Diablo® III

Battle.net® Account Security & Diablo® III

(Locked)

so to recap:

diablo 3 and WoW both use battle.net for some kind of auth to enable gameplay. since the WoW community isnt up in arms about this and there have been no account hacks on the WoW side, id wager (as someone pointed out) that its d3-specific.

how exactly? thats another thread :X


Why?
1. limited time before theri accounts get squashed, and MUCH easier profit to be had from D3 accounts than WoW...RMAH remember? No way I'd waste time hitting the wow accounts first, and once the password gets changed all the data they have been gathering for months becomes useless.


Bashiok directly addressed the rumors in his post here:

We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.

If your account has been hacked, please view the [url="http://us.battle.net/d3/en/forum/topic/5149619846?page=1"]previous post[/url] for information on contacting our support department.


I underlined the parts that are relevant to your first question.

This information has been posted and has been linked ad infinitum. Players still choose to ignore it because it's not what they want to hear. Blizzard can say the same information a hundred different times in a hundred different ways and these people will still plug their ears, yell LA LA LA CANT HEAR YOU, and ignore anything but their stupid theories.


And you missed the hundred or so posts in this thread that point out numerous people have had their accounts hacked while blizzard has officially told them there was no suspicious activity. So if EVERY case is just the normal account/password stealing that they claim. Why is it that they don't have log on records? Why don't they have IP records from different users? Because their explanation makes absolutely no sense.

Would you like to take me up on the offer I made a few posts up? Show everyone how right you are man, put that $$ down.
Edited by tag#1635 on 5/22/2012 3:33 PM PDT
No, these kinds of responses are just infuriating. I didn't click a fishing email, I have ONLY solo-ed, I don't play WOW or any other Blizzard game and I work in IT. I'm not a security expert but I'm not a dolt and I'm getting aggravated by everyone pointing fingers at the user over this issue.


If you work in IT then you should realize there is more likely to be holes in your system than Blizzard. Getting hacked doesn't make you a moron or an idiot, period. !@#$ happens, we make mistakes, no one is perfect all the time. I too have been hacked, to this day Im still not sure where I screwed up, I have theories but nothing conclusive. but I know it was my fault.

Why us "blizzard fanboys" are pointing fingers as the users is because people blaming blizzard comes off as trying to blame someone else for your own mistakes, and instead of saying "Oh, well how did they get me and how can I fix this?"
Account hacked. No authenticator cause well really I shouldn't need it. No other game needs one and I do not have a smart phone. I guess I will be getting one now. The phone queue is full and they cannot take my call at this time...thats...terrible..I do expect everything to be fully refunded though as authenticator or not my account has be ravaged and it is up to blizzard to track these people down, ban them and restore my account. Its an easy fix and I KNOW they can look it up. I even have the time frame for them.
If anyone who thinks this is just people being dumb want to put their money where their mouth is I would be willing to enter into a legal contract with either blizzard or any forum member whereby I will pay for my computer to be checked by a professional for any malware/keyloggers that could have done this.

If there is then I'm out the money and will officially create a thread on these forums stating I'm an idiot and was hacked.

If there isn't then you owe me double the money I spent to get it checked out (because I'm the one doing all the hassle work and putting up my money up front) and you have to create a thread saying you are an idiot and I was not hacked.

Any takers?


So you can delete the keylogger yourself and then pocket the cash? That's a sucker's bet, no thanks. Cheater.

If you work in IT then you should realize there is more likely to be holes in your system than Blizzard. Getting hacked doesn't make you a moron or an idiot, period. !@#$ happens, we make mistakes, no one is perfect all the time. I too have been hacked, to this day Im still not sure where I screwed up, I have theories but nothing conclusive. but I know it was my fault.

Why us "blizzard fanboys" are pointing fingers as the users is because people blaming blizzard comes off as trying to blame someone else for your own mistakes, and instead of saying "Oh, well how did they get me and how can I fix this?"


As an IT person does it make sense to you that blizzard told us all compromises have been the normal account/password theft, yet tons of people have also been told by blizzard when they submit a ticket that there is no suspicious activity on their account and they won't restore them?

Blizzard keeps track of log-ins and IP addresses from the log in user. So please explain to me how it is that people logged onto our accounts, took our stuff, and yet no record of them ever doing so exists?
update, just got home from work. Account still not hacked, off to play some public games, later guys!
so to recap:

diablo 3 and WoW both use battle.net for some kind of auth to enable gameplay. since the WoW community isnt up in arms about this and there have been no account hacks on the WoW side, id wager (as someone pointed out) that its d3-specific.

how exactly? thats another thread :X


question is, when you log into WOW or D3 are you credentials shared in the same database?
doesnt seem logical, but as you stated, No WOW accounts are getting hacked into -
so how could battlenet be compromised..

i cant imagine WOW and D3 are sitting on the same servers, per say.. in others words, your user info (creds and character) are stored in just a D3 database, and its this database that is compromised.. Not Battlenet...
Edited by Thadenkeen#1704 on 5/22/2012 3:44 PM PDT
I assume the hackers usually target softcore characters?
I've been playing pub matches in hardcore all week, still not hacked.


Bashiok directly addressed the rumors in his post here:



I underlined the parts that are relevant to your first question.

This information has been posted and has been linked ad infinitum. Players still choose to ignore it because it's not what they want to hear. Blizzard can say the same information a hundred different times in a hundred different ways and these people will still plug their ears, yell LA LA LA CANT HEAR YOU, and ignore anything but their stupid theories.


And you missed the hundred or so posts in this thread that point out numerous people have had their accounts hacked while blizzard has officially told them there was no suspicious activity. So if EVERY case is just the normal account/password stealing that they claim. Why is it that they don't have log on records? Why don't they have IP records from different users? Because their explanation makes absolutely no sense.

Would you like to take me up on the offer I made a few posts up? Show everyone how right you are man, put that $$ down.


Okay, first of all, there are many reasons why Blizzard may not be seeing where the logins are coming from. I don't know them and you don't know them, so you can't say anything definitive about it. Maybe there's another issue with their logs and is completely unrelated to the hacking issue, but because they're inherently linked it's just exacerbating the problem. (Exacerbate, by the way, means to make it worse)

Second of all, I responded to your stupid bet already but I'll do it again. You probably cleaned the keylogger yourself and are just trying to get some sucker to say yes so you can take his money. No sir, I will not be that sucker. How about you man up and take responsibility for your piss-poor computer security?
so to recap:

diablo 3 and WoW both use battle.net for some kind of auth to enable gameplay. since the WoW community isnt up in arms about this and there have been no account hacks on the WoW side, id wager (as someone pointed out) that its d3-specific.

how exactly? thats another thread :X


question is, when you log into WOW or D3 are you credentials shared in the same database?
doesnt seem logical, but as you stated, No WOW accounts not getting hacked into -
so how could battlenet be compromised..

i cant imaging WOW and D3 are sitting on the same servers, per say.. in others words, your user info (creds and character) are stored in just a D3 database, and its this database that is compromised.. Not Battlenet...


It seems pretty logical to me as a software developer and someone capable of designing a multi-service application that is expected to have connections from game clients, web pages, and mobile applications and will eventually want to communicate between games.

It's super duper standard to have some type of authentication service/database and then have multiple applications use it at the very least.

Right now all modern Blizzard games and services (AH included) sit on top of Bnet. Bnet gives a lot of core functionality to any products (games) that are using automatically and helps tie in certain components of different games together.

It's also super duper possible that some exploit exists in D3 that lets people yoink restricted information from bnet. Bnet in itself is safe, but D3 is not. That is why no one is complaining about WoW accounts being compromised.
Edited by viscrom#1983 on 5/22/2012 3:50 PM PDT
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]