Diablo® III

Hack Refund

(Locked)

05/26/2012 09:36 AMPosted by Kaltonis
The post on the main page said that NONE of the hacking victims had authenticators. Are you saying that there were hacked accounts with an authenticator? If that is the case maybe you should have the security post updated to avoid BLATANTLY LYING to your customers.


Sorry for not being more specific on that. The hacks I was referring to were from the last five years of WoW compromises, not the current D3 compromises. None of the D3 compromises that we've checked have actually had authenticators, despite their claims.


Hey Kaltonis, just wanted to thank you for coming out to PR the angry mobs out there - even IF your company did make some bad decisions it's pretty sucky that the PR peon (er no offence intended) has to take all the brunt of the anger (yeah I'm guilty of posting angry stuff too at times). Best of luck to you and your security team on tackling these issues!
never been hacked or exploited.... on any game..... I run p2p and I do a handful of other things that have been said on here... I too would like to know what im doing right so I can sell my exploits on how to not be compromised to the rest of the d3 community (at a healthy 5$ a view profit of course :) xD )
I only play at home so i dont have any external keylogger threats, my AV is also upto date, and i never used any 3rd party software or whatever. Yet i still lost 50k gold the other day and got my quest progress reset back to "Falling Star". I didnt send a ticket anymore since its only 50k but i feel sorry for those hardcore players losing their gold assets and items.

This is the first time i encountered hacking crap on an MMO, how come other MMOs never gave me this problem? how come their systems/servers are more secure? hope you guys fix it up so players don't get their efforts and time wasted. I'd like to suggest for you guys to put on a password(alpha numeric) on the stash chest, it might give a little security, and adding a gold bank on the stash chest would be nice too.
Edited by ANTASKIDAYO#1756 on 5/26/2012 1:24 PM PDT
Support Forum Agent
05/26/2012 12:01 PMPosted by MoeJonesy
I THINK it's a java exploit


There definitely could be some Java exploits. That's the thing though, they use everything they can, and in tandem. I wasn't aware of even half of the keylogging methods that are in use until I started working this job. We've been monitoring WoW compromises for years now, and while a particularly nasty vulnerability (like the Adobe Flash one I mentioned earlier) might result in a surge of compromises, the truth is that there's never just "one thing" that's resulting in compromises. It's compromise by a thousand cuts, if you get my paraphrasing.

This is why we made the physical and mobile authenticators. After awhile, we realized that passwords weren't just being stolen because of bad computer habits or poorly thought out passwords (although that happens as well). They were being stolen because of the sheer quantity of methods that the gold-selling companies were flooding the Internet with. No matter how careful you are, they may still get your password eventually, and that's why we have the authenticator. It's why I have one on my account right now. We even priced the physical model at cost ($6.50) so that no one could rightfully claim that we were making any money off of them.

Bottom line: We hate seeing people compromised, and having to deal with compromises also costs us a lot of money in support costs. We need either everyone to use an authenticator (physical or mobile), or no one to buy gold. Should that day come, we won't have to worry about this anymore.
Edited by Kaltonis on 5/26/2012 2:22 PM PDT
That's definitely cool. You should commend your bank then as some of them charge waaaaaaay too much in my opinion.


I think it may be obligated, where I live banks have been using this keychain authenticator system for probably over a decade now. It's worked amazingly well, never heard of anyone getting their bank accounts compromised in the last 7 or so years.

Heck, the former head of Blizzard Customer Service had his account compromised.


*giggle* I feel sorry for him, but it's a little ironic. BUt, well I understand, I myself used to study CS (I quit though) and it wasn't until I read about all these compromised accounts that I realised exactly how vulnerable your computer can be to malicious programs. So I installed my mobile authenticator, because though it's a little tedious to use it every time I log in, I wouldn't like to log in and find my account empty. :)

But I'm still a little confused, how come some players were initially told that their accounts hadn't been compromised when they obviously had been? Was there a problem with your customer service department?
Edited by Suzumi#2566 on 5/26/2012 1:50 PM PDT
My friend claims that you can get one single character restored in the same realm. According to one of the Blue posts in here that's not true?
Restoring an account restores the entire affected realm of that account? Period?
My friend claims that you can get one single character restored in the same realm. According to one of the Blue posts in here that's not true?
Restoring an account restores the entire affected realm of that account? Period?


You cannot get one single character restored, a rollback will apply to all of your characters, so what you're saying is correct and your friend is wrong. This has been mentioned in this thread and in a couple of other blue posts as well. :)
Support Forum Agent
05/26/2012 01:42 PMPosted by Suzumi
But I'm still a little confused, how come some players were initially told that their accounts hadn't been compromised when they obviously had been? Was there a problem with your customer service department?


I'm not completely sure, to be honest. One of our systems probably just needed to be tuned a little better.
So, all in all, i have to own a smartphone to secure the 60$ that i paid for? I don't quite get it, not everyone has smartphones and i don't personally live in the USA, what can i do? buy a smartphone then?

What is the concrete cause of the hackings? I can't believe that there are so much cases, i highly doubt most of those can be attributed to the victim's downloading apps and stuff.


No you don't. The authenticator is not that expensive.

http://us.blizzard.com/store/search.xml?q=authenticator

$6.50 for an authenticator.
Edited by zKrieg#1561 on 5/26/2012 8:30 PM PDT

Bottom line: We hate seeing people compromised, and having to deal with compromises also costs us a lot of money in support costs. We need either everyone to use an authenticator (physical or mobile), or no one to buy gold. Should that day come, we won't have to worry about this anymore.


I didn't buy gold. this is a new battle net account (not the old one I used for wow), so therefore I should not be hacked? But I was....

So... (with that being true)...is the companies stance is everyone needs an authenticator? Then imo it should be mandatory for login.
He's not accusing you of buying gold. He's saying the fact that some players do means there's a market for every player's information, even though the vast majority of us do not buy gold. He's saying if there wasn't a market, we likely wouldn't need the authenticators. But there is, so we do.
Edited by Tiakatt#1643 on 5/26/2012 2:47 PM PDT
I have this suspicion that someone may have used an injector to steal some important files kind of like sony. But due to not encrypting it and the fact that they are not as much of a profitable company than sony that they prefer to cover it up than man up to the responsibilities. Can't wait to see the initial outcome of this hole proceeding.
Kaltonis, I have to commend your patience. Reading this thread is like watching a bunch of zit faced, sweaty anxious nerds in a circle poking someone with a stick. If you go back and read Kaltonis's posts carefully, you should see there is really no reason to be consistently like.. BLIZ IS LYING, THEY DONT CARE, HUH!??!!? HUH!?!?!

If you were hacked, I'm sure most of the Blizzard employee's genuinely would feel bad for you, and that they are working to try and fix all of this. If you do end up having to wait a while for your characters and items to be returned or reimbursed or something, go outside and look at the sun for once. Maybe take a shower and do some push ups as well, itll be good for most of you.

Yes this post has no technical relevance. Yes I am ignorantly taking a pot shot at anyone anti blizz. Delete my post if needed.
Sign just got hacked today. I have logged onto battlenet on 2 computers, 1 at work and 1 at home. There is a very small chance i could have been hacked/keylogged.
No authenticator here.. Lots of malicious progs running on my lappy. None of my 5 friends playing have been hacked. Just tough luck I suppose *shrugs*
90 Human Paladin
14480
Perhaps a better option for Blizzard's release of D3 would have been to include an authenticator dongle with every box purchase. Since they seem to be required. Sure those of us who have been playing WoW know of the authenticator and how essential it is for account security, but the people watching television and seeing snarling demons in an advertisement and hurrying down to their local Buy This Cool Game Now store might not know about any of this.

I would think that offering a free authenticator dongle to those with valid D3 registrations would be smart to prevent this nightmare from happening again. Sure Blizz will lose money in the 6.50 manufacturing cost to them, but I venture to guess they'll lose more money in bad press from this debacle. To cut costs, dont even make the dongle have cool graphics on it. Probably would save about a dollar per dongle in manufacturing costs.

Sure people might be reckless with their computers, go to unsavory websites and get infested with malware/spyware/scareware. But do any of those nasty programs prevent other games (besides MMOs) from being played? Not really (short of completely shutting down a user's system).

Blizzard must have known that players of D3 were not just going to be from the WoW or SC online communities, but the loyal who loved D2 as well. Gamers who did not expect this game to be so online depenadant. Gamers who thought they wouldnt have to have an internet connection to be able to solo play the game.
85 Blood Elf Death Knight
3795
You caught em Joe. It's not possible they got new information. Nope, they lied to protect the profit making machine that is the authenticator.

Bliz, you should be ashamed!
Google "digipass go 6" and tell me what the cheapest price you can find is. I got $9. Blizz sells them for $6.50. AND they cover shipping inside the US. "Profit making machine" indeed.

As a side note, it seems that people aren't taking everything the blues are saying in context. The reference that the blue poster in THIS thread made was accounts that have been hacked since the authenticator was introduced.

The statement about no accounts that got hacked had an authenticator? That was in reference to the D3 compromises. HELLO!
Edited by DreadPyrat#1865 on 5/26/2012 4:22 PM PDT
Sure Blizz will lose money in the 6.50 manufacturing cost to them, but I venture to guess they'll lose more money in bad press from this debacle. To cut costs, dont even make the dongle have cool graphics on it. Probably would save about a dollar per dongle in manufacturing costs.


That would mean a loss of about 40 million dollars for this week only (6.3 million sales within the first week times 6.50 dollars). I don't mean any disrespect but surely you don't think Blizzard will lose 40 million because of this debacle?

Edit: To the person above: he was joking.
Edited by Suzumi#2566 on 5/26/2012 4:22 PM PDT
Real nice, come back after a day and find all my !@#$ gone and the only thing to do is roll back a bunch?

My gaming PC has literally no connection to the internet for anything but legit purchased and downloaded games, I don't even use the browser. My password is in the "Se1gasah212SHS3" ballpark of complexity and unique to battle.net.

I'll get the authenticator, to prevent this from happening, but I am quite curious how this was supposed to be on the user's end.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]