Diablo® III

Battle.net® Account Security & Diablo® III

(Locked)

85 Orc Warrior
1365
You guys realize they have to legally announce if their databases were compromised, and it wasn't your fault?
I doubt they'd break the law and not "admit" that it's their fault, god knows what'd happen if they didn't do what they legally have to.
Maybe you should learn some basic law before you start pointing fingers.


Big companies with millions (to billions) in profit at risk in revealing the truth always obey the law! Because it's what Jesus would do.
You guys realize they have to legally announce if their databases were compromised, and it wasn't your fault?
I doubt they'd break the law and not "admit" that it's their fault, god knows what'd happen if they didn't do what they legally have to.
Maybe you should learn some basic law before you start pointing fingers.


Data breach notification laws only cover particular types of data. If hackers didn't get access to any personal information (i.e. just the characters) they may not be required to report it.

Additionally, they are allowed to delay reporting of any breaches in the event that a notification could impede a criminal investigation.
Just want to say thank you for this sticky, blues.
ヽ(*≧ω≦)ノ
The users/characters who did the hacking, one way or another, are still online and doing it. I just watched one do it. If you can't even take care of that, why the hell should we believe anything else?

Silly blizzard. Enjoy the taste of feet later. Hope it overpowers the taste of the cash and cow dung.
@Hellasha

Instead of trying to seem clever, can you explain how people with auth had been hacked when the code is unique use and not a time limitation or I dunno what? Even a keylogger / eye on your keyboard watching u all day won't permit someone to use a 2nd time a same auth code.
I have an idea Blizzard, get me back my stolen items or refund my money for the game because your devs were too retarded to realize that a game that has been anticipated for over a decade didn't have appropriate safeguards.
05/21/2012 08:58 PMPosted by Hellasha
There was without a doubt, an exploit! Don't be Naive! Actually, don't be a fool!. This is a massive F UP. have no doubt!


It is also naive to think that those who had their accounts compromised wouldn't lie about whose fault it is.


And increasingly naive to think everyone with an authenticator that is super cautious and hasn't been hacked in 8 years of WoW is suddenly instantly hacked in Diablo 3.

Blizzard screwed up bad. The 1 thing everyone who has been hacked has in common is joining public games, especially during ni-hao hours.
They are logging into your account from YOUR computer.

They get control of your system by using a zero-day vulnerability in something like Flash or Java. Then they wait. When the time is right they snatch your password then set up a proxy on your computer. They connect to the proxy and log in. When they look up the IP of the log in it says the last log in came from your machine.


Slow down Sherlock.

That would REQUIRE a digital footprint upon the sacred log files of Blizzard. Only....Blizzard shows NO log of the aforementioned supposed hack of your logon credentials.


That wouldn't show up as anything unusual. It would just show up as you…logging in, from your computer.

In order to trace the "digital footprint" they would need access to your machine. That's where the log is.
the same names of accounts have been brought up in other threads for performing what appears to be a session state hijack exploit, NOT a password/account theft.This blue post does not address any of the above.... very disappointed.


This is what gets me. If there is an exploit it has nothing to do with authentication. You don't have to enter your password every time you cast a spell or click your mouse.

It's mostly being discussed in other places on the web, but this is not something that can be prevented by authenticators etc. and it IS doing damage to blizzard's reputation whether it exists or not.

That the IP address is only logged and tied to the session ID when someone logs in and not apparently on logout or during a trade - according to reports by many users - is incomprehensible. I'm tempted to turn on ethereal myself and see what info is communicated by the client during a game just to see if this is a real possibility, because if it is, it's a huge gaping hole in a database driven client.
Tips:
- Don't download !@#$
- use a freaking firewall and virus scan, they are annoying, but less annoying than viruses and theft
- get an authenticator, and ACTUALLY USE IT
- what I mean by actually using it is make it authenticate EVERY TIME you log in, not just on "unusually activity" it takes me less than 10 seconds to push the button my authenticator and type in the 6 digit code when logging onto D3, its NEARLY impossible to get hacked if you use your authenticator properly (and seriously, who can't afford $6.50 and free shipping? if you say you can't afford it, but you still bought a $60 game, I question whether or not you're feeding your kids)


Are you a sentient being capable of independent thought? Read the forums. People with authenticators are getting hacked by an exploit, not because they are visiting fishy websites or disabling their firewalls.
We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. Historically, the release of a new game -- such as a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III. We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well. You can read about ways to help keep your account secure, along with some of the internal and external measures we have in place to help us achieve our security goals, at our account security website here: www.battle.net/security.

We also wanted to reassure you that the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises, and we encourage everyone to take advantage of them. In addition, we also recently introduced a new service called Battle.net SMS Protect, which allows you to use your text-enabled cell phone to unlock a locked Battle.net account, recover your account name, approve a password reset, or remove a lost Authenticator. Optionally, you can set up the Battle.net SMS Protect system to send you a text message whenever unusual activity is detected on your account, keeping you aware of important (and possibly unwanted) changes.

For more information on the Authenticator, visit http://us.battle.net/support/en/article/battle-net-authenticator-faq

For more on the Battle.net Mobile Authenticator, visit http://us.battle.net/support/en/article/battle-net-mobile-authenticator-faq

For more on Battle.net SMS Protect, visit http://us.battle.net/support/en/article/battlenet-sms-protect

We also have other measures built into Battle.net to help protect players. Occasionally, when Battle.net detects unusual login activity that differs from your normal behavior -- such as logging in from an unfamiliar location -- we may prompt you for additional information (such as the answer to one of your security questions) and/or require you to perform a password reset through the Battle.net website. World of Warcraft players might be familiar with this security method already, and Diablo III players may begin to encounter it as well.

As always, if you think you've been the victim of an account compromise, head to the "Help! I've Been Hacked!" tool at http://us.battle.net/en/security/help for assistance.


They don't deny that they have been compromised. They only imply that this is normal when it is not. What is going on? I've never seen so many reports of hacking in a game before. Your passwords aren't case sensitive. I just tested this and found it to be true. What business do you guys have lecturing on account security when you can't even manage to implement a secure password system? What kind of shop are you guys running at Activision? I have not been hacked, but I'm starting to become concerned for my personal information.
looks like i was right again, battle net wasnt hacked and to many dumb players dont know how to keep their comp safe. gg
c'mon guys, it's impossible that Blizz got breached! As impossible as Rift got...

http://www.shacknews.com/article/71706/rift-hacked-user-information-stolen

/sarcasm off
05/21/2012 09:01 PMPosted by Probability


It is also naive to think that those who had their accounts compromised wouldn't lie about whose fault it is.


And increasingly naive to think everyone with an authenticator that is super cautious and hasn't been hacked in 8 years of WoW is suddenly instantly hacked in Diablo 3.

Blizzard screwed up bad. The 1 thing everyone who has been hacked has in common is joining public games, especially during ni-hao hours.


No one with an authenticator has been hacked, anyone who says so is lying.
So if I add the SMS (which I just did) and I login from the USA at 8AM and then somebody from let's just say one of the Asian countries, or maybe from the Middle Eastern countries tries to login to my account at 10AM, will the Battle.net system stop them dead in their tracks since it would be physically impossible for me to login from the USA and then the Middle East 2 hours later?

Also would I be protected in a situation like listed above if the hacker is trying to use an anonymizer service to spoof his IP address as from the USA?

What if I tried to login from the West Coast of the US at 8AM and then somebody tried to login to my account from the East Coast of the US 2 hours later, would the battle.net system also block them and lock up my account and send me a text message?
I haven't visited any sites I don't normally after getting D3. Are you suggesting that the sites I visit knew I was going to purchase D3, and my account was worth accessing? The odds of this are extremely low, also I ran a full scan and detected no viruses whatsoever.
Okay, the digital footprint IS the login (for those saying it wouldn't show anything). Also, if you go to youtube and look up Diablo 3 Hacking wmv you can see a video of what happens when the account is hacked.
They are logging into your account from YOUR computer.

They get control of your system by using a zero-day vulnerability in something like Flash or Java. Then they wait. When the time is right they snatch your password then set up a proxy on your computer. They connect to the proxy and log in. When they look up the IP of the log in it says the last log in came from your machine.

They climbing in your windows, snatching your people up...y'all need to hide your kids, hide your wife, AND hide your husband!


Hide them Authenticators too.


And increasingly naive to think everyone with an authenticator that is super cautious and hasn't been hacked in 8 years of WoW is suddenly instantly hacked in Diablo 3.

Blizzard screwed up bad. The 1 thing everyone who has been hacked has in common is joining public games, especially during ni-hao hours.


No one with an authenticator has been hacked, anyone who says so is lying.


I'll respond to this like people like you have responded to everything else. Where's your proof.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]