Diablo® III

Battle.net® Account Security & Diablo® III

(Locked)

Posts: 1,127
I got my account hacked a few hours ago. I haven't played in a public game at all, additionally I changed my bnet password when d3 came out, so any possible phishing attempt from the past would have been nullified by this. I will admit that I didn't have an authenticator attached however(my mistake, this has been rectified). Thankfully my chars weren't deleted, just the 350k that I'd earned so far was stolen.

Also, the idiot that took my money left his account friended with mine for a while so i was able to get his bnet name 'xxxbbb9' <-- a lot of help that does, I'm sure. All I want is my money back and I'll just carry on.

This whole thing is ridiculous however. I have never once had an account hacked in 15 years of online gaming. I'm not one of the "offline mode naow!" crowd, so don't go accusing me of that, but clearly blizzard screwed up horribly and they need to own up to the mistake on THEIR end. There are FAR too many reports of this happening to be a client issue only. Even a writer from Eurogamer got his accnt hacked, so clearly this isn't some orchestrated plot by a particular faction to get an offline mode.


...Sweet Jesus, not to be rude, but if you have the name of the person who hacked you why are you lazily posting it on the forums instead of directly calling support and passing what you know along so they can get to the bottom of it?

Seriously, I would like to know if it's safe to play the game, and half of you guys who say you were hacked aren't even contacting support by phone you're here complaining on the forums to the poor mods who really cannot help you as much as support can. The forum CMs are passing information along, they are not support. Contact customer support, they can reverse the damage done, and find out who the money/items were traded to(and how many times that gold was traded around).

Withholding that information makes you a part of the problem, not the solution. Posting that information here gives the hackers a heads up to what you do know.

I'm really just scratching my head right now. Is it the shock of being hacked that makes you think to post about it before dialing a number?


I provided the btag of the person who compromised my account to support on the 19th as well as a heap of other questions and information.

All of it was ignored and unanswered except to buy an authenticator and get a rollback.

The best part is the account who compromised my account now has higher level characters than my account. I haven't even played since Friday because of this. Best $65 spent ever.
Edited by viscrom#1983 on 5/22/2012 2:49 PM PDT
100 Human Mage
5235
Posts: 264
...Sweet Jesus, not to be rude, but if you have the name of the person who hacked you why are you lazily posting it on the forums instead of directly calling support and passing what you know along so they can get to the bottom of it?

Seriously, I would like to know if it's safe to play the game, and half of you guys who say you were hacked aren't even contacting support by phone you're here complaining on the forums to the poor mods who really cannot help you as much as support can. The forum CMs are passing information along, they are not support. Contact customer support, they can reverse the damage done, and find out who the money/items were traded to(and how many times that gold was traded around).

Withholding that information makes you a part of the problem, not the solution. Posting that information here gives the hackers a heads up to what you do know.

I'm really just scratching my head right now. Is it the shock of being hacked that makes you think to post about it before dialing a number?


Phone call queue is full. Please call later.


There are also support tickets, phone calls are just faster.

The information for literally every high end Blizzard employee is also out there for those who care to get to the bottom of it quickly. I emailed the owner once about a problem, he immediately responded back on his smartphone before going on stage(Blizzcon), and had a rep call me directly within minutes.

Your response time is directly based on how much you care about the situation.

I won't post his email simply because I don't think he would be cool with everyone spamming it and my problem was with an in game GM rather than a hacker...but he's most likely not even aware of this situation. He did however totally revamp customer support after my complaint and took it very seriously, haven't had a similar problem since then. Was the best Blizzard experience I've ever had, but since he owns the company I believe he has a vested interest in happy customers.

Just saying if it were me I'd be hunting for information to get the problem solved rather than tossing my hands up in the air and casually posting on the forums about it to people who can't even begin to help.
My guess is


this is where i stopped reading...


Ya.. and where did you start reading? This whole incident has been nothing but speculation from the beginning. All I did was inform the public of the scenario that happens every day as an alternative to this wildly assumptious and outlandish claim that battle.net is insecure.
Edited by Sammich#1797 on 5/22/2012 2:57 PM PDT


Ya.. and where did you start reading? This whole incident has been nothing but speculation from the beginning. All I did was inform the public of the scenario that happens every day as an alternative to this wildly assumptious and outlandish claim that battle.net is insecure.


the sentence right before that.


Perhaps you should have read the paragraph through to the end, where I again informed the player that my speculation was just that.

Instead you decided to be a jerk and try to paint me like I was passing my assumption off as fact.
Edited by Sammich#1797 on 5/22/2012 3:01 PM PDT
Does this have anything to do with getting the 3007 error and switching to the public google dns server as a quick fix. Im just wondering before I decide to switch so I can actually get some use out of my 65 dollars. Thanks.
60 Worgen Hunter
420
Posts: 689
05/22/2012 02:59 PMPosted by RoRo
Apparently hacks are happening through the AH niot public games


No, they're not.
05/22/2012 02:09 PMPosted by Aksha
how is it my fault when literally the only thing installed on my pc is diablo3 and google chrome and i havent downloaded anything else or visited any other sites other than this one and facebook. please explain to me how it is my fault for being hacked when i literally have done nothing that shows signs of user error


because you havent drank the Blizzard fanboy kool-aid..

geez! whats wrong you...
Posts: 408
I like how this is 124 pages of bickering instead of anyone posting any sort of proof of anything that they claimed.
48 Gnome Mage
420
Posts: 37
Sorry, you fail for misinformation. You have options other than purchasing an authenticator, including using the battle.net authenticator app. While I agree that Blizzard could (should?) include an authenticator in their game packages, even this would not be foolproof because the games are available digitally.

In the end, it's $6. If you don't have a smartphone.
Posts: 2,057
View profile
05/21/2012 08:44 PMPosted by tacD
case sensitivity in the password does not make it secure. Keylogger's have no problem seeing through that. A better way to defeat brute force hackers is to use a variety of alphanumeric characters and special characters, when able.


So please tell me which pw is more secure:

youar3dum8 or yOuaR3DuM8?


Does this answer your question?

http://www.xkcd.com/936/
Posts: 60
I believe that Blizzard has yet to encounter a hacked account that had Authenticator activated ahead of time.

However, my experience leads me to suspect that some sort of central event is at play here. Such as a compromise at Blizzard in which usernames and passwords were stolen (or at elast the email usernames), or some sort of phishing spread via the Blizzard forums themselves.

It generally doesn't happen that so many users of a particular service would get compromised in such a short period of time, unless there was some sort of vector targeting that service. A general-purpose spammer with a list of 100,000 random email addresses or facebook accounts isn't likely to have much success targeting Diablo 3 customers. Somehow the source of the attacks is able to successfully target Diablo 3 players, meaning at the very least they have access to a list of Diablo 3 players' email addresses to send them malware links, or have posted malware links to a Diablo 3 user hub like these forums. Maybe a fake Facebook Diablo 3 app or something?

My guess would be something that spread via the forums, or Twitter, or email, or Facebook, that targeted people interested in Diablo 3 with an invite to a fake D3 beta or something. Or, Blizzard really did mess up and allow a database of email addresses and/or passwords to get compromised. Something like that had to happen, though. There's no way this many accounts would get compromised just from errant spam or drive-by downloads. Some sort of Diablo-specific vector had to be involved.

The length or complexity of your password doesn't mean much. Account takeovers do not occur via brute force these days and hackers aren't likely to spend time trying to guess your password. Your password can be 12345, it isn't going to matter very much. Once a hacker has your password, they can cut and paste "IUFn298r0nalokjo&^5nbsn" just as easily as they can cut and paste "12345" or "password". Doesn't matter.

All of the above are pretty successfully protected from if you use 2-factor (Authenticator). They even offer it via POTS now, so you don't need a dongle or even a fancy smartphone, you can use any old telephone to do it, for free. Blizzard ought to do more to force people to use it and do more to force people to acknowledge the risks if they don't.

Now, maybe there is a session hijacking thing going on. That would be pretty revolutionary to see something that complicated being launched successfully in such high numbers in such a small period of time. So, it's possible, but I highly doubt it... or I highly doubt that something that advanced is the cause of anything more than a tiny fraction of the account takeovers.

tl;dr: something more than just your typical account takeover is going on, it might be Blizzard's fault, but it might not. Either way, so far I doubt that it is affecting people who use Authenticator, and I doubt that it matters whether your password is complex or simple.

Still tl;dr: Authenticator.
Edited by Yar#1933 on 5/22/2012 3:16 PM PDT
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]