Diablo® III

Hacked with an authenticator

(Locked)

90 Gnome Warlock
9645
Posts: 271
Hi all,

Just got hacked with an authenticator. Blizz told me they haven't detected any suspicious activity. All my items and gold are gone. Diablo = 0/10.


It might be a server problem, or the data the Blizzard Reps are looking at is old server data, meaning what you are seeing is newer then what they are seeing.

If you know you have been hacked there is a FAQ on your battlenet that tells you want to do.

The best thing you can do to protect yourself, IS NOT TO INSTALL THIRD PARTY SOFTWARE FROM SOMEONE YOU DO NOT KNOW, for any reason.

L2 BBB rules and regs. If Blizzard wants to stay in business, they are required BY LAW to report any security breaches to the public.


lol you think that actually matters? How long did Sony take to report their security leak? Thought so. Move along.


6 Days. And they were heavily fined for it. Moving along.
Posts: 220
Occam's Razor : "other things being equal, a simpler explanation is better than a more complex one."

Which is more likely?

A: Several hundred if not thousands of people have the same keylogger on their computers. The hackers have been going through these 100's/1000's the last couple days and recording passwords. Last night they got on and coordinated to hit 100's/1000's of people's accounts within hours, even those using authenticators.

B: Someone found an exploit in blizzards security and they shared this info with a small group of people or on restricted forum/chat somewhere and those people have been using it every since to constantly take peoples items/gold.

B is much more likely because it involves compromising a single entity which a single security system rather than 100's or 1000's of separate entities with varying security systems.
Posts: 1,438
IF you really did have an authenticator then something must be up. They do have ways to break authenticator but they are rare and the last I heard of this happening was in 2010.

I hope we get a word from a blue on what exactly is going on.

EDIT: I would not play open games and friend random people for the time being. I only have friends I know in real life on my list. I never friend random people.
Edited by DirtSpider#1337 on 5/20/2012 2:51 PM PDT
05/20/2012 02:48 PMPosted by Digimortal
@turtle Jailbroken iPhone?

THIS will get your account hacked WITH an iPhone authenticator. Happened to a ton of people in WoW when the iOS was updated.


Could definitively be a possibility. If I wasn't using an Android phone that is.

I'm finding it astounding how people just don't want to believe this was most likely a Blizzard problem. AGAIN, to reiterate, 100's/1000's of people all got there account hacked last night. Some with authenticators and some without. BY FAR the most logical explanation is that this is a security leak/hole on Blizzards side.
All of these hacked posts are making me really nervous. I have an auth, but still. What I don't understand is why anyone is being nasty to those who got hacked.

6 Days. And they were heavily fined for it. Moving along.


So you proved my point didn't you? They let peoples info be compromised for a week before saying crap. It is completely pointless. Move along.
Posts: 1,087
05/20/2012 02:37 PMPosted by Torsion
I can. Can you comprehend that I was stating that an authenticator can be defeated?


It can via Man in the middle attack as Im sure you know. While its not unheard of I'd bet its

10 bucks says he has "Don't authenticate everytime" enabled in his account settings.


instead of a MITM attack.


it is most likely key logger, or botts , go to website http://free.antivirus.com/rubotted/ this can also cause mitm attack. which is very hard to dectect because they go by ports systeams and only thing you detect is trafic it self. which most anti virus dont scan for some do some don't. Either way the real course of action is compleatly reinstalling your OS and you firefox and run no java scripts, turn off all cookies, change email accounts that has facebook tied to them. if you do this you can run your games without authencator without being hacked.

because 1. most hackers use facebooks to locate email address, which then they hack facebook, or email address. then by email address they look through mail to see likely heard of possible attacks or what you do. or they can skip that and check to hack your battlenet, now if you authentication their next option is to install log key, couple ways they can do this. One they can use email that looks normal and hope you just blindly open it. but they most smart enough no one is that blind anymore. so they go for second one and hope you java and your browser would auto play it.

Now depending if they can easly counter mail server antivirus server, the next option they can try is do dos attack and when you open your email account it directs to you like email but hoping your browser has auto java script can download the virus as well. little more work but can work as well.

6 Days. And they were heavily fined for it. Moving along.


So you proved my point didn't you? They let peoples info be compromised for a week before saying crap. It is completely pointless. Move along.

And companies that wait get into trouble, thats what my point proved. Don't think Blizzard needs that atm. Moving along from the "move along" moron.
05/20/2012 02:37 PMPosted by Torsion
It can via Man in the middle attack as Im sure you know.


05/20/2012 02:38 PMPosted by lonedog
key loggers would go past authencators because they see it too, now they have to be active because in 13 secs, it would go away

You do realize, don't you, that authenticator codes are one time use only, right? You can't MITM a code, and then go and login on the same account again with the same code. That'd be kinda obviously stupid, wouldn't it? Each individual code is valid for however many seconds, but it's only valid once. Once it's used, it's no longer valid, even if the authenticator shows time remaining on it.
Good security knowledge will always be lacking in the average user, and thus stolen accounts.

Never enter your info on other sites.

Never click links to an "official site", just type the url in.

Don't share your password or other info with your friends.

6+ years of no hacked account with Blizzard.

27 years of no hacked account online...
Occam's Razor : "other things being equal, a simpler explanation is better than a more complex one."

Which is more likely?

A: Several hundred if not thousands of people have the same keylogger on their computers. The hackers have been going through these 100's/1000's the last couple days and recording passwords. Last night they got on and coordinated to hit 100's/1000's of people's accounts within hours, even those using authenticators.

B: Someone found an exploit in blizzards security and they shared this info with a small group of people or on restricted forum/chat somewhere and those people have been using it every since to constantly take peoples items/gold.

B is much more likely because it involves compromising a single entity which a single security system rather than 100's or 1000's of separate entities with varying security systems.


this example is misleading since the premise ins't true. "other things begin equal" mean that random user security is comparable with the security level of Blizzard server.
Despite this, I think something wrong is going on, and 2 kind of hacks are currently playing a role in this, one is just the standard scam/malware, the other one is something more complex and server related, something that, if true, will require days to confirm and more to be resolved.
"I just got hacked, therefore I give the game a 0/10"

That sure does sound like you're giving a rating based on what you think and not how you feel right now.
Posts: 30
Good security knowledge will always be lacking in the average user, and thus stolen accounts.

Never enter your info on other sites.

Never click links to an "official site", just type the url in.

Don't share your password or other info with your friends.

6+ years of no hacked account with Blizzard.

27 years of no hacked account online...


I fit all those, including 27 years of no hacked accounts, and my account has been compromised.

BTW I am a Network Administrator / Linux Systems Administrator, I think I know how to make and keep safe passwords.


So you proved my point didn't you? They let peoples info be compromised for a week before saying crap. It is completely pointless. Move along.

And companies that wait get into trouble, thats what my point proved. Don't think Blizzard needs that atm. Moving along from the "move along" moron.


For all we know they still don't even know there is a problem. What most people on the tech support forums are pissed at, is the fact that the GM's are telling them they are just in the wrong region or there wasn't anything compromised so your SOL. People want to see them take this issue seriously and not just pretend that they are stupid and just doing something wrong. Move along idiot.
Edited by Slayix#1930 on 5/20/2012 2:57 PM PDT
Posts: 1,087
05/20/2012 02:51 PMPosted by Slayix

THIS will get your account hacked WITH an iPhone authenticator. Happened to a ton of people in WoW when the iOS was updated.


Could definitively be a possibility. If I wasn't using an Android phone that is.

I'm finding it astounding how people just don't want to believe this was most likely a Blizzard problem. AGAIN, to reiterate, 100's/1000's of people all got there account hacked last night. Some with authenticators and some without. BY FAR the most logical explanation is that this is a security leak/hole on Blizzards side.


the only problem with that ideal that the encryption was hacked, which the only problem is unless very strong super computer would take to long and only realistic way is that its done from inside job. md5 can be hacked which thier website that can hack any password in seconds but problem for that is you need to directroly install it on system it self. any thing with authentication most logic way is keylogger very small window but can be done.

because only way to brake online is brute force and most likely their is timer that will kill any attempts to make viasable. so they either done it by key loggers or direct contacted with the server.
85 Goblin Shaman
2070
Posts: 799
Hi all,

Just got hacked with an authenticator. Blizz told me they haven't detected any suspicious activity. All my items and gold are gone. Diablo = 0/10.


I smell a troll.

FYI, there are middlemen exploits that can take your account, even with an authenticator. It intercepts the code before it can be sent and is sent to them in real time, where they promptly sign in.

TBH, I don't believe you have an auth at all, though.

Stop browsing that !@#$, son. It's bad.
Edited by Husker#1882 on 5/20/2012 3:00 PM PDT
Hi all,

Just got hacked with an authenticator. Blizz told me they haven't detected any suspicious activity. All my items and gold are gone. Diablo = 0/10.


I smell a troll.


Then go smell the other 100 some posts in the support forum about the same issue.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]