Lylirra:We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. *cut*
That’s not addressing, that’s trying to ignore the issue with netcode security.
For more info, see http://us.battle.net/d3/en/forum/topic/5149539239
…and definitely the post by KhelThuzad here:
(Quote: “The exploit itself was confirmed over at BlizzHackers.”)
The first post of that thread (that KhelThuzad posted in) is also interesting, proving that authenticators are not preventing these hacks, probably because no login/pass is required in the first place. Also, if Bnet accounts passwords were being compromised in order to strip the chars of their gear and gold, then we should also be seeing a massive wave of WoW players complain on the WoW forums about the same thing happening to their WoW chars, and that is not happening at present.
There are 2 things happening here at the same time. One is the exploit, the other is the usual reports of people getting hacked because of their PCs having been compromised, or having used their password elsewhere, etc. Please Blizzard, do not make the mistake of ignoring a possible security hole.
In a blue post here on the D3 forums, Blizz have stated that they have yet to discover a case in which someone was hacked without their account having been logged into by someone else. This is not true. This directly contradicts a report from a player on the same forums. He stated that the response he received from Blizz support regarding his char being stripped of gear and gold, included the statement: “Your account has not been compromised”, judging from the fact that no one with a different IP than that player himself had been logged into his account.
PS I have not been hacked, so I don’t have any such motivation for writing this. Where there is smoke, there’s fire….