Diablo® III

Ummm...all of my gold and items are gone

05/20/2012 08:59 PMPosted by MystiKasT
I had my diablo 3 account hacked today. All my items gone and gold liquidated. Blizzard rolled it back to where I was a day and a half before. Meaning I lost around 20 hours of game time play. Not only that, but from what I've read, it seems to be blizzard's fault. My password is a random combination of capitalized and uncapitalized letters, numbers, and special characters. My security question answer is also unknowable by anyone but me.


You getting hacked is all YOUR fault. You should be a little more cautious with the websites you go to. Get some spyware and maybe anti-virus. I guess you forgot to install such things, being the comp graduate type guy you dubbed yourself.
Reply Quote
battlenet passwords don't even support capitalization, btw.

To think Blizzard's security is the best it can be is a mistake. There's an exploit out there to jack session ids or something.
Reply Quote


D2 had more vulnerability and hacks than a lot of other games. I've played trashy F2P games developed overseas and published by no name companies in the US. Those games were more secure than D2 and that was over 10 years ago so they are in the same era of time.

Face it. Blizzard has an amazing art team and their music used to be (sort of still is but not quite) is second to none.

Their security is a joke though. Who forces authenticators down your throat in order to be safe when you're actually not safe. It's just another revenue source for them. People fear what they don't understand, and fear is a great motivator to make purchases.


D2 is also an extremely old game so the rest of your tear fest text is irrelevant. 12 years old to be a little bit more precise. They don't force authenticators down your throat and the reason they suggest it is because of stupid people downloading dumb !@#$ to have their accounts compromised (which is what we're seeing).

You clearly are a clueless individual.

05/21/2012 07:31 AMPosted by Rolypoly
Expert trolling. Are these the same elite programmers leaving SC2 wins to be checked on the client side so the ladder is full of kiddies with 100% win rate, or people mass drop hacking all top players out of their games? Exploits always exist in all software, and there could definitely be a vulnerability somewhere.


Not trolling, learn the definition please. Also, you're comparing in-game mechanics being manipulated with reverse engineering, since they are client side. Their authentication system and everything that is Diablo 3 for the most part is all server side. I wish anyone the best of luck penetrating their defenses to alter security to their liking without getting immediately caught and denied.

Trion is a !@#$ company and RIFT is a %^-* game. I knew it the first time I played it during beta...it was a garbage game and what do you know, the consensus was right.


They wouldn't need to alter security of anything like that if the hole allows them to skip the security checks altogether, perhaps something in the friends system for example.
Reply Quote
Posts: 30
I think it is funny how butt-hurt some of you kiddys get when someone (wait make that thousands) of people come here with valid problems.

Yes, some people are stupid and get their accounts compromised on their own.

There is a clear trend here though for anyone looking at this objectively and not from some kind of ignorant fan boy - ism attitude.

BTW for all you idiots who think Blizzard is the second coming, and the greatest bunch of people in the industry, you have a lot to learn.

Blizzard doesn't give a crap about you, stop spending your precious childhood on forums being their virtual a.sskisser, when the time comes, and you have a problem, and are left in the dark about it, you will change your tune.

For what its worth, Blizzard used to be a good company, in the pre- WoW days.

Since that triumphant piece of money sucking crap game, they have lost all desire to create good games, and support the industry.

Instead they just look at that fat income from WoW and put everything else on the back burner.
Edited by jameth#1456 on 5/21/2012 7:50 AM PDT
Reply Quote
battlenet passwords don't even support capitalization, btw.

To think Blizzard's security is the best it can be is a mistake. There's an exploit out there to jack session ids or something.


Thinking that case-sensitive passwords have anything to do with security is a mistake.

No one brute-forces passwords anymore.
Reply Quote
Posts: 1,127
D2 is also an extremely old game so the rest of your tear fest text is irrelevant. 12 years old to be a little bit more precise. They don't force authenticators down your throat and the reason they suggest it is because of stupid people downloading dumb !@#$ to have their accounts compromised (which is what we're seeing).You clearly are a clueless individual.


You're clearly trolling or on drugs. I already said the games I compared it to were in the same time era as D2. Hint: Read more than 1 sentence of my post.
Reply Quote
Posts: 30
battlenet passwords don't even support capitalization, btw.

To think Blizzard's security is the best it can be is a mistake. There's an exploit out there to jack session ids or something.


Thinking that case-sensitive passwords have anything to do with security is a mistake.

No one brute-forces passwords anymore.


I work for an ISP and I can absolutely tell you people attempt bruteforce attacks on almost every login system there is, like all day, every day.

I have many many many logs to show this :)
Reply Quote
Rofl @ ppl coming in here its the users fault. It definatly is not. There is just no way to hack accounts if there isnt breach somewhere within the security of blizzard servers.
People getting hacked here have proper, non-shared passwords, proper security installed and dont download keyloggers, duh.
These people just easily logg on accounts they found on the auction house bidding, without ever needing a password.
When theres maxed out threads of people claiming they got hacked and many of those claiming so having an authentificator, then its not just a few people.
I just wanna see the faces of the arrogant, arrant kids coming into threads like these claiming its all our fault when they are being hacked within the next 1-2 days. Its gna happen and Im gna laugh at you.
Reply Quote
Posts: 1,127
05/21/2012 07:56 AMPosted by hsram


You're clearly trolling or on drugs. I already said the games I compared it to were in the same time era as D2. Hint: Read more than 1 sentence of my post.


Didn't need to, it was full of non-sense garbage.


I'm not going to continue to argue with you because I want the topic to stay on topic and not get locked. Congrats, you win. I'm putting you on ignore.
Reply Quote
Posts: 4,150
View profile
05/21/2012 07:52 AMPosted by Carzeri
There is just no way to hack accounts if there isnt breach somewhere within the security of blizzard servers.

Wrong.
Reply Quote
Post marked as trolling. Nothing to see here folks. Just a troll.
Reply Quote
81 Human Warlock
1560
Posts: 171
Let's hope there isn't a security breach on Blizzard's end; it would be nice to get some sort of response from a dev or forum mod at least that they've seen all the threads and are looking into it.
Reply Quote
Posts: 37
It blows my mind we haven't seen a response on this yet. Especially with as many people who are having issues. Myself and someone else I know personally has had the same exact issue...no gold and no gear. I have about another week to play until I'm tied up for a month and a half yet I hear nothing in regards to progress let alone an answer to the users. I put a ticket in yesterday that hasn't been responded to and I called yesterday but waited past 90 minutes to talk to someone...which I didn't after the 100 minute mark. http://a5.sphotos.ak.fbcdn.net/hphotos-ak-snc7/461194_3312050399295_1209180050_50891393_541045084_o.jpg

Is what my guy looked like, now he's naked and broke. I don't ever vest this kind of time into a game and when I do this stuff happens? It's extremely disheartening and I really want someone to tell me that it's my fault so I can get this rage I'm feeling off my chest.
Reply Quote
I'm curious to see how all this plays out.

What do people mean by "everything" - if every good as well as every crap item was taken, then I'd suspect more of a bug in the system. Makes no sense for a hacker to take everything since then they'd run out of inventory space too quickly. It would stand to reason that it wouldn't be hard for Blizzard to track an item - to see where it goes, so I'd suspect that the items would need to be transferred to a throw-away account. Each of those costing $60 means a lot of investment unless they start getting picky about which items to steal.

Makes far more sense to steal a few high-ticket items that sell for more bucks than it does to steal everything and then work to re-sell those items for cash. And would probably attract a lot less attention in the process.

It'd also be interesting to know if only high-level users are getting hacked. Would point to more of a human element, as opposed to someone stripping a level 10 character - which would indicated an either automated process or a bug in the system.
Reply Quote
I logged in with all my gold gone. Also, I was in Act I when I KNOW I logged out on act III...weird.
Reply Quote
85 Tauren Shaman
8665
Posts: 48
==


internet explorer.I know my stuff, I majored in comp sci in college. Don't treat me like an idiot.


oh ok, my b.
Reply Quote
Posts: 593


Thinking that case-sensitive passwords have anything to do with security is a mistake.

No one brute-forces passwords anymore.
Yeah that's not true. Why do you think GPU crackers are so prolific? Their good looks or something? Hardly. Attacking salted-hashed tables by stealing them is the easy way to do it, because you have a pile of accounts then. Which is why you always keep your crypto tables on another server. But brute forcing? Still going on hard and strong because people don't use good passwords, and it's easier than hacking a login server and stealing the tables.

Couple of examples, these two are both login server attacks:
The sony fiasco was due to a server breach where all of the passwords and personal info was stored in plain text(like what you're reading).

The steam breach was the same thing, but everything was encrypted with their crypto tables off on secondary secure server.

The difference between the difference between the two is: What? If you guessed plain text and encrypted you're partially right. In Sony's case all of the passwords, info, and goodies were waiting for them. In Steam's case everything is encrypted. Now they need to bruteforce the password for the salted-hash and get lucky. Now providing that steam used a aes key of at least 256bits for each salting and hash, they'll need to attack it for the next 1100 years or longer to break the password for the database.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]