Diablo® III

Hack Refund

(Locked)

05/26/2012 11:01 PMPosted by Alamyst
You took the words out of my mouth. Dropped 1200$ for a computer I knew would play SC2 and D3. SC2 won't save and I've had no response. And now my D3 account was hacked. I keep strict security on my computer, but here I am hacked and being told it is my fault...


Did you have an authenticator?
100 Night Elf Hunter
11780
Posts: 3,711
05/26/2012 01:36 PMPosted by Kaltonis
I THINK it's a java exploit


There definitely could be some Java exploits. That's the thing though, they use everything they can, and in tandem. I wasn't aware of even half of the keylogging methods that are in use until I started working this job. We've been monitoring WoW compromises for years now, and while a particularly nasty vulnerability (like the Adobe Flash one I mentioned earlier) might result in a surge of compromises, the truth is that there's never just "one thing" that's resulting in compromises. It's compromise by a thousand cuts, if you get my paraphrasing.

This is why we made the physical and mobile authenticators. After awhile, we realized that passwords weren't just being stolen because of bad computer habits or poorly thought out passwords (although that happens as well). They were being stolen because of the sheer quantity of methods that the gold-selling companies were flooding the Internet with. No matter how careful you are, they may still get your password eventually, and that's why we have the authenticator. It's why I have one on my account right now. We even priced the physical model at cost ($6.50) so that no one could rightfully claim that we were making any money off of them.

Bottom line: We hate seeing people compromised, and having to deal with compromises also costs us a lot of money in support costs. We need either everyone to use an authenticator (physical or mobile), or no one to buy gold. Should that day come, we won't have to worry about this anymore.


I have a physical authenticator and even have a backup one I bought in case this one dies on me so this is not for myself.

Have you thought about bundling an authenticator into a special edition of a CE pack with some nice new look as a way to get it into even more customers hands?

Depending on your costs you spend on restorations/Customer Service maybe including it into the next expansion of Diablo/Wow?Starcraft as a way to get almost 100% of the people using it might cut down on your employee costs which could pay for it.
85 Night Elf Druid
8630
Posts: 239

If you have the physical or mobile authenticator (both of which major banks use and charge $30+ for) the chances of you being compromised are very, very small. I've personally examined the MSInfo files of nearly all of the handful of people who have truly been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.


The post on the main page said that NONE of the hacking victims had authenticators. Are you saying that there were hacked accounts with an authenticator? If that is the case maybe you should have the security post updated to avoid BLATANTLY LYING to your customers.


She was referring to five years worth of World of Warcraft logs, not D3. The security post was spot on. The most relevant part concerning how difficult it is to compromise authenticator accounts is here:

...the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.
Edited by Daydreamer#1458 on 5/27/2012 12:26 AM PDT
90 Blood Elf Hunter
12610
Posts: 3,384

Bottom line: We hate seeing people compromised, and having to deal with compromises also costs us a lot of money in support costs. We need either everyone to use an authenticator (physical or mobile), or no one to buy gold. Should that day come, we won't have to worry about this anymore.


I didn't buy gold. this is a new battle net account (not the old one I used for wow), so therefore I should not be hacked? But I was....

So... (with that being true)...is the companies stance is everyone needs an authenticator? Then imo it should be mandatory for login.


Its the company's stance that an authenticator is a very good idea.

It's like having a lock on your front door. If you asked your local police station whether or not you should have one, they would tell you it would be a good idea. They wouldn't prevent you from entering your house if you chose not to install a door lock or a door because they can't force you to do either. But they will say "I told you so" if you get robbed.
It's definitely hacked, not compromised, or they would have taken all of my character's items, not just 1 character. Oh, and they didn't change my password. Because they didn't have it.

Somehow people are spoofing sessions. And you guys are lying about it.


This post should be taken seriously. My friend warned me before I started playing to avoid public games because people are losing control of their accounts. Is something is happening with public games...? It sounds like a lot of people (fresh installs, etc) that wouldn't normally be "compromised" are being compromised.
Edited by Mogthak#1182 on 5/27/2012 12:29 AM PDT
Fresh install, fresh battle.net, megapassword, never played WoW or SC2, never got those emails, I don't P2P, I'm not stupid, I didn't share my password, I got hacked the 2nd day I played Diablo and lost a lot. Oh and I did it all on Mac OSX which I find rather strange.
Edited by Zombieshart#1188 on 5/27/2012 12:40 AM PDT
85 Night Elf Druid
8630
Posts: 239
It's definitely hacked, not compromised, or they would have taken all of my character's items, not just 1 character. Oh, and they didn't change my password. Because they didn't have it.

Somehow people are spoofing sessions. And you guys are lying about it.


This post should be taken more seriously than pretty much every other post in the thread. Something is happening with public games...


No one is spoofing sessions. The reason your password wasn't changed is the same reason my password, and my wife's password, weren't changed when we were hacked in WoW - the people who do this generally go in quickly, take whatever they consider valuable, and get out. They know that your PW will automatically change anyway the moment you report a problem. For them, it's just a job.

A Blue said something very interesting about all this yesterday. The people behind these compromises make a great deal of money selling your stuff and your gold to other players, so it's in their best interest to have as many accounts without authenticators attached as possible. This means that some of them probably come here onto the forum and post stories which would call the effectiveness of authenticators into account.

All I know is that the wife and I both got authenticators and haven't had issues since. If you spend much time on the internet at all, chances are these keylogging scammers will get to you eventually if you don't have one.
Edited by Daydreamer#1458 on 5/27/2012 12:43 AM PDT
Lol the guy above me just created a more elaborate conspiracy for an already elaborate conspiracy
90 Human Paladin
9805
Posts: 116
No auth and only got hacked once like 4 years back in WoW, that was when i was using the same email/pass for damn near everything. Now my account have a email and password I use just for it.
Lets say you signup at some guilds forum, or a fansite, etc, and use the same email/pass as your account. Now all they do is target that forum and get all the emails and passwords and their security is far less than Blizzard's is and they are not required by law to notify users of a breach. Heck they could just email a Admin at one of the forums, offer them some $ for all the names and passwords.

Spoofing sessions was already denounced as impossible and was spread by some random poster with 0 evidence to support such a claim.
90 Blood Elf Hunter
12610
Posts: 3,384
05/27/2012 12:38 AMPosted by Zombieshart
Fresh install, fresh battle.net, megapassword, never played WoW or SC2, never got those emails, I don't P2P, I'm not stupid, I didn't share my password, I got hacked the 2nd day I played Diablo and lost a lot. Oh and I did it all on Mac OSX which I find rather strange.


What's a "megapassword"?

The truth about password strength: http://xkcd.com/936/
85 Night Elf Druid
8630
Posts: 239
05/27/2012 12:47 AMPosted by Zombieshart
Lol the guy above me just created a more elaborate conspiracy for an already elaborate conspiracy


It's all true! The cereal box never lies.
Posts: 433
05/27/2012 12:47 AMPosted by Zombieshart
Lol the guy above me just created a more elaborate conspiracy for an already elaborate conspiracy


Elaborate? You should quit D3 and play Eve for a few months, these schemes are nothing.
Why not package a token with the game then. Or at least on the box in large print and bold letters type that your account is likely to be compromised unless you have a supported mobile phone or 6.50. And you're telling me it costs you 6.50 to make the token LOLOLOLOLOL.
85 Night Elf Druid
8630
Posts: 239

All I know is that the wife and I both got authenticators and haven't had issues since. If you spend much time on the internet at all, chances are these keylogging scammers will get to you eventually if you don't have one.


I honestly don't hope you believe EVERY account ever compromised on battle.net is a result of a "fooled" person clicking a link in an email or being "keylogged", keyloggers always have executables installed even if its installed in the background with no UI displayed to the user by opening an .exe attached with keylogger ect.

I never said that. As blues have stated before, the people who compromise accounts have a growing number of sophisticated ways of getting your information. Per keyloggers specifically, I was told (by a customer service rep after being hacked) it's common practice for the keylogging program to delete itself once used, thus reducing the chance it will be discovered; this is why keylogging has been such an effective method for them.

...authenticators are great for protecting your character, thats if you don't care your password and id are potentially compromised at the cost of having your character and virtual items intact. If that trade-off is fine for you, that is.

I'm one of those careful people who rarely gets a virus. I take all the usual precautions to protect my personal information, including my email and passwords, i.e. I follow the list on Blizzard's security FAQ, and I'm quite paranoid about visiting websites and clicking links. In spite of that, my account was still compromised a few years ago.

So really, the only "trade-off" I've made is to spend $6.50 for an authenticator, which has allowed me to play compromise and worry free ever since. And honestly, for only $6.50, can you even qualify that as a trade-off?
Edited by Daydreamer#1458 on 5/27/2012 1:40 AM PDT
No matter how careful you are, they may still get your password eventually, and that's why we have the authenticator. It's why I have one on my account right now. We even priced the physical model at cost ($6.50) so that no one could rightfully claim that we were making any money off of them.

Bottom line: We hate seeing people compromised, and having to deal with compromises also costs us a lot of money in support costs. We need either everyone to use an authenticator (physical or mobile), or no one to buy gold. Should that day come, we won't have to worry about this anymore.

Since the use of the word 'authenticator' for the dial-up/SMS tool was admitted to be misleading, perhaps Blizzard can smooth things over by sending free physical authenticators to the people whose accounts were compromised because they thought they were protected by the dial-up/SMS 'authenticator'?
We get it, you guys are computer geniuses who never ever ever do anything anything risky.
85 Night Elf Druid
8630
Posts: 239
05/27/2012 01:51 AMPosted by Congert
We get it, you guys are computer geniuses who never ever ever do anything anything risky.


I'm so totally not this. But I do make heavy use of Malwarebytes Anti-Malware and other programs, and I'm good at fixing most issues when they come up (thank you Internet and Bleeping Computer!)

And this is also why I'm glad I got my authenticator. :D
So why can't Blizzard just include physical authenticators with physical copies of the games?

Especially for those of us who have been hacked and refuse to put a credit card on the website.

Instead, they charge everyone for one. Blizzard, you're as greedy as Activision. No wonder you partnered with them.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]