Diablo® III

Diablo® III Post-Launch Update

The number of Diablo III players compromised is now reported to be in the thousands. That is extremely small?


1000 out of what was it? 4-5 million people? YES that is very small
05/24/2012 07:11 AMPosted by Nethaera
Can you address the concerns about class balance, end game, and itemization next?


We'll be addressing these as we can, just not in this particular post. We're not going anywhere and we're all in this for the long haul.


My favorite part of this thread, can't wait for the 3 legendary items I found to mean something, I refuse to sell and and I'm even gimped when I force myself to use them, hopefully one day I'll be able to wear them proudly... thanks Blizz for the update :)


The number of Diablo III players compromised is now reported to be in the thousands. That is extremely small?


Percentage wise, if there are around 7m copies of D3 out there globally and around 5k reports of compromise that amounts to 0.0007% of accounts affected.


usually they tell you that you haven't been compromised.
that's what have seen on the past 4 days, when an authenticator is involved.
I don't have any explanation beside an undiscovered bug (that cause item deletion).
Or an exploit sure...but they are keep saying there isn't any exploit so...I guess there isn't.

Strange, since I got hacked literally minutes after my first Legendary item dropped. After logging back in, there's 2 people on my recently played list I don't know at all, both with the character names "weldon", two level 1 demon hunters that are probably running around with all my gold & gear.
Their names in-game:

Shiboet#2264
Zero#2880


That's weird as others have been hacked after they got the achievment related to equip their first legendary item. Maybe coincidence.
What you describe seems to be the result of a compromised account, yes.
I'm sorry but I don't have any explanation, as many others here we have to choose between trusting you (about having an authenticator) or blizzard (about the absence of any exploit).
Let we know what answer you receive, wish you good luck.
Edited by SirBigmark#2202 on 5/24/2012 7:53 AM PDT
This post literally says nothing other than "we understand there are problems, but we are fixing them".
05/24/2012 07:27 AMPosted by BeardFace
Hi guys. I had a mobile authenticator attached to my account BEFORE I got hacked. Just happened last night.. not sure what to do with that.


Mobile authenticator, which means your computer is not the only one that needs to be scanned for viruses. If your smart phone was compromised, an attacker would be able to duplicate your authenticator token.

Not only that, but just because a virus scan comes up clean does not provide any guarantee against the presence of a rootkit or malware that isn't in the pattern file. You should scrub through a HijackThis report for added assurance. RootkitRevealer is another one. Malwarebytes usually does a pretty good job of finding malware, but again, no guarantee.

As far as session jacking, which Blizzard claims is technically impossible, it would be fairly easy to detect on the server end. They'd see 1 session ID with multiple IPs logged. So I'm very skeptical that such activity is going on without Blizzard noticing.

I'm not sure how the weekly authenticator check works -- if it's associated with a single client or what -- but if you had that enabled, an attacker might have been able to guess your password and not have had to provide the authenticator.

In other words, there are still multiple avenues of compromise that you are not considering. All are more likely than session jacking.
85 Orc Death Knight
0
What about the real issue?! The unrealistic difficulty of inferno?? Anybody addressing that? Anybody have a good reason why inferno cannot be dialed down a notch or the characters be able to progress more?? Please, if so, address the soon-to-be nonfans of the game as to what is going to happen! Thanks :D
05/24/2012 07:54 AMPosted by AzerFox
This post literally says nothing other than "we understand there are problems, but we are fixing them".


No, it literally says what it says. Even figuratively, it doesn't say what you think it says.
Hard to belive that a smartphone and a pc of the same user are both compromised and that then the hacker knows that they are related to the same person.
Also the weekly check is IP based, so if an hacker try to log from another location the authenticator dialog will stop him.
Just saying.
Edited by SirBigmark#2202 on 5/24/2012 7:58 AM PDT
05/24/2012 07:00 AMPosted by Nethaera
The best defense against account theft still includes smart password management (e.g. using a unique password for every site/service and keeping your password to yourself)


This...would be more secure if passwords were case sensitive.

Would be happy if that was worked on =)
85 Orc Death Knight
0
I didn't see this post before I made my remarks... Thanks Blizz. Hope everybody is in for the long haul.
86 Blood Elf Mage
0
05/24/2012 07:00 AMPosted by Nethaera
In addition, the number of Diablo III players who’ve contacted customer service to report a potential compromise of their personal account has been extremely small.
extreneky small? they kidding right?
Hard to belive that a smartphone and a pc of the same user are both compromised and that then the hacker knows that they are related to the same person.
Also the weekly check is IP based, so if an hacker try to log from another location the authenticator dialog will stop him.
Just saying.


It doesn't need to be both. If the authenticator was stolen, all the attacker would need to do would be to guess the case-insensitive password. A distributed brute force attack to guess the password could be possible.
05/24/2012 07:54 AMPosted by AzerFox
This post literally says nothing other than "we understand there are problems, but we are fixing them".


Yet if they say nothing, you guys throw temper tantrums about Blizzards failed communication, staying silent, hiding, etc.

They aren't always going to tell you what you want to hear, when you want to hear it. They post these threads to let you know that you are not forgotten. Believe it or not, these things take time, some more than others. Blizzard needs to go through the motions to ensure that what people are saying are true and that there are in fact issues to look into.

People are acting like the game is completely, 100% unplayable. Maybe it didn't meet your expectations, or maybe it's not the D2 clone you wanted it to be, but there's no denying that overall, D3 is a pretty great game and will only get better as Blizzard tunes it up. You can try and argue that Blizzard should have released a flawless product right out the door, but if you do I can safely say you must be new to online gaming, or join games that have been out for several years and you avoided these very common problems with new launches.

It doesn't need to be both. If the authenticator was stolen, all the attacker would need to do would be to guess the case-insensitive password. A distributed brute force attack to guess the password could be possible.


If your authenticator was stolen by a random person, how would they ever know what account it is associated to? If your authenticator was stolen by a "friend" or someone you know, first off, why do they know your login info? And second, get some responsibility for your belongings.

Anything is possible, but also unlikely. Brute force attacks are also made extremely difficult/time consuming, or downright impossible if you use proper, and common password creation techniques. I also have no idea where you guys are coming up with case insensitive passwords. If I use a capital letter in my password, it does not log me in. /shrug
Edited by Seraphi#1863 on 5/24/2012 8:07 AM PDT
90 Gnome Rogue
8560
First off, thanks Blizz for the update. Much needed IMO, I was running out of ways to defend this game other than saying, Cause Bash said its going to be fixed!!
I'm a Technician who had to take part in a national rollout of new software, to replace the out of date software, last year. We still have issues, but nothing like the first week/month. Constant phone calls about issues streaming in. And this was on a total of 5-6 different types of pc machines we could test beforehand. Imagine what it would be like trying to make a software program work on a massive amount of differing pc/Mac builds out there and then trusting that the systems in place will all work out even without being able to "fully" test servers at capacity. Its not easy, and I salute Blizzard for working so hard to get this game out to us and in our hands. Software is a headache to make work, but at this stage I believe Blizzard's tireless efforts might just be the Asprin needed to relieve the pain. +1 Blizz!!
By the way, when we rolled out our software if a customer had an issue, we did not tell them what we are doing to resolve that issue, mainly because the people fixing it are too busy fixing it and the people telling you what is happening are too busy taking calls and forum posts to find out what's going on until after it is resolved/found. Go easy on Blizz Blues people. They love this game just as much as us and do not want these issues any more than we do. :)
05/24/2012 07:50 AMPosted by Darthius


We'll be addressing these as we can, just not in this particular post. We're not going anywhere and we're all in this for the long haul.


My favorite part of this thread, can't wait for the 3 legendary items I found to mean something, I refuse to sell and and I'm even gimped when I force myself to use them, hopefully one day I'll be able to wear them proudly... thanks Blizz for the update :)


Your items you have now are not going to change from what they are. Once/If they fix the items only new ones will be better. Sorry buddy.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]