Diablo® III

What would it take to get you to believe...



Just one person to give us 2 screenshots

ss#1 proof they had an authenticator BEFORE the hack. example core hound pet achiev

ss#2 proof they were hacked. example blizzard acknowledging that the said account was compromised AFTER the date on ss#1.

Just 1 person has to do this. yet none have.

LOL so your saying I have to know I am going to be hacked an take a picture. THEN I have to message Blizz, which is a 1:2893472398 chance that they will actually see my message... I bet people have done this, but you just don't know it yet and blizzard doesnt either


Network engineers who monitor the service could see if fishy activity was going on. They have more tools at their disposal than you have any clue about. They are also vastly more intelligent than most all of the trolls sitting in these forums.
Edited by Krazymagic#1403 on 5/25/2012 6:36 AM PDT
Reply Quote
85 Blood Elf Paladin
4025
Posts: 2,018
The stated and official claim is that no account with authenticators have been compromised.

If someone wants to state otherwise, the burden of proof is upon them, not us. It's not logical nor reasonable to prove their account with attached token authenticator didn't get hacked - such a burden of proof is absurd.

They're the ones making the claim that goes against what is currently believed to be the truth. I would love for someone to post here with such information disproving us, and I would love to see a blue confirm the account was hacked with an authenticator - that would be fantastic for the state of "I was hacked" messages posted here. But until then, all we have are completely unsubstantiated claims made on an anonymous message board, the validity of which is near zero.

I don't understand why this concept of proving your claim is such a hard concept to understand.
Reply Quote
90 Human Paladin
11115
Posts: 183

lol youre such a tool, you think blizz would even consider admitting something THEY SELL is useless for these attacks? hahaha you make me laugh, weirdo


Someone might actually consider reading and taking what you say seriously if you were to say something like...

I don't believe that Blizzard would actually admit their authenticators are useless against these attacks, especially considering they sell these.

Instead of flaming and personally attacking someone, your post would have been intelligent and possibly constructive. Although, considering these are available for smart phones and are very inexpensive I'm sure authenticator profit is the last thing on their minds.
Reply Quote
People with authenticators were being hacked?

Would a picture of a person holding the authenticator in front of the screen with their naked chars on it?

But then they could have just stripped the characters? That could be someone else's authenticator, or that authenticator could be new?

What proof would make you question it? At what point will you sit back and go "Maybe this is happening?"

Just curious.


You can't get them to. Even if they get hacked with the Authenticator, they will just be posting here complaining and then hundreds of ignorant fanboys will post about how they are liars, idiots, and how they filled their computer with viruses, spyware, and ran around the streets screaming your complex password for all to hear.
Reply Quote
85 Blood Elf Paladin
4025
Posts: 2,018
LOL so your saying I have to know I am going to be hacked an take a picture. THEN I have to message Blizz, which is a 1:2893472398 chance that they will actually see my message... I bet people have done this, but you just don't know it yet and blizzard doesnt either


Authenticator attachment is timestamped and confirmed via email verification. It would be fanatically simple to say "look, here's my authenticator which was attached on DATE XYZ."
Reply Quote
100 Draenei Shaman
10630
Posts: 154
05/25/2012 06:22 AMPosted by Lyell
To the OP: what would it take to make you believe the blue post declaring that session hijacking and authenticator hacks have not occurred?


For me, honestly, several months of time to pass. Most of the large Hacking things lately are released after a couple months, and the owners of the breached companies will come forth with the amount of actually sustained damage.

There may be another way to show it sooner, but I can't think of one right off the bat. All the frenzied hack posts are troublesome to me as a consumer, especially with a few of the journalists and whatnot reporting that they had been hacked while owning an authenticator. Those hold a bit more credibility than an average forum goer, for me at least.
Reply Quote
05/25/2012 06:18 AMPosted by Provac
Why isnt a password enough for an online game, but a 4 digit pin enough for my debit card?


Debit cards (at least here in Canada where they are heavily used) have had chips inserted in them.

If you think about it, your card is the authenticator and the pin is your password. Also, Bank ATM's and such are not run on the internet yet still have user side vulnerabilities just the same as your PC. Card scanners and cameras = keylogger. This is why they added the chips so your card cannot be duplicated.

Keyloggers nail people with online banking all the time. Also, If they can prove you were dumb enough to follow a link from your email where they ask for your password, you will void your insurance on your account. Just a bit of perspective
Edited by Vexxed#1111 on 5/25/2012 6:42 AM PDT
Reply Quote
85 Blood Elf Paladin
4025
Posts: 2,018
You can't get them to. Even if they get hacked with the Authenticator, they will just be posting here complaining and then hundreds of ignorant fanboys will post about how they are liars, idiots, and how they filled their computer with viruses, spyware, and ran around the streets screaming your complex password for all to hear.


The exact same thing can be said about those plugging their ears and attempting to spout off rumors and speculation as truth without verification.
Reply Quote
Not that authenticators are the be all and end all of security, but your average run a day moron trojan hacker certainly doesn't have the skills to break through it.

Any hackers capable of getting through proper passwords and authenticators certainly won't be focusing their efforts on some digital pixels that may or may not sell for a few dollars on the auction house.

The only clearcut amateur way I can think of is someone has you keylogged and sits there at his computer waiting for you to type all your details in, including your authenticator code. Even then that's sketchy because the code is usually only good for one use, and then it asks for another.

Alternatively if someone stole your details AND your authenticator (got your iphone etc) then yeah maybe.

Honestly if someone complains saying they were literally sitting at their computer, knowing full well they had no trojans of any kind and their authenticator wasn't compromised (stolen) and still claim to of been hacked; it's clearly something they've done wrong.
Reply Quote
05/25/2012 06:40 AMPosted by Fellows
You can't get them to. Even if they get hacked with the Authenticator, they will just be posting here complaining and then hundreds of ignorant fanboys will post about how they are liars, idiots, and how they filled their computer with viruses, spyware, and ran around the streets screaming your complex password for all to hear.


The exact same thing can be said about those plugging their ears and attempting to spout off rumors and speculation as truth without verification.


The difference in this scenario is that the consumer does not need to prove they are being compromised, but rather Blizzard needs to prove we ARE NOT.

Them just saying they can't find a problem does not accomplish this. After providing documentation of the issue Blizzard will simply send you back a canned response from customer service.

They do not provide the consumer the tools to properly investigate the issue further, and many of us do not trust their security.
Reply Quote
100 Draenei Shaman
10630
Posts: 154
Not that authenticators are the be all and end all of security, but your average run a day moron trojan hacker certainly doesn't have the skills to break through it.

Any hackers capable of getting through proper passwords and authenticators certainly won't be focusing their efforts on some digital pixels that may or may not sell for a few dollars on the auction house.

The only clearcut amateur way I can think of is someone has you keylogged and sits there at his computer waiting for you to type all your details in, including your authenticator code. Even then that's sketchy because the code is usually only good for one use, and then it asks for another.

Alternatively if someone stole your details AND your authenticator (got your iphone etc) then yeah maybe.

Honestly if someone complains saying they were literally sitting at their computer, knowing full well they had no trojans of any kind and their authenticator wasn't compromised (stolen) and still claim to of been hacked; it's clearly something they've done wrong.


Hmm. Someone else brought up the point that there weren't reports of credit card numbers being stolen and used, really. Someone rebutted that point with the fact that it is safer as a thief to have Blizzard mad at you, but unable to do something to you without hurting themselves in the process, than to have Interpol or the FBI out gunning for you.
Reply Quote
90 Draenei Shaman
11285
Posts: 1,010
As far as hacking with an authenticator, it CAN happen, but only under very finite circumstances. The man-in-the-middle attack only works if the hacker is actively watching the session. This is because in a SecureID situation, the code for the seed value of the keyfob changes every minute, and the server looks for this code derived from a formula. So unless they are actively getting the feed data, the authenticator is an incredibly secure method of preventing hacking of an account.
Reply Quote
05/25/2012 06:42 AMPosted by Jaedeth
Anyone who has lost gold/gear screwed up. It is their fault not blizzards until stated otherwise. If it were on blizzards end they would addresss it.


agreed. This has been happening for years now when a new game releases. Ive known of people who were hacked and they even know it was their fault yet they still came to the forums and tried to blame the game company for it. They are so angry that they lost everything, and angry people who have lost something always need a scapegoat to blame. The company running the servers is the most logical to blame.

It all comes down to psychology a lot of times. Then there are some of those who are clueless to what they did to have their account stolen. It doesnt change the fact that nearly every stolen gaming account originates from the gamers own PC.
Reply Quote
I have posted on a few threads about myself being hacked, how I use a different password and slightly different username for each game I play. How I wasn't even mad when I logged in and saw that my account had no gold or gear left on it. Just shocked that I of ALL PEOPLE was hacked. Been gaming for over a decade (damn near exclusively MMOs) and never been hacked.

Not when I was a teenager with less than safe browsing habits, and certainly not after I moved out, got my own PC, paid for decent anti-virus, made a new E-mail without all of the spam and BS. Not now that I know not to click on ads, go to foreign websites, and all of those things that you guys spouting off about " you think your computer's safer than blizzard's servers lololol stop watching !@#$" know not to do to prevent your computer being compromised.

The suggested way being rumored to be the source of all of these account compromises is "Session Hijacking" http://en.wikipedia.org/wiki/Session_hijacking.

Once you've logged into the game you're character select screen appears. No information is stored on our computers (that's how blizz wants it, that's why it's online always) so after you've logged in, you still have to pick a character and a session has to be created. The "Session ID" can be used to log into your character without actually logging into your account. I'm not sure on the specifics, I've seen alleged computer system security experts going on and on and their jargon goes way over my head.

Basically what it boils down to is your CHARACTER being accessed, but not your actual account. When I was hacked only my main character was hacked, my other two were left untouched even though they had a decent amount of gold in gear. (I've seen videos where people join the game of the Recent Player who hacked their account and watch literally hundreds of characters being brought into the game, clearing out their stash and selling everything to a vendor, and then trading the gold to a low level account named "bgdgff" or something of the like. And I do mean it when I say LITERALLLY HUNDREDS.) And I've heard similar stories from others who were hacked. The account wide gold and stash still means you get pretty much cleaned out though. My Password was not changed.

I was with all of you non-believers who thought the only way to get hacked was to type your password into the wrong site, or when you have a keylogger, but I know my computer ran a scheduled scan two days ago which detected 0 threats, and one after I was hacked also revealing 0 threats. I know for a fact I haven't typed my password in somewhere I shouldn't have, and I know it wasn't phished from me in any way. I do think it's possible that my account was compromised directly from my computer somehow, but now that it has actually happened to me, I believe there may be a way, not through the hacking of blizzard's servers, but by intercepting the "Session ID" that MAYBE an accounts information could be compromised.

So to reiterate, these are the points that I believe give at least some creedence to the POSSIBILITY that an account can be compromised outside of user security error (I.E. tl;dr)-

-Many accounts are claimed to have been hacked while having an authenticator

-Many accounts are having only one character hacked

-It has been proven that a person's session ID can be found by another player and SUGGESTED (with solid evidence) that it may be possible to use this session ID to hack an individual character without accessing the account

-Multiple people recording (solid proof) the public game of the person they were hacked by in game, having hundreds of accounts funneled in and out in a constant stream after having their items sold and gold stolen. The sheer number of account this is happening to en masse is enough of a red flag for me to think it may not just be user error leading to the compromises. A constant flow of accounts to multiple farmers for hours on end seems a bit much.
Edited by BlessedFool#1118 on 5/25/2012 6:53 AM PDT
Reply Quote
85 Blood Elf Paladin
4025
Posts: 2,018
05/25/2012 06:44 AMPosted by Error
The difference in this scenario is that the consumer does not need to prove they are being compromised, but rather Blizzard needs to prove we ARE NOT.


Er, what? No, that's not how it works at all and in fact is quite absurd.
Reply Quote
80 Undead Death Knight
4740
Posts: 98
mo
Reply Quote
05/25/2012 06:44 AMPosted by Error


The exact same thing can be said about those plugging their ears and attempting to spout off rumors and speculation as truth without verification.


The difference in this scenario is that the consumer does not need to prove they are being compromised, but rather Blizzard needs to prove we ARE NOT.

Them just saying they can't find a problem does not accomplish this. After providing documentation of the issue Blizzard will simply send you back a canned response from customer service.

They do not provide the consumer the tools to properly investigate the issue further, and many of us do not trust their security.


Oh well. Would you like them to spoon feed you your breakfast too?

Take some responsibility for yourself. Its ok, even the most stalwart protectors of their PC get hacked. There is no such thing as an impenetrable home PC.

I fail to see how any company should be responsible for your vulnerability yet Blizz will still offer you free or at-cost options to secure you even more. It is very much in their interest as CS (restores and investigations) costs a lot of money.

They can easily prove it is not their end. Your account was logged into via your username and password. There is no other proof needed
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]