Diablo® III

Hacked with an authenticator

(Locked)

I think the Authenticator should be available with a collectors edition or they need to find a new way. Captcha anyone? lol. Effective and effectively annoying. How about a finger print scanner connected to usb, or eye scanner. lol
05/21/2012 08:44 AMPosted by Snipee
They didn't see anything suspicious, that does seem pretty odd, unless you logged in from a different area then you should be logging in to that would make it suspicious. You should ask some of your sibblings if they had some fun on your account. I seriously doubt a hacker would add you as a friend and take everything away from you, that makes absolutely no sense. Did you happen to mention this was in Diablo maybe your going to the wrong people for help, since they mentioned WoW.


add someone as a friend it's the only way to join a game with a specific person..
If I had a nickel for every time someone on the WoW CS forums claimed that they had an authenticator attached when they were compromised... I'd have a whole lot of nickels. Probably not enough to buy a yacht. But a nice boat.
Afternoon all, Im an EU player, this has happened in the EU aswell, I have an authenticator, have had one since release (using it for wow and sc2), I authenticate every time I log in, I have Bullguard Gaming edition.

I have had my items and gold removed, and Blizzard have stated that there was no suspicious activity, frankly this is untrue, considering on my recently played list there are 2 players with weird names I have never met in game in my life...I know this as I run a strict 4man group, we only play together and when I play solo I deactivate the jump in jump out.

I have ran anti virus, and various malwear checkers, I am clean, I always have been and I rotate my passwords, I live with my finacee and my baby girl and my iphone (authenticator is with me 24/7).

This is a huge security flaw in the game, and judging by the ransom chatter from various blogs and gaming websites it is looking like these hackers can jump directly onto your account via a session ID, all they need to do is get 1 person and they can just jump through your friends list inviting and getting a session ID from you.
Edited by Snowman#2648 on 5/21/2012 8:49 AM PDT
05/20/2012 02:14 PMPosted by Hukutus
Nope, you don't have an auth. Nice try.


What's up with you people coming with these replies when you obviously have no idea what's going on.
''

Some people think that having an authenticator puts you in some special club so obviously everyone can't have one. I mean the damn thing is free on cell phones and only costs $6 for a keychain, but some people believe they are special if they have one. These are the same people who would pay thousands of dollars to join a country club just to feel special if they had the cash. Instead, however, they have to live in their fantasy world inside of their little minds where they are special like mommy always said they were.
I'm wondering if somehow, people's gear and gold aren't just getting deleted or getting orphaned via record # mismatches at log off.

Even if someone is hacking, those items and gold that were dropped or traded to someone else should be logged somewhere. So if they're seeing no transaction at all in the db, makes me think it's something internal that doesn't need logging because it's not user invoked...

That, or their logging system isn't working correctly.
All you need to hack any authenticator is 3 codes and the 3 times they were displayed... it's a random number generator that is linked to the time of day using an algorithm that has been cracked before. (I've had people lose boatloads of stuff on my old guild in WoW who used an authenticator, but blizzard always replaced their items.)

If people are getting hacked you can best believe your !@# I will not be using the RMAH until they figure it out.
05/21/2012 08:52 AMPosted by Tjay
Some people think that having an authenticator puts you in some special club so obviously everyone can't have one. I mean the damn thing is free on cell phones and only costs $6 for a keychain, but some people believe they are special if they have one. These are the same people who would pay thousands of dollars to join a country club just to feel special if they had the cash. Instead, however, they have to live in their fantasy world inside of their little minds where they are special like mommy always said they were.


County Clubs don't advertise extra online banking securing as a benefit from joining...

Sooo what... are you talking about? Having an authenticator doesn't put you in a special club, it provides the user with supplemental protection. I would advise people to turn on the "Ask for code for every log in".

If these people have decent passwords and have an authenticator active with it asking them every log in for a code, there's no reason for the account to not be secure. Especially if they keep the pc regularly scanned...
All you need to hack any authenticator is 3 codes and the 3 times they were displayed... it's a random number generator that is linked to the time of day using an algorithm that has been cracked before. (I've had people lose boatloads of stuff on my old guild in WoW who used an authenticator, but blizzard always replaced their items.)

If people are getting hacked you can best believe your !@# I will not be using the RMAH until they figure it out.


It probably also uses a public/private key hashed with the serial number (unique and stored on the device/phone) to generate the number on the server end...
All you need to hack any authenticator is 3 codes and the 3 times they were displayed... it's a random number generator that is linked to the time of day using an algorithm that has been cracked before. (I've had people lose boatloads of stuff on my old guild in WoW who used an authenticator, but blizzard always replaced their items.)

If people are getting hacked you can best believe your !@# I will not be using the RMAH until they figure it out.


The algorithm has never been cracked.

Even if it was, it's tied to the serial number of your unique authenticator. The hacker would need your authenticator to predict the next number.
60 Worgen Hunter
420
05/21/2012 08:55 AMPosted by Diabolus
All you need to hack any authenticator is 3 codes and the 3 times they were displayed


LOL ... kids, they say the stupidest things.
All you need to hack any authenticator is 3 codes and the 3 times they were displayed... it's a random number generator that is linked to the time of day using an algorithm that has been cracked before. (I've had people lose boatloads of stuff on my old guild in WoW who used an authenticator, but blizzard always replaced their items.)

If people are getting hacked you can best believe your !@# I will not be using the RMAH until they figure it out.


The only way around an authenticator is a man-in-the-middle attack. They're very rare, and any AV/malware scanner will catch them immediately.

The algorithm has never been cracked, and it's not going to be.
They didn't see anything suspicious, that does seem pretty odd, unless you logged in from a different area then you should be logging in to that would make it suspicious. You should ask some of your sibblings if they had some fun on your account. I seriously doubt a hacker would add you as a friend and take everything away from you, that makes absolutely no sense. Did you happen to mention this was in Diablo maybe your going to the wrong people for help, since they mentioned WoW.


add someone as a friend it's the only way to join a game with a specific person..


If they're smart enough to hack someone, they would probably delete you before logging out. I feel sorry for those that had this happen to them it really sucks had that happen to me with WoW twice, got an authenticator It's been since then that I've been hacked. I try to keep my computer as secure as possible so hopefully I won't have this happen to me. Hope everyone gets there stuff back.
Edited by Snipee#1673 on 5/21/2012 9:15 AM PDT
05/21/2012 08:59 AMPosted by Callmehelen
Some people think that having an authenticator puts you in some special club so obviously everyone can't have one. I mean the damn thing is free on cell phones and only costs $6 for a keychain, but some people believe they are special if they have one. These are the same people who would pay thousands of dollars to join a country club just to feel special if they had the cash. Instead, however, they have to live in their fantasy world inside of their little minds where they are special like mommy always said they were.


County Clubs don't advertise extra online banking securing as a benefit from joining...

Sooo what... are you talking about? Having an authenticator doesn't put you in a special club, it provides the user with supplemental protection. I would advise people to turn on the "Ask for code for every log in".

If these people have decent passwords and have an authenticator active with it asking them every log in for a code, there's no reason for the account to not be secure. Especially if they keep the pc regularly scanned...


Thanks for saying exactly what I said lol. I never said it puts you into a special club. I said people act like they belong to a special club because they have one. In other words. People act like they are the ONLY person to have one. So since they are the only one to have one if someone else gets hacked it HAS to be cause they don't have one.
Are people falling for /dnd scams again?
All you need to hack any authenticator is 3 codes and the 3 times they were displayed... it's a random number generator that is linked to the time of day using an algorithm that has been cracked before. (I've had people lose boatloads of stuff on my old guild in WoW who used an authenticator, but blizzard always replaced their items.)

If people are getting hacked you can best believe your !@# I will not be using the RMAH until they figure it out.


The algorithm has never been cracked.

Even if it was, it's tied to the serial number of your unique authenticator. The hacker would need your authenticator to predict the next number.


Man in the middle can do this. No they don't need your authenticator. All they need is 2 guys and a time keeping mechanism very similar to, I don't know, a clock.
[quote="51486453418"]If they're smart enough to hack someone, they would probably delete you before logging out.


Why? It doesn't matter if they delete you or not.
Sorry dude that sucks :(
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]