Diablo® III

Security Questions

So I'm into, and somewhat new to the IT security field. This recent rise of D3 account hacking has sparked my interest.

Foremost, I'm not looking to point any fingers here, but instead try to figure something out.

Two of my friends were hacked relatively recently. I am unaware of the security on their PC, but I know they didn't have authentication. Which I'm sure everyone will blame and discuss no further, but what I'm curious about is how their old passwords were still good. From my understanding most of the methods of hacking either involving compromising the email and then requesting a password change, or some form of key logger to get the password for the D3 account.

Is there any other way to get into a server side account without a keylogger that doesn't require a password change?
Reply Quote
They don't necessarily need to reset your password they would need access to your email, and probably your security questions at the very least.The most common ways of account comprises are.

1. keylogger/malware. The most common way people get these is through vulnerabilities through software like flash, and javascript or cross site scripting, downloading stuff, especially pirating.

2. social engineering - emails that at first glance look like they came from blizzard asking you for your account information or linking you to site that might look legit, but is actually not.

3. database hacks from other sites. A lot of people use the same user/pw across multiple sites. While Blizzard may have never been compromised themselves, other sites have. gold farming sites will buy this information. IF your gawker account happened to have the same user/password when they were hacked and you've never changed your bnet password, they could access your account at any time. sometimes the companies will sit on this information for months before attempting to use it.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Explain (256 characters max)