Diablo® III

DIABLO 3 HACKED: IT'S TIME TO OWN UP BLIZZARD

(Locked)

90 Blood Elf Paladin
7815
Edited by Frobozz#1468 on 5/21/12 3:58 PM (PDT) I for one enjoy the game, but did I pay $60 so that hackers can steal my gold and items by using exploits in the game that are Blizzard's fault? Absolutely not. The problem is so widespread that non-gaming news sites are picking up the story:

Forbes:
http://www.forbes.com/sites/erikkain/2012/05/21/breaking-blizzard-diablo-iii-player-accounts-hacked-items-and-gold-stolen/

International Business Times:
http://www.ibtimes.com/articles/343461/20120521/diablo-3-release-date-2012-beta-auction.htm

Examiner:
http://www.examiner.com/article/accounts-on-diablo-3-hacked

Now, all we get is a single paragraph blue post? It is time for Blizzard to own up to what's going on. Let us know if this is widespread phishing/keylogging or hackers taking advantage of exploits in the network code. If Blizz doesn't know, they need to take the servers down until they can figure it out, before more people lose their accounts.


LMAO @ that Forbes article. So they surfed the battle.net forums and found a single online article from the EU and made a story out of it because we know that EVERYTHING is true on the intrawebz. Apparently anybody can write for that rag nowadays.
Translation: I got keylogged but don't want to own up to it.

And btw, the code from the authenticator is one use, i.e. if you log in successfully and someone intercepted the code they cannot re-use it instantly to go to your account on the web site, that code is burned, only the next code will be accepted.
05/22/2012 07:43 AMPosted by Cyphon
I have stopped caring about you getting hacked. If it happens to me, I'll be upset, but the deluge of infantile tantrum posts has officially gotten stale. Blizz is working on it and that's that. I'd tell you to QQ moar, that your tears sustain me, but I really just want to stop seeing these hissy fits polluting the boards.


If someone robs your house are you going to call the police?
After you call the police will you call your friends and family and tell them?
Will you tell your neighbors and let them now as well?

grow up and stop speculating on what you will and will not do until it happens to you.
90 Gnome Warrior
0
For all you people defending the authenticators

http://wow.joystiq.com/2010/02/28/man-in-the-middle-attacks-circumventing-authenticators/

Let me quote you a blizzard post from that article:

"After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure"

The authenticator was only circumvented on computers that had keyloggers on them- meaning, the person was the one who failed at computer security- not blizzard.

It's not an absolute defense if you're going to get viruses and keyloggers and malware- but even with an infested computer, it's still a hell of a lot better than having nothing at all.

Authenticators ARE as close to an absolute defense as is concievable; and apart from that single incident, no one has been hacked with one yet. And even there the problem was on the person's end- not Blizzard's. Blizzard has never had a single server-side security issue.
05/22/2012 07:47 AMPosted by Czarspeed
I have stopped caring about you getting hacked. If it happens to me, I'll be upset, but the deluge of infantile tantrum posts has officially gotten stale. Blizz is working on it and that's that. I'd tell you to QQ moar, that your tears sustain me, but I really just want to stop seeing these hissy fits polluting the boards.


If someone robs your house are you going to call the police?
After you call the police will you call your friends and family and tell them?
Will you tell your neighbors and let them now as well?

grow up and stop speculating on what you will and will not do until it happens to you.[/quotei

[quote="51495956332"]I have stopped caring about you getting hacked. If it happens to me, I'll be upset, but the deluge of infantile tantrum posts has officially gotten stale. Blizz is working on it and that's that. I'd tell you to QQ moar, that your tears sustain me, but I really just want to stop seeing these hissy fits polluting the boards.


If someone robs your house are you going to call the police?
After you call the police will you call your friends and family and tell them?
Will you tell your neighbors and let them now as well?

grow up and stop speculating on what you will and will not do until it happens to you.


Im homeless all I have is my trusty authenticator and my wow account that hasent been phished yet ;p
again ,its the server that is hacked, not any of us ,u Blizzard defenders just wait for ur turn . as i am typing here ,right now ,those 2 lvl 1 accounts who hacked me and are login in and out hacking more and more , making money like crazy ,aren;t they . i can see their login info in my chat just can;t do nothing about it ,tried to talk to them ,they won;t reply


What? Are you joking me? If you have to input a code that is only on the authenticator, then yes, it absolutely makes it more secure.


You have no idea how the authentication system works, do you?


Man, it is you who are truly ignorant of how it works.

It's like this:
bool login(String username, String password) {
bool res = account->validateCredentials(username, password);

if (account->hasAuthenticator()) {
if (account->isAuthenticatorAlwaysRequired()) {
if (!account->validateAuthenticationCode(account->promptAuthenticationCode()))
res = false;
} else if (!account->isValidatedLoginLocation()) {
res = false;
}
}

return res;
}
Edited by cRush#1776 on 5/22/2012 7:53 AM PDT
90 Tauren Druid
14000
Blizzard did not get hacked. Blizzard is a publicly traded company. Just like Sony and the company that made rift, any compromises must be announced publicly and not through some 3rd party website who doesn't know what they're talking about.

Account security is still first and foremost the responsibility of the players. and yes, they lie. They will do anything they can to not look bad or avoid responsibility.

WoW players have been dealing with compromises for years now. They know what it's like having to fight hackers every day. Diablo players do not know that as much. For most Diablo 3 player, D3 is the very first online game they've ever touched and so they do not yet know the importance of having a clean computer and secured account.

to hackers, Diablo 3 players are like fresh meat waiting to be hacked. Why wouldn't they take advantage of that.

Blizzard doesn't force you to get an authenticator. There are players who have never had an authenticator and have never had to worry about getting compromised.

Take some responsibilities for the securities of your account. If you don't, I can guarantee it will happen again.
85 Worgen Death Knight
11140
D3 wasn't hacked, you were hacked.

Also this 'session id spoofing' business is a ludicrous urban legend that sprouted up the other day.


What? Are you joking me? If you have to input a code that is only on the authenticator, then yes, it absolutely makes it more secure.


You have no idea how the authentication system works, do you?


Do you...??
it DOES make it more secure, it just doesn't make it completely secure.
Why not explain how it doesn't make it more secure......
85 Night Elf Warrior
6955
Just wondering, do you still use an E-mail account that gets spam mail constantly. If this is the case, there are hackers that already have your access to that E-mail. If that is the E-mail attached to the game, and your password is the same or similar, then it isnt a hard stretch to of the imagination that the account was hacked. I don't know if you realize this, but once one hacker gets your info, its sold and traded on the black market to countless many others. If you do not want to be hacked:

1) Change you E-mail accounts once you start receiving spam
2) Don’t share your gaming E-mail with anyone (if they get hacked, the hacker now has your new e-mail)
3) change passwords every few months (I do every 3 months)
4) Authenticator (I have the mobile one)

All the defenses you may have now are useless if they already have your info, so the need to change once you start showing signs of comprimise.

Hope this helps!
05/22/2012 07:14 AMPosted by paopao
this so reminds me of PSN hacked last year, plz blizzard ,think about it ,Sony did the same thing which u are doing right now and what they get in the end ? stop hiding the truth


You are insinuating that Sony tried to hide the fact they had been hacked. You are completely wrong. They were 100% up front about being hacked (as is required by law). They are not required to tell you more until they have the facts (which took a few weeks).

Blizzard is not tell us they are hacked, because they were not hacked. If they had been hacked, they would have told us (because the law states they have to).

Deal with the fact that you have poor security. Running more than one anti-spyware program is a good indication. If you knew much about how anti-spyware programs worked you would know that running more than one causes a loophole in your system. All you need is one anti-spyware program and one virus protection software. A firewall doesn't hurt either.
05/22/2012 07:44 AMPosted by paopao
and u know whats funny , i can see those 2 unknow accounts both lvl 1 in my friendlists, those who hacked me ,as i am typing here, they are loggin in and out hacking more and more .and i can;t do !@#$ about it , reported their name to Blizzard more than 20 hours ago

this is actually a very big problem. if blizzard can't actively ban the hackers, they're only inviting them to continue hacking into accounts. there seems to be no risk for hacking into account which is why it is so widespread on battlenet. If hackers are reported and promptly banned before they can do anything meaningful, this would not be a problem at all.
90 Draenei Shaman
13825


You have no idea how the authentication system works, do you?


Man, it is you who are truly ignorant of how it works.

It's like this:
function login(String username, String password) {
bool res = account->validateCredentials(username, password);

if (account->hasAuthenticator()) {
if (account->isAuthenticatorAlwaysRequired()) {
if (!account->validateAuthenticationCode(account->promptAuthenticationCode()))
res = false;
} else if (!account->isValidatedLoginLocation()) {
res = false;
}
}

return res;
}


*sigh*

You know nothing if you think it is that simple.
85 Night Elf Warrior
6955
Just wondering, do you still use an E-mail account that gets spam mail constantly. If this is the case, there are hackers that already have your access to that E-mail. If that is the E-mail attached to the game, and your password is the same or similar, then it isnt a hard stretch to of the imagination that the account was hacked. I don't know if you realize this, but once one hacker gets your info, its sold and traded on the black market to countless many others. If you do not want to be hacked:

1) Change you E-mail accounts once you start receiving spam
2) Don’t share your gaming E-mail with anyone (if they get hacked, the hacker now has your new e-mail)
3) change passwords every few months (I do every 3 months)
4) Authenticator (I have the mobile one)

All the defenses you may have now are useless if they already have your info, so the need to change once you start showing signs of comprimise.

Hope this helps!
85 Worgen Death Knight
11140
05/22/2012 07:52 AMPosted by DragonFlyy
You are insinuating that Sony tried to hide the fact they had been hacked. You are completely wrong. They were 100% up front about being hacked (as is required by law). They are not required to tell you more until they have the facts (which took a few weeks).


Actually, Sony knew what was going on from day 1 and chose not to disclose that information. Huge difference. This is why it was a big deal.

Regardless, totally different scenario.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]