Diablo® III

Hack Refund

(Locked)

90 Night Elf Druid
8725
Posts: 1,434
05/25/2012 08:13 PMPosted by Kaltonis
The "hacking" ("compromising" is probably a better word, since no real "hacking" is going on) being seen in D3 is no different than what World of Warcraft players have been seeing for five years or so. The sad thing is, if no one bought game currency (gold, credits, whatever) from these third-party companies, then essentially no account compromises would be occurring.


What's sad is that because of the always on DRM, people are having their single player game hacked.

It's nice that you blame the players for using third party sites to purchase in game items and site that as the culprit to hacking.

If you are insinuating that people are getting spyware/phished by these businesses, that's always possible, but seeing as how the always on DRM is a new thing, it's likely that this is the first game many palyers have had to be online and log into to play the single player option, it's possible that they had keyloggers, and malware before they even installed the game, and players such as these were just the perfect storm as far as the hackers were concerned.

Before you blame your playerbase for giving their money and business to these nefarious third party gold sellers, consider the consequences of the "REAL MONEY AUCTION HOUSE". Blizzard has essentially given gold sellers a viable means to convert stolen virtual pixels into real money by selling hacked goods back to the very playerbase it hacks and steals from.


If you have the physical or mobile authenticator (both of which major banks use and charge $30+ for) the chances of you being compromised are very, very small. I've personally examined the MSInfo files of nearly all of the handful of people who have truly been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.


That's right, blizzard are the good guys here, their authenticators only cost 5 or 6 dollars. It's your own fault if you get hacked with an authenticator, you probably deserved it, how dare you use a file sharing program.

Seriously, many people, myself included have zero interest in multiplayer and would be absolutely fine with an offline mode. I'd be happy to disenchant my items, and just vendor them in game.

"But Tållülå, we need always on DRM, to prevent cheating and item duping to protect the economy of the real money auction house." That's a good point, however the RMAH just encourages hacking and fishing because it provides a way for hackers to launder their stolen goods and turn it into real money. Theoretically, it's possible that the always on DRM, which leads to account hacking/theft, does nothing to protect the sanctity of the RMAH because so much stolen virtual goods will be laundered through it.
90 Night Elf Druid
8725
Posts: 1,434
05/25/2012 10:24 PMPosted by Moraylais
As long as you don't let your computer get compromised with viruses and malware, the authenticator is not needed. NOT THE POINT

You have no clue do you? People can guess passwords. I have guessed the passwords of a number of friends on their WoW accounts, their FaceBook accounts, etc. These all took me less than 5 tries each. An authenticator would have prevented that. I will go one step further and counter your next argument about password complexity. People are lazy.


Passwords can also be brute forced.
05/25/2012 11:24 PMPosted by Tållülå

You have no clue do you? People can guess passwords. I have guessed the passwords of a number of friends on their WoW accounts, their FaceBook accounts, etc. These all took me less than 5 tries each. An authenticator would have prevented that. I will go one step further and counter your next argument about password complexity. People are lazy.


Passwords can also be brute forced.


No. The account becomes locked and unable to be logged into for a certain amount of time after 5-10 invalid tries
90 Night Elf Druid
8725
Posts: 1,434


Passwords can also be brute forced.


No. The account becomes locked and unable to be logged into for a certain amount of time after 5-10 invalid tries


I was talking about passwords in general, not wow/SC2/D3 accounts, sorry for failing to elaborate.
what i have never understood is why authenticators dont come shipped with the box product. or as a link included during b.net sign up. (in other words make it nearly mandatory), increase cost of your products by a small margin but everyone is protected, or at least include it with collectors editions.
Posts: 104


Passwords can also be brute forced.


No. The account becomes locked and unable to be logged into for a certain amount of time after 5-10 invalid tries


Actually, Diablo 3 doesn't lock you out after numerous incorrect passwords. Give it a try...
Posts: 51
The refund is a good idea, but I would like a nice post of these programs to look out for. Its a real problem and I would like to troubleshoot my pc myself if possible What do you run to scan for these malicious programs because apparantly my software isnt good enough to detect it.
Posts: 9
Wow, kind of disappointed that Blizzard would try to shift the blame on the consumers. Most of us have authenticators and have not bought gold at all (didn't even know you could buy gold until just now). This is clearly not our fault considering the vast quantities of reports of this. I see that a lot of rollbacks are required.
Posts: 72
Whose words to trust? Those of the capitalists or of the consumers?

I'd tend to trust the players because Blizzard is incorporated and we all have a good idea what corporations have brought to this country.

Although I am not one of the victims, my friend got hacked and brought me to this attention. I went through several posts. I am seeing Blizzard keep blaming on its player while on the other hand restoring the lost items for them. I wonder if that's an act of guilt or it's just an act of good manner?

Regardless of what the truth is, my opinion is that D3 had a security breach and bunch of players were affected. What I don't understand is why are hackers stupid enough to make themselves a high profile? It gives them much more troubles now.

If you have the physical or mobile authenticator (both of which major banks use and charge $30+ for) the chances of you being compromised are very, very small. I've personally examined the MSInfo files of nearly all of the handful of people who have truly been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.

So have you guys figured out HOW they are bypassing the authenticators? Is it truly the supposed Man-in-middle attack that ppl were talking about?

Also, when will the D3 be patched so hackers can't try our passwords for limitless times? I bet that's how 90% of accounts were stolen...
Edited by aeo#3692 on 5/26/2012 12:20 AM PDT

If you have the physical or mobile authenticator (both of which major banks use and charge $30+ for) the chances of you being compromised are very, very small. I've personally examined the MSInfo files of nearly all of the handful of people who have truly been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.


This should be spread around the forums more, as many people are passing around info that the GMs have confirmed no authenticator accounts have been "compromised", when blue text here confirms the complete opposite. The very fact that any accounts with authenticators have been compromised, in itself shows that even with an authenticator an account can be hacked.
Posts: 33
same thing happened to me i did the same exact thing. i was online when it all happened and i couldn't do a single thing. i saw exactly who did it too it was a guy named AFROKAGE, because i changed my password five times while he was on my account, and he didn't have enough time to clear my account or delete me off his list.
Edited by ryanlau#1872 on 5/26/2012 12:33 AM PDT

Wanted to touch quick on the phishing emails. I made a post a day or two ago about this. They are not as obvious or laughable as they used to be- they actually look scarily legit. Here's a shot of one I got in my email (which is not the email I use for Bnet anymore):

http://i.imgur.com/xFtSd.jpg

If you don't have the actual legit MoP beta invite to compare it to, it probably wouldn't be very obvious to a new player or even some veteran players that this is a scam attempt. They are getting MUCH better with the emails they send out, and they keep sending them out because obviously they are working.

Yeah, I got that one too. It looks disturbingly convincing, thankfully I did a quick check and found out it's a phish before doing anything dumb.
The "hacking" ("compromising" is probably a better word, since no real "hacking" is going on) being seen in D3 is no different than what World of Warcraft players have been seeing for five years or so. The sad thing is, if no one bought game currency (gold, credits, whatever) from these third-party companies, then essentially no account compromises would be occurring. Compromises not done by gold selling companies are very rare indeed. They strip one player to sell to another, because it's much more efficient than "farming" gold. They still farm some of course, but they do it purely with compromised accounts.

Unfortunately, these compromisers make a lot of money off of the practice (because players buy gold) and so they have a lot of resources to use to try to get your password from you directly, or through your computer. Some of their poorly translated phishing e-mails may be laughable, but their trojans, infected websites, etc. are not funny at all.

If you have the physical or mobile authenticator (both of which major banks use and charge $30+ for) the chances of you being compromised are very, very small. I've personally examined the MSInfo files of nearly all of the handful of people who have truly been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.

Again, compromising game accounts is a big business in some countries. They have people on their payroll who spread false rumors of "hacked through my authenticator" just to try to discourage people from using them. We charge $6.50 for the physical authenticator, because that's exactly what it costs us to make them. The mobile one is free because we don't have to pay a factory to build them. Use them, and enjoy your gaming without someone mucking with your stuff.


1.) Remove the abilty to trade gold or items directly with other players. You can mail other players items or gold, but it takes 24 hours for the transaction. The sender can have the items or gold returned immediately if it's been less than 24 hours since the mail was sent.
e.g. If someone logs onto your account they can't strip your character and take off with the gold or items.

2.) Keep the maximum of 10 auctions the way it is and keep the auction listing for 48 hours. But change it so the auctions are unlisted for the first 24 hours and can be removed from the auction quence. After the 24 hours is up the items go live and can no longer be removed from the auction house and are listed for sale for 24 hours.
e.g. If someone logs onto your account they can't put all of your items up for one gold and buy them on another account to resale.

3.) Items purchased through the auction house take 24 hours to arrive. Any time before the the 24 hours is up the seller may cancel the purchase.
e.g. If someone logs onto your account they can't purchase items with your gold and collect the profit of the sell on another account.
one thing if your PC is so infected that remote access to it is given to hacker then no authenticator will help you.

two - even best protection software doesn't give 100% protection. thats why its important to know what you install on your machine and keep yourself off unsecure sites.

three - There is a reason why banks youse authenticators/sms or other "physical" confirmation methods when doing operations. And you should look at your Bnet account as a bank account ibecause hackers certainly do.

finally - if you get phishing mails they they already know you got bnet account. You probably used same mail to register on some unsecure site or one that been later compromised and data stolen. I got lots of phish on my old mail that i dont have bnet acc on anymore, on the new one i get none.
Posts: 44
I run spybot S&D - usually it kills most spybots for me, but sometimes a few are able to circumvent S&D's quarantine/delete, to which I'm forced to research on the internet on how 2 kill them. Suffice to say, there is probably a good chance that there is 1 or 2 that I can't kill or even detect...I'm running Microsoft Security Essentials, cuz I can't really afford ESET NOD atm - so it's pretty frustrating for me.

Not sure on my stance with the authenticators; I don't really intend to get one.

That being said, I haven't been compromised yet - BUT, I do smell a rotten fish here...and if you can add 2 and 2 together, there is definitely something funky going on with all these reports of hacking/compromises. It could be that some ppl here are being PAID out to give Blizzard bad PR and to make their authenticator look worthless. It seems a bit farfetched though.
LOL really blizzard? Everyone I know IRL has been hacked. I havent bought any gold, and I was hacked also. I've been around computers my whole life, so I know how to avoid keyloggers, and phishing emails.

The servers have been compromised, or there is an exploit. Time to man up and admit it.


Everyone you know? Seriously? Is that how silly we've all gotten here?

Nobody I know has been hacked. Nobody. It is absolutely impossible that you live in some weird probability vortex in which 100% of the people you know have been hacked. The odds are staggeringly against it.

Unless, of course, all of you share something in common. Like keyloggers or phishing scams. Which is almost certainly the case.
Authenticator or not, I don't recall any online game every experiencing "compromised" accounts of this magnitude in such a short period of time. Either there is an exploit at play, or Blizzard is being lax on security in order to 'make the case' from their DRM (paranoid, I know, just trying to make a point).

Why do you offer 3 different forms of authentication (one which actually works) and yet not make your passwords case sensitive like almost every other online game out there?

Why do you not limit the amount of attempts people can make to log in?

Seem like they've provided more auth options for their DRM than any other game offers, while making the password auth itself lower security than any other online game out there.
Then, when the inevitable happens, the blue name comes along and blames us for not having their 6$ auth....

Nobody I know has been hacked. Nobody. It is absolutely impossible that you live in some weird probability vortex in which 100% of the people you know have been hacked. The odds are staggeringly against it.


Don't worry, it's only a matter of time. Me and my wife both got hacked within the same hour. I know for a fact I did not have any viruses, malware, or keyloggers on either computer.

You want to talk about odds? Thousands of people have been hacked already. Thousands...in a 24 - 48 hour window. What are the odds that it is all just brute force attacks, that there is no exploit in D3's system?

You all will read about it in the news soon enough, once they find the issue and Bliz fesses up.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]