Diablo® III

Ummm...all of my gold and items are gone

05/20/2012 09:20 PMPosted by Jul
I'm not familiar with that authenticator thing. I just got hacked, and I'm looking forward to secure my account the best I can before continuing playing. Do I need to have a smart phone to have an authenticator? I don't have one..


It's $6 shipped from the blizzard store. It's a keychain.
Reply Quote
Hello all,

I had my diablo 3 account hacked today. All my items gone and gold liquidated. Blizzard rolled it back to where I was a day and a half before. Meaning I lost around 20 hours of game time play. Not only that, but from what I've read, it seems to be blizzard's fault. My password is a random combination of capitalized and uncapitalized letters, numbers, and special characters. My security question answer is also unknowable by anyone but me.

I was told I'd have to use an authenticator now to use the Real money auction house, and if it happened again, my account would be banned from the RMAH. What is up with that? Blizzard has security flaws and I get punished? So ontop of losing 20 hours of gameplay, I have to use an authenticator to login to my account now, and am teetering on the edge of never using the RMAH? FFFFFFFFFFFFFFF!

I just reformatted this computer in anticipation for diablo 3. I have no programs on here but diablo 3, an EVGA overclocker, and internet explorer. I'm also on a secure wired connection, with a legitimate copy of windows 7. I know my stuff, I majored in comp sci in college. Don't treat me like an idiot. This is not my fault.

It is your fault, you don't have an authenticator. Maybe you should have majored in Comp Security instead. Do you also leave your door at home unlocked?
Reply Quote


Your anecdote does not refute his claim in any way, shape or form.


Oh he was hacked but it's not blizzards fault he did something he should not have. IE: All stated above.

General RULES:

DO NOT CLICK ON LINKS IN YOUR EMAIL! Even if they claim it's blizzard. ;)
DO NOT use your login credentials on another site. IR: Same password, email, etc.
UPDATE your antivirus. If you don't have one, for the love that is all holy get one. Plenty of free nice ones. Google it.


Are you privy to the Sony Playstation Network hacking fiasco? If not, Google it. It's not always the end-user's fault.
Reply Quote
05/20/2012 09:08 PMPosted by NoxeOut
I've been playing WoW since release and have never been hacked.

Not that I'm defending the OP, but anyone can get hacked. Just because you haven't, doesn't mean you won't be. And authenticators and good practices only go so far, if someone wants your account, they'll get it, just depends on how hard they want to work for it.

I guess claiming "I didn't get hacked, you did something wrong." Would be like saying, "I haven't been in a car accident, you must've done something wrong", where there are lots of ways to avoid accidents, there's also ways where they are unavoidable.

Though that's a lot of 'hacked accounts' flying around the forums, it makes me wonder if the server ate the characters instead of the accounts being hacked. Nom nom nom.
Reply Quote


Nope, not at all. Security issues are caused by: Trojans, people who use the login credentials on another site, sharing accounts, logging in to clone sites. THIS IS THE USERS FAULT.


My computer is completely virus free and I did not do ANY of those things, nor have I ever. I've never been hacked in my life and now all of a sudden I happen to be one of the many unlucky people who all got hacked around the same time. Blizzard really failed here

YOU failed by not having an authenticator. End of story.
Reply Quote


My computer is completely virus free and I did not do ANY of those things, nor have I ever. I've never been hacked in my life and now all of a sudden I happen to be one of the many unlucky people who all got hacked around the same time. Blizzard really failed here

YOU failed by not having an authenticator. End of story.


How do you know that accounts with authenticators haven't been hacked?
Reply Quote
05/20/2012 09:08 PMPosted by MystiKasT
I don't have a smartphone, and I don't have the extra money for an authenticator. Because of this, you're saying it is my fault my account got hacked? When my password is specific ONLY to this video game, my b.net account email specific only to b.net!? GET REAL!

You can spend $60 on Diablo 3 but you can't spend $6 on a fob? How much did you spend on beer this weekend? How much will you spend on coffee Monday morning? Obviously this isn't isn't a priority for you.
Reply Quote
people still use virus scanners?

People still believe those will actually help? lol
Reply Quote
Most likely a bug.

http://us.battle.net/d3/en/forum/topic/5271598772?page=1#0

Read.

If you did get hacked it's your own fault, don't blame anyone else.

My computer is completely virus free and I did not do ANY of those things, nor have I ever. I've never been hacked in my life and now all of a sudden I happen to be one of the many unlucky people who all got hacked around the same time. Blizzard really failed here


If you got hacked, it is on your end, not Blizzards. As a company Blizzard is legally bound to tell its customers if its services are illegally accessed, aka hacked, tell me how many times this has happened? Oh wait, none.
Reply Quote
100 Night Elf Hunter
12320
Posts: 10,424
05/20/2012 09:08 PMPosted by MystiKasT
I don't have a smartphone, and I don't have the extra money for an authenticator. Because of this, you're saying it is my fault my account got hacked? When my password is specific ONLY to this video game, my b.net account email specific only to b.net!? GET REAL!


Are you suggesting that there's a security breech in Blizzard's servers? Because, if that's the case:

1. There would be many more hacked.

2. Blizz would have to announce the security breech per Federal law.

Anyway, did you scan your computer with an anti-malware program, like Malwarebytes? The best way is to run the scan with the launcher up and gibberish typed into the fields.

You also may want to check your email. Sometimes the compromise happens there and not on your computer.

Good luck.

-

P.S. The keyfob costs only $6.50, with free shipping and handling.
Reply Quote

YOU failed by not having an authenticator. End of story.


How do you know that accounts with authenticators haven't been hacked?

Because authenticators only allow a 15 second window to be hacked. The odds of that happening are very slim.

The only scenario I can imagine is having a keylogger and backdoor installed locally and the account is compromised via remote ssh while the person is logged on.
Reply Quote
you don't need a trojan to have your account hacked. symantec last estimated the number of online game website with malicious software at around 800,000, including legitimate websites with mal advertisements. stolen accounts number in the millions. just because you haven't had your account hacked in the last 1 year doesn't mean you aren't hacked. it just means the thieves have not reached you as they are clearing the backlog of compromised accounts.

that's why it is always recommended to keep changing your password.
Edited by princeb#1711 on 5/20/2012 9:41 PM PDT
Reply Quote
Most likely a bug.

http://us.battle.net/d3/en/forum/topic/5271598772?page=1#0

Read.

If you did get hacked it's your own fault, don't blame anyone else.

My computer is completely virus free and I did not do ANY of those things, nor have I ever. I've never been hacked in my life and now all of a sudden I happen to be one of the many unlucky people who all got hacked around the same time. Blizzard really failed here


If you got hacked, it is on your end, not Blizzards. As a company Blizzard is legally bound to tell its customers if its services are illegally accessed, aka hacked, tell me how many times this has happened? Oh wait, none.


Sometimes it takes time to verify whether claims are legitimate.
Reply Quote
Because authenticators only allow a 15 second window to be hacked. The odds of that happening are very slim.

The only scenario I can imagine is having a keylogger and backdoor installed locally and the account is compromised via remote ssh while the person is logged on.


Hate to tell you this but you're wrong.

http://lorehound.com/news/world-of-warcraft-authenticator-hacked/

Also the window is much larger then 15 secs.

Just tested it myself. I wrote down my code, waited a few mins and it still worked. Seems like the codes are valid up to 10 mins and once used, it and any codes before it won't work again.
Edited by Switch72nd#1324 on 5/20/2012 9:49 PM PDT
Reply Quote


How do you know that accounts with authenticators haven't been hacked?

Because authenticators only allow a 15 second window to be hacked. The odds of that happening are very slim.

The only scenario I can imagine is having a keylogger and backdoor installed locally and the account is compromised via remote ssh while the person is logged on.


The only thing I'm trying to communicate is that a security hole on Blizzard's end is not entirely out of the question. An authenticator won't really do any good if Blizzard had some deranged employee dish out a bunch of login info for some reason.
Reply Quote
100 Night Elf Hunter
12320
Posts: 10,424
Because authenticators only allow a 15 second window to be hacked. The odds of that happening are very slim.

The only scenario I can imagine is having a keylogger and backdoor installed locally and the account is compromised via remote ssh while the person is logged on.


Hate to tell you this but you're wrong.

http://lorehound.com/news/world-of-warcraft-authenticator-hacked/

Also the window is much larger then 15 secs.


That's the man-in-the-middle attack. There have been a few verified cases of that happening, but it's very rare--and it still takes getting a trojan on your computer.
Reply Quote
That's the man-in-the-middle attack. There have been a few verified cases of that happening, but it's very rare--and it still takes getting a trojan on your computer.


The type of program wouldn't launch until you were logging in, and new viruses and malware are made every day, which an AV might not detect, not to mention polymorphic code can be used to make it hard to detect as well.
Reply Quote
Because authenticators only allow a 15 second window to be hacked. The odds of that happening are very slim.

The only scenario I can imagine is having a keylogger and backdoor installed locally and the account is compromised via remote ssh while the person is logged on.


Hate to tell you this but you're wrong.

http://lorehound.com/news/world-of-warcraft-authenticator-hacked/

Also the window is much larger then 15 secs.

Just tested it myself. I wrote down my code, waited a few mins and it still worked. Seems like the codes are valid up to 10 mins and once used, it and any codes before it won't work again.

Thanks for the link. I really hope a vulnerability in the Authenticator hasn't been found.
Reply Quote
05/20/2012 08:54 PMPosted by BuckNasty
Jesus blizzard really dropped the ball on this whole security thing
buy an authenticator.
Reply Quote
05/20/2012 09:55 PMPosted by NewJohnny
Thanks for the link. I really hope a vulnerability in the Authenticator hasn't been found.


There is no vulnerability on the Authenticator itself. It would be on your pc and would be noticeable if you knew what to look for.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]