesn't help the problem at all.
FYI.....

1.) 99.9% of all accounts that get hacked are from keylogged players. the 0.01% is brute forced accounts that have no authentication security. A lot of people do buy authenticators from e-bay or other sites due to account stealers who buy out the inventory of the blizzstore, thus making said people stupid and have no right complain about accounts being hacked. (Use mobile Authentication, it's free...).

2.) Some WoW add-on's have been "updated" since the release of diablo 3, with this allows keylogging, if you do Play World of Warcraft with lots of add-on's then expect yoru account to be hacked. If you do not play world of warcaft then you have nothing to worry about in this area.

3.) Website advertising. There are tons of "fansites" that have advertising that may contain malicious scripts that install keyloggers and send information to a sql database, mirc chat server or to a email address. All scripts are Java based exploits, to which you are at risk. "Note: not all AV programs will detect these exploits til after the damage is done".

4.) Blizzard representatives have said that the rolling restarts and server fixes can effect characters on players accounts. Like in any game. A fix and break something else like a user database. I should know this, as I am a programmer and stuff like that happens.

5.) Attention all Mac users! You can get malware now! You are no longer invunrable to keyloggers as hackers figured your systems out now!

For those who are getting hacked... It is for certain that it is your fault. Claiming that you did nothing wrong is just foolish rage. Admit that you went to a site that may have a exploit on it, or that you downloaded a "third party program", like the "MAPHACK" that I've seen floating around on sites, or that you shared your password with a online friend to who you think is "trustworthy", or that you "forgot" not log out at a cyber cafe after playing and someone ransacked your account.

My account was bring brute forced, I found this out as for a solid day whenever I logged into the b.net site to post on forums and such it always said "Too many failed attempts", I also got a mobile notification that someone was resetting my password. Which anyone can do if they know your email address.

I highly recommend to use different passwords for your e-mail and game accounts. Also frequently change your passwords. If you find anything suspicious about your account. Like billing info has changed and any other profile changes then ofc, get in contact with blizzard.


I agree partly with this. I also disagree strongly with your blanket statement. There are probably tons of scamming efforts already out there to get your information. So yes. Beware of what you're doing online. You are the first line of defense for your own account security.

HOWEVER, without any sort of proof, it is foolish to make any sort of claim proclaiming the proportion of players who are guilty of being tricked (and not "hacked"). That "99.99%" is total nonsense, nobody other than Blizzard knows anything about the real stats.

So stop saying its all the gamer's faults until we hear something official from Blizzard regarding this. We don't know the extent of the problem (if there is one) yet. With the TINY BIT of knowledge we get from the extremely small cross section of the Diablo 3 population we have, its could be just as likely that the players affected are suffering from an exploit as from downloading keyloggers by accident. Who knows.

It adds nothing and is a logically unsound argument to dismiss the problem as either entirely Blizzard's or the gamers fault because we have nothing really to go on. We can only make assumptions.... assumptions that have no real "proof" to back them up, only anecdotal stories and personal experience. And those DO NOT, I repeat, DO NOT, count as solid evidence at all. So lets stop the blanket statements please. It only serves to incite and doesn't help the problem at all.


Except the Blizzard is LEGALLY REQUIRED BY LAW to report any and all security breaches of their product, either external or internal, both to the authorities and to the client base.

WoW had some mass hackings awhile back, and one of my good friends (who was also my GM) got hacked. This friend had so much security on their computer it was silly, and I can say for certainty without a doubt that they did not visit questionable sites... ever. However because of this my friend thought they never needed an authenticator. They hadn't been hacked in their entire gaming career, which was pretty long.

Blizzard investigated and there was no evidence to any tampering. Yet everyone was still blaming Blizzard's "crappy" security... which had not been penetrated. Meanwhile, all the people who got hacked didn't have an authenticator. Basically, a couple of weeks of hackings later, it was found that there was a vulnerability in flash that let them keylog you IF YOU HAD FLASH PLAYER ON YOUR COMPUTER (Basically 100% of WoW players) and your account was vulnerable if you didn't have an authenticator.

Moral of the story: Get an authenticator. OP didn't have an authenticator and is making the story up. Only way to hack an authenticator protected account is theoretical, and nobody's actually done it yet. Well unless you buy your authenticator off ebay or some other questionable site that isn't the Blizzard store to get it for "cheaper", then it's your own fault for getting a compromised authenticator.
im also hacked :(
I don't get why people came here to repeat the same 2 invalid point:
- nobody as hacked an authenticator before -> yes 2 years ago with wow
- the author is a liar-> there are at least another 3 people
and then, the support in many case stated that there is no other IP connected to the account and so the user is not compromised. Wrong.
Posts: 33
get mobile authenticator... it will solve most issues.

It's normally not in the hackers best interest to bother with accounts that have more security than those who don't have a authenticator.

Majority of us players have a smart phone. It's better to be safe from now on then being a continuous target for hackers.

as quoted above during the mass hacking years back for wow i had my account stolen, i had a authenticator but they still managed to get my account and sold it.

So it's better to be safe than sorry. If you have mobile and keychain authenticator and still got hacked. Then most likely it is a service exploit. But blizzard is NOT obligated to say there is a security failure until there is one to report, which takes time to fully investigate.

As for my quote on 99.9% of hacked accounts are keylogged is true. It's by far the simplest method of gaining information from another user on the interweb.
Posts: 26


I agree partly with this. I also disagree strongly with your blanket statement. There are probably tons of scamming efforts already out there to get your information. So yes. Beware of what you're doing online. You are the first line of defense for your own account security.

HOWEVER, without any sort of proof, it is foolish to make any sort of claim proclaiming the proportion of players who are guilty of being tricked (and not "hacked"). That "99.99%" is total nonsense, nobody other than Blizzard knows anything about the real stats.

So stop saying its all the gamer's faults until we hear something official from Blizzard regarding this. We don't know the extent of the problem (if there is one) yet. With the TINY BIT of knowledge we get from the extremely small cross section of the Diablo 3 population we have, its could be just as likely that the players affected are suffering from an exploit as from downloading keyloggers by accident. Who knows.

It adds nothing and is a logically unsound argument to dismiss the problem as either entirely Blizzard's or the gamers fault because we have nothing really to go on. We can only make assumptions.... assumptions that have no real "proof" to back them up, only anecdotal stories and personal experience. And those DO NOT, I repeat, DO NOT, count as solid evidence at all. So lets stop the blanket statements please. It only serves to incite and doesn't help the problem at all.


Except the Blizzard is LEGALLY REQUIRED BY LAW to report any and all security breaches of their product, either external or internal, both to the authorities and to the client base.

WoW had some mass hackings awhile back, and one of my good friends (who was also my GM) got hacked. This friend had so much security on their computer it was silly, and I can say for certainty without a doubt that they did not visit questionable sites... ever. However because of this my friend thought they never needed an authenticator. They hadn't been hacked in their entire gaming career, which was pretty long.

Blizzard investigated and there was no evidence to any tampering. Yet everyone was still blaming Blizzard's "crappy" security... which had not been penetrated. Meanwhile, all the people who got hacked didn't have an authenticator. Basically, a couple of weeks of hackings later, it was found that there was a vulnerability in flash that let them keylog you IF YOU HAD FLASH PLAYER ON YOUR COMPUTER (Basically 100% of WoW players) and your account was vulnerable if you didn't have an authenticator.

Moral of the story: Get an authenticator. OP didn't have an authenticator and is making the story up. Only way to hack an authenticator protected account is theoretical, and nobody's actually done it yet. Well unless you buy your authenticator off ebay or some other questionable site that isn't the Blizzard store to get it for "cheaper", then it's your own fault for getting a compromised authenticator.

Which is all said and good, but you're assuming they have to report it immediately. Which they do not. They actually have some room to investigate the problem first.

Especially when you have account security that is somewhat removed from financial information. Remember, contrary to what you might think, you don't legally OWN any items you find. Which brings up all sorts of sticky problems with the RMAH, but thats a separate issue from this.

So no. Your argument doesn't actually hold merit. It WOULD if your premise held up (Blizzard has to immediately report the problem), but it doesn't. With non-financial security issues such as this, its a different animal from, lets say, if your PayPal account got hacked. Don't treat them as the same thing.
Blizzard investigated and there was no evidence to any tampering. Yet everyone was still blaming Blizzard's "crappy" security... which had not been penetrated. Meanwhile, all the people who got hacked didn't have an authenticator. Basically, a couple of weeks of hackings later, it was found that there was a vulnerability in flash that let them keylog you IF YOU HAD FLASH PLAYER ON YOUR COMPUTER (Basically 100% of WoW players) and your account was vulnerable if you didn't have an authenticator.

Moral of the story: Get an authenticator. OP didn't have an authenticator and is making the story up. Only way to hack an authenticator protected account is theoretical, and nobody's actually done it yet. Well unless you buy your authenticator off ebay or some other questionable site that isn't the Blizzard store to get it for "cheaper", then it's your own fault for getting a compromised authenticator.


there is no way to tell if he does have an autho or not.
Edited by GamerGoneMad#6331 on 5/21/2012 3:49 AM PDT
100 Blood Elf Paladin
NOD
7315
Posts: 1,482
[quote]I was hacked as well. I am not asking for a handout, just for Blizzard to fix what happened. I spoke with customer service on the phone and they said "we can do nothing, you have to contact a GM via the website" The GM that responded to me on my support ticket gave me a canned cut and paste, followed by a thank you for playing WoW. I am furious right now!

MULTIPLE ACCOUNTS WERE COMPROMISED!

This is what happened to me.

I was playing and got booted with the error message that someone else had accessed my account. I immediately reset my password which only took a few moments. I logged back in and in two minutes all my stuff/gold was gone.

The hacker's is luckllezz (George Melchers) the guy added me as a friend before I logged back in. I joined his game and watched as they cleaned out 30+ players, one after another. I reported all this to Biizzard with little to no response, now I have a level 57 worthless and not able to progress. Couple this with the server issues that happened earlier, my Diablo 3 experience is going peachy!

Where are you Blizz? A faithful fan, and paying customer needs your help!

Blizzard just gave me a response.... another cut and paste....

Greetings,

My apologies but we were unable to determine any explotative access on your account. No restorations are going to be provided. Take care.

Warm Regards,
Game Master Junadier
Blizzard Entertainment
www.worldofwarcraft.com

THIS IS A JOKE! I am so pissed words cannot explain!


wrong section fool. Wow is this way.

You're the fool. He's talking about D3,not WoW.
100 Blood Elf Paladin
NOD
7315
Posts: 1,482
I'm confused. How are you watching him "clean people out".
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]