Diablo® III

Hacked with an authenticator

(Locked)

Posts: 261
Just saying, all of the items in my AH remain untouched, so I am sure that someone just cleared my account in-game.
Posts: 311
05/21/2012 11:14 AMPosted by Suzut
Just saying, all of the items in my AH remain untouched, so I am sure that someone just cleared my account in-game.


I believe you. My auctions are still running too.
I'll be the first one in the thread to apologize, if it ends up being something like what happened with Rift.

I just wish there was a rhyme or reason as to why people are being targeted. People only playing solo, with no "recently played" list are being infected. How else would people get access to a given player, if it's not a Trojan?

Honestly, the only thing my mind can settle on is the following. Get your tin foil hats.

When purchasing something from the Auction House, somehow they can see who they are actually buying from. Utilizing that information/Battletag, they use the session ID method used against Rift.

Is there anyone in here that's been hacked that hasn't used the Auction House?


I never used the auction house, only played with friends and can post scan logs showing my PC is not infected except by your normal run of the mill adware.cookie trackers found in temporary internet files folder which, if you know anything about security, are generally false positives. Here was the superantispyware scan log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2012 at 01:32 PM

Application Version : 5.0.1146

Core Rules Database Version : 8623
Trace Rules Database Version: 6435

Scan type : Complete Scan
Total Scan Time : 00:59:12

Operating System Information
Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 673
Memory threats detected : 0
Registry items scanned : 71434
Registry threats detected : 0
File items scanned : 118949
File threats detected : 276

Adware.Tracking Cookie

(then the list of all the files it found in temporary internet files, not gonna bother posting that).

I run Peerblock and it is up to date.

I run Mcafee enterprise edition that gets its updates through my companies EPO server when I authenticate through VPN when Im worknig from home.

System Information
Computer Name: (blanking)

McAfee Agent
Version number: 4.5.0.1810
Managed
Last security update check: 5/21/2012 12:30:14 PM
Last agent-to-server communication: 5/21/2012 12:29:04 PM
Agent to Server Communication Interval (every): 4 hours
Policy Enforcement Interval (every): 2 hours

(removing DNS, domain, system name and IP for security reasons)


McAfee SiteAdvisor Enterprise Plus
Version number: 3.0.0.561
Language: Multiple
Hotfixes
Version: 2


McAfee AntiSpyware Enterprise Module
Version number: 8.7.0.129
Language: Multiple


VirusScan Enterprise + AntiSpyware Enterprise
Version number: 8.7i (8.7.0.570)
Build date: 2/5/2011

Anti-virus License Type: licensed

Scan engine version (32-bit): 5400.1158

Scan engine version (64-bit): 5400.1158

DAT version: 6717.0000
DAT Created on: 2012/05/20

Number of Signatures in extra.dat: 0
Name of threats that extra.dat can detect: None
Buffer Overflow and Access Protection DAT version: 480

Installed Patches: 5

Installed Modules:
Anti-spyware
License Type: licensed


Copyright © 1995-2010 McAfee, Inc.
All Rights Reserved.
www.mcafee.com
Edited by Phyzik#1116 on 5/21/2012 11:23 AM PDT
05/20/2012 02:02 PMPosted by iMax
The hacker's is luckllezz (George Melchers) the guy added me as a friend before I logged back in. I joined his game and watched as they cleaned out 30+ players, one after another.


I guess one of the lessons from this is never add anybody that you don't know.
Edited by Fenglucia#1148 on 5/21/2012 11:19 AM PDT
05/21/2012 11:19 AMPosted by Fenglucia
The hacker's is luckllezz (George Melchers) the guy added me as a friend before I logged back in. I joined his game and watched as they cleaned out 30+ players, one after another.


I guess one of the lessons from this is never add anybody that you don't know.


no, you dont get it.... They are adding themselves.
Posts: 1,127
Has anyone been compromised while using a WoW avatar on the forums?

Read this for more information:
http://us.battle.net/d3/en/forum/topic/5149539216
I create really odd passwords.

I kind of just faceroll my keyboard. I than add a random number in a random place, and make sure a capital letter or two is in the password.

gK9qkiTse Something like that.

And Authenticators are not foolproof. It just reduces your chance of being hacked.

I had my Auth active of my canceled WoW account. I than got a couple emails saying that the Auth was removed and my email was changed. When I called up Customer Support, they said my acct was logged into at my computer and the Auth was removed, than somewhere is SouthEast Asia, the account was logged into.

Needless to say I was not happy. They restored everything, but they wouldn't give me any game time (like 1-2hrs) so I could login and retrieve my items, so I had to pay for a month.

So it is possible to get hacked with an Auth, it is just rare.
Just got hacked, AH still going.
Posts: 7
Speaking as a developer..

MITM requires that you are reasonably positioned. Unless this Leiyoung guy is EVERYWHERE hopping on unsecured home wifi's or something, it is not an easy task to even position yourself as a man in the middle.

If its as widespread as ppl say, it is very likely some form of session hi jacking. If I understand the purpose of the authenticator, it may not guard against this. The premise is that you might authenticate with an authenticator and then the server hands your client some token (think of it as a temporary ID) to use to talk to it. If someone can guess, sniff, or reverse-engineer how these ID's are generated, then you can be compromised.
Sorry for all the people this has happened to. I think I'll wait for an announcement from Blizzard before I try logging in, or play Hardcore (no RMAH, no reason to hack them). It sounds like someone found a way to skip the auth server entirely, which would render authenticators and strong passwords useless.

Or this forum is full of a strangely specific type of liar, and they all got keylogged at the same time without their knowledge. Or bears.
Posts: 150
05/21/2012 11:50 AMPosted by Badunk
If its as widespread as ppl say, it is very likely some form of session hi jacking. If I understand the purpose of the authenticator, it may not guard against this. The premise is that you might authenticate with an authenticator and then the server hands your client some token (think of it as a temporary ID) to use to talk to it. If someone can guess, sniff, or reverse-engineer how these ID's are generated, then you can be compromised.


This is what I suspect too. They wont even need your authenticator code if they can just SKIP the authentication process entirely.
90 Goblin Warlock
14525
Posts: 3
Pro tip:

One way to out wit keyloggers: create a notebook file. Add your password information on this file. Now each and everytime you loggon a Blizz game or any game/webiste for that matter that requires sensitive password information. Simpily open said notebook file. Highlight password or whatever information you would be typing in to login. I personally use "ctrl C" then "ctrl V". Tada you aren't typing for a keylogging hack to retreive your information. However it is up to you to keep your password information secure on your computer. If you share computers you obviously will need to take extra precautions.

Best of luck
Posts: 1,444
Pro tip:

One way to out wit keyloggers: create a notebook file. Add your password information on this file. Now each and everytime you loggon a Blizz game or any game/webiste for that matter that requires sensitive password information. Simpily open said notebook file. Highlight password or whatever information you would be typing in to login. I personally use "ctrl C" then "ctrl V". Tada you aren't typing for a keylogging hack to retreive your information. However it is up to you to keep your password information secure on your computer. If you share computers you obviously will need to take extra precautions.

Best of luck
so youre saying you can copy paste on battle.net?

You'd laugh after trying
05/20/2012 02:14 PMPosted by Seraphi
Nope, you don't have an auth. Nice try.


10 bucks says he has "Don't authenticate everytime" enabled in his account settings.


Bingo.
Pro tip:

Best of luck
so youre saying you can copy paste on battle.net?

You'd laugh after trying


try, you can
Posts: 158
I believe the most likely thing is the inventory save is being corrupted. Only thing that makes sense with the wide scale hacking reports going on.

Do you know if your items are being stolen or are they just simply gone?
Posts: 394
There is actually some kind of exploit in D3 right now that allows people to get onto which ever character you have selected and can take all the items off that character and the stash. No idea how its done, but it is happen... a lot. Authenticator will not protect you verse this. The only link that I heard about the exploit is something to do with the auction house.
Posts: 1,444
so youre saying you can copy paste on battle.net?

You'd laugh after trying


try, you can
when changing passwords?


try, you can
when changing passwords?


when you type in pass, you can paste it.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]