Diablo® III

Hack Refund

(Locked)

Real nice, come back after a day and find all my !@#$ gone and the only thing to do is roll back a bunch?

My gaming PC has literally no connection to the internet for anything but legit purchased and downloaded games, I don't even use the browser. My password is in the "Se1gasah212SHS3" ballpark of complexity and unique to battle.net.

I'll get the authenticator, to prevent this from happening, but I am quite curious how this was supposed to be on the user's end.


You've likely used that email/password on another website for registration. Any website. These companies are sophisticated in how they gather and process their data. You can buy, rather cheap, huge stores of key-value pairs of password data hacked or retrieved from a multitude of suspicious and valid websites.
85 Blood Elf Death Knight
3795
Posts: 249
Real nice, come back after a day and find all my !@#$ gone and the only thing to do is roll back a bunch?

My gaming PC has literally no connection to the internet for anything but legit purchased and downloaded games, I don't even use the browser. My password is in the "Se1gasah212SHS3" ballpark of complexity and unique to battle.net.

I'll get the authenticator, to prevent this from happening, but I am quite curious how this was supposed to be on the user's end.


You've likely used that email/password on another website for registration. Any website. These companies are sophisticated in how they gather and process their data. You can buy, rather cheap, huge stores of key-value pairs of password data hacked or retrieved from a multitude of suspicious and valid websites.
I wouldn't really call them "companies" per se so much as "syndicates"...
Posts: 394
The "hacking" ("compromising" is probably a better word, since no real "hacking" is going on) being seen in D3 is no different than what World of Warcraft players have been seeing for five years or so. The sad thing is, if no one bought game currency (gold, credits, whatever) from these third-party companies, then essentially no account compromises would be occurring. Compromises not done by gold selling companies are very rare indeed. They strip one player to sell to another, because it's much more efficient than "farming" gold. They still farm some of course, but they do it purely with compromised accounts.

Unfortunately, these compromisers make a lot of money off of the practice (because players buy gold) and so they have a lot of resources to use to try to get your password from you directly, or through your computer. Some of their poorly translated phishing e-mails may be laughable, but their trojans, infected websites, etc. are not funny at all.



Hey Blizzard, you supplied the incentive with the RMAH. The incentive is there to use your own system to profit from data theft.
100 Tauren Druid
12095
Posts: 6,710
05/26/2012 01:36 PMPosted by Kaltonis
Bottom line: We hate seeing people compromised, and having to deal with compromises also costs us a lot of money in support costs. We need either everyone to use an authenticator (physical or mobile), or no one to buy gold. Should that day come, we won't have to worry about this anymore.


Why doesn't Blizzard include a physical authenticator with each game, especially if you're pushing people towards online-only, and therefore less secure, gameplay?

Bump the price up $6.50, or bake in the cost somehow. Most people won't care (don't deny it, people, if you're gonna buy the game, you're gonna buy the game) and it would remove the excuse of not having one.
Arg I've been trying to order an authenticator after I got my char cleared out 2 days ago and it keep asking me to "contact customer support". opened a ticket yesterday and still no answer.

Btw is there like a time limit as to when i can request a rollback? Really seems pointless to do it without an authenticator first.
Posts: 9
All this talk about authenticators on the forums, but how many people (like myself) weren't even aware of the problem(s) until they were compromised? I guess I just haven't been playing MMO's for a while, so the whole jump to the additional security layers was something I missed. Until I got on the forums, I wasn't even aware they were available. Too late now, of course.

I'm not even home right now, so haven't checked my account to confirm it, but a buddy of mine just told me my character is sitting there jaybird naked.... so I take that as a sign that mine has been compromised as well.

I also see thread after thread saying how it's the public games that make you vulnerable, but I can attest to this not being the case. I've only been playing my own single-player run-through on normal, and only have one person on my friend list that, who has popped into mine on a couple of occasions. I've never made my game public, nor have I joined into the public game of anybody else.

Heck, I haven't even been on the forums prior to today... except MAYBE back when I played WoW (and I stopped playing before the first expansion came out). So that poses the question of how are the accounts even being identified.
05/25/2012 08:13 PMPosted by Kaltonis
I've personally examined the MSInfo files of nearly all of the handful of WoW players who have actually been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.


Blizzard: Even if our product fails, we'll still place all the blame on you.
100 Troll Hunter
12640
Posts: 2,930
Real nice, come back after a day and find all my !@#$ gone and the only thing to do is roll back a bunch?

My gaming PC has literally no connection to the internet for anything but legit purchased and downloaded games, I don't even use the browser. My password is in the "Se1gasah212SHS3" ballpark of complexity and unique to battle.net.

I'll get the authenticator, to prevent this from happening, but I am quite curious how this was supposed to be on the user's end.


That's fine and dandy....but you do in fact access the internet on another machine since you're posting on the forums.

Just because your "gaming pc" is clean....doesn't mean the account compromise didn't happen on another machine.

Do people just not get that?
LOL really blizzard? How far into denial are you going to dig yourself? Everyone I know IRL has been hacked. People that normally dont even game at all. Two of them, this is their first game by Blizzard. They arent very computer literate, so all they do is log in and play with me and others. They have all been hacked. No 3rd party software, no buying gold. I havent bought any gold, and I was hacked also. I've been around computers my whole life, so I know how to avoid keyloggers, and phishing emails.

The servers have been compromised, or there is an exploit. Time to man up and admit it.

I am amazed at the level of stalker you have become good sir, for that must be the only way you know everyone's online dealings :o I personally haven't gotten hacked or met anyone that has and I believe it's due to the fact that they probably don't go on 3rd party sites is key. Also the fact that you say your friends are. Computer illiterate is probably proof enough that they don't know about avoiding 3rd party sites and such.
Edited by Ninja#1613 on 5/26/2012 8:59 PM PDT
The "hacking" ("compromising" is probably a better word, since no real "hacking" is going on) being seen in D3 is no different than what World of Warcraft players have been seeing for five years or so. The sad thing is, if no one bought game currency (gold, credits, whatever) from these third-party companies, then essentially no account compromises would be occurring. Compromises not done by gold selling companies are very rare indeed. They strip one player to sell to another, because it's much more efficient than "farming" gold. They still farm some of course, but they do it purely with compromised accounts.

Unfortunately, these compromisers make a lot of money off of the practice (because players buy gold) and so they have a lot of resources to use to try to get your password from you directly, or through your computer. Some of their poorly translated phishing e-mails may be laughable, but their trojans, infected websites, etc. are not funny at all.

If you have the physical or mobile authenticator (both of which major banks use and charge $30+ for) the chances of you being compromised are very, very small. I've personally examined the MSInfo files of nearly all of the handful of WoW players who have actually been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.

Again, compromising game accounts is a big business in some countries. They have people on their payroll who spread false rumors of "hacked through my authenticator" just to try to discourage people from using them. We charge $6.50 for the physical authenticator, because that's exactly what it costs us to make them. The mobile one is free because we don't have to pay a factory to build them. Use them, and enjoy your gaming without someone mucking with your stuff.


This post should be stickied
How come other games do well without an authenticator? just wondering what they have and how they made it stable, so many complains coming in each day. i see a bot advertizing and selling gold on global and i see a level 2 and level 7 players(they never levelled up since i got hacked a few days ago) mysteriously added to my social list that cant be removed, you guys got nasty vulnerabilities, was D3 designed that way?
33 Worgen Rogue
195
Posts: 42
Why are you all dumb.
This is all on Blizzard. ALL OF IT.
    1. Server-side system
    2. Blizzard stating, "no authenticators", then slipping up and leaking, "there were authenticators."
    3. Blizzard ALREADY said that there were no indications of log-in by the "hacked" victims. How could it be a key-logger?
    4. Blizzdrones make me sick.


I bought this game to enjoy the Diablo franchise. I played a piece of immoral, greedy piece of trash. You better believe I pre-ordered Torchlight II on Steam (Get to play Torchlight for free), because it was made by the guys who made Diablo right...
You don't have to buy a $6 dollar authenticator. It's your fault because YOU information was stolen from YOU not Blizzard. For whatever reason (and honestly it doesn't matter) you failed to protect your login credentials for this game. It is NEVER Blizzard's fault if you get hacked unless they were hacked... which did not happen, because per federal law they are required to notify all of their customer in their database of potential ID theft.

If you are trying to say that you were somehow fooled into something by Blizzard, that is laziness at it worst. You failed to do the proper research about your account security. Blizzard has implemented these security feature for you, and people like you who either don't have a smart phone. Or think that spinging for $6 shipping included is too much, when it comes to protecting their account and identity. They don't make a dime off the authenticators, and they actually PAY for the shipping, this proves that they have nothing but you and your accounts best interest when it comes to security.

I am glad to hear you got your stuff taken care of. But if you fail to use this as a learning experience for how you can prevent it in the future. You will find this to be an endless cycle of hacks and restorations.
Edited by Alaric#1712 on 5/26/2012 9:17 PM PDT
05/26/2012 05:02 PMPosted by SayCheese
Hey Blizzard, you supplied the incentive with the RMAH. The incentive is there to use your own system to profit from data theft.

The incentive for hackers to try and obtain access to your account was there to begin with, as WoW readily demonstrates. Your account has valuable commodities people are willing to buy with real money, whether Blizzard provided a market for those items (which currently doesn't even exist yet in D3) doesn't change that.

05/26/2012 09:10 PMPosted by Defiied
2. Blizzard stating, "no authenticators", then slipping up and leaking, "there were authenticators."

Did you even read the blue responses in the thread? Nowhere does it say "there were authenticators."

Having dial-in authentication currently DOES nothing for Diablo 3, and is not meant to replace a physical or smart phone authenticator in the first place.
Edited by ZHER0K#1488 on 5/26/2012 9:21 PM PDT
As someone who has worked in this industry, handling hacked accounts. Literally EVERYONE who gets hacked says exactly what you are saying.

You failed in some way to protect your information. The is quite literally ALL there is to it.
Posts: 4
i got hacked and i have never bought gold,talked to another player or even entered a public game only thing i did was use the AH and next day everything is gone. this companies decietfull ways are just too much now. please just give me my money back so I can go play fun games without all this BS. its too bad this is how its going down. Im done with you blizzard just give me my money back,, and P.S. i also have and upto date protection on my comp so god only knows how this is happening I can only guess its your horrible security.
05/26/2012 09:24 PMPosted by Reckoning
i got hacked and i have never bought gold,talked to another player or even entered a public game only thing i did was use the AH and next day everything is gone. this companies decietfull ways are just too much now. please just give me my money back so I can go play fun games without all this BS. its too bad this is how its going down. Im done with you blizzard just give me my money back,, and P.S. i also have and upto date protection on my comp so god only knows how this is happening I can only guess its your horrible security.


A lot of the time when you are hacked, it has nothing to do with what you are doing in game.

You should scan for viruses and keyloggers. You likely have one.

When they are talking about buying gold being the reason this happens, it is just one of a whole lot of reasons. And it is WHY accounts are hacked, not necessarily HOW they are hacked.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]