Diablo® III

Session Spoofing

That site really was a bunch of speculation. He admits he had no authenticator on the hacked account.
Posts: 7,051
It's funny how people still doubt that it's a weakness on Blizzard's end.

1) The sheer number of people reporting that they've been hacked is staggering, much more so than what would be considered normal. Just compare it to the number of reports of accounts being hacked from World of Warcraft, a game with 10 million+ players. If that game has more players yet somehow much less reports, you know something is up.

2) How come the people that got their account hacked never had any of their non-D3 accounts hacked as well? No one has reported getting their paypal, email, bank accounts, forums, or other game accounts hacked - and I know many people tend to use the same password or set of passwords, so why isn't this the case?

3) There have been multiple reports of people being hacked while using their authenticators. Some of these are even by credible journalists. This alone should be sufficient evidence.

4) Almost all of the individuals who've been hacked reported the same set of usernames that they don't recognize on their friend's list. This means it's the same group of people that are hacking these accounts. Now what's more likely, that these individuals found an exploit and are hacking accounts without digression? Or these individuals somehow managed to keylog thousands of individuals, yet choose to only steal their D3 items and not their paypal/bank/email accounts?


1) So are we using anecdotal evidence based on the amount of people coming to the forum to complain about being hacked, and assuming that because a lot of people posting have been hacked that therefore a lot of people have been hacked? There's a problem in that reasoning, I'll let you see if you can find it. Not only that but you are forgetting this is a new release game with real world value in it's items, so it's going to be a prime target for hackers, just like world of warcraft is still a target for them, and people are being hacked there constantly as well.

2.) Because the hackers are singling out Diablo 3 accounts and trying to hack as many of them as they can, they aren't looking for your credit card info, or your other game account passwords, they are looking for your battle.net info.

3) No one has been hacked while having an authenticator, not a single person, unless you count Athene, and that was only because he didn't have his authenticator activated at the time. Some people confused the SMS updater for an authenticator, it's not, some people added authenticators AFTER they were hacked and claimed they got hacked even though they had an authenticator, and Blizzard called them out on that, and finally some of them are hackers that are trying to scare people away from using them, because if you don't use one, they can get you, more people having authenticators makes their job harder.

4) Well no crap the hackers are offloading the items, what do you think they just wired all your stuff to themselves? Of course they had to trade it off.

Not only do all of your examples have huge logical flaws, none of them stand up to reason, or qualify as evidence even.

Also, its impossible for such a thing to happen because of the way that D3 was created. I'm not a ITT techy guy, but I've been told a rough version of how it works.
.


Please actually learn some things before posting. A rough idea? wow your going to defend off of that? I am an IT guy and this is entirely possible if they have not built the game correctly.
It's funny how people still doubt that it's a weakness on Blizzard's end.

3) There have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.



Please show proof of this claim .

The last person s saw claiming he/she had an Authenticator and was hacked was using a Dial-In Authenticator that does NOT work on Diablo3.
Only the Mobile or Physical ones work for Diablo 3 at the moment ( as Blizzard have already said ) .
Also , Blizzard have already responded to those claims and has stated that those " claiming " to have been done while using an Authenticator either added it AFTER they were hacked , or didn't have it enabled / were using a Dial-In .

I'm more inclined to believe a multi million dollar company , who would be in a !@#$ fest legally if they tried to cover up a security hole such as the ones random people are theorising on .
played public games all weekend, still have my gear.
Posts: 4,150
View profile
Here is the link, it contains everything you need to know, read before it is taken down.

http://www.cinemablend.com/games/Diablo-3-Session-Spoofing-Real-Do-Join-Public-Games-43162.html

The article is full of lies and misinformation. Blizzard has already confirmed that session spoofing is technically impossible in Diablo 3.
Edited by MountainMan#1630 on 6/4/2012 6:10 AM PDT
06/04/2012 05:55 AMPosted by Vadoff
Just compare it to the number of reports of accounts being hacked from World of Warcraft, a game with 10 million+ players. If that game has more players yet somehow much less reports, you know something is up.

http://us.battle.net/wow/en/search?q=hacked&f=post&forum=1011699
Posts: 2,408
View profile
I have an authenticator, and have only Windows Firewall up protecting me. I use the same account info everywhere and I play Public Games on Diablo III. Was never hacked.

I claim Session Spoofing is fake bs.
Posts: 73
More FUD. Besides, the media lost their journalistic integrity years ago.
Posts: 4,150
View profile
Here is the link, it contains everything you need to know, read before it is taken down.

http://www.cinemablend.com/games/Diablo-3-Session-Spoofing-Real-Do-Join-Public-Games-43162.html

YOUR MOVE BLIZZ

05/24/2012 07:00 AMPosted by Nethaera
To that end, we've also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these "traditional" methods -- for example, by "session spoofing" a player’s identity after he or she joins a public game. Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.
id like the guys from the article provide a video recording of the "real" session spooofing

seeing is believing
100 Undead Rogue
17255
Posts: 3,311
I too trust cinemablend.com for all my Blizzard gaming news and factoids

Maybe tomorrow you can post a blogspot post about some dude who thinks that blizzard is making a fortune off all those authenticator purchases.

Oh wait someone already did that and they were laughed off the forums.
Edited by Lysdexique#1340 on 6/4/2012 6:17 AM PDT
100 Draenei Mage
15530
Posts: 440


Uhhh...


Everything Blizzard says will be about protecting the resources of the company. There is a possibility of earning billions from the Real-Money Auction House. That is a fact. Blizzard will do any and everything within their power to downplay the severity of the situation, even if it means denying account infiltration techniques that are possibly being used to compromise accounts.


Yeah guys, let's risk EVERYTHING just because of the profits we can make from the RMAH!!

Seriously, do you tinfoil hat wearing fools even read what you type?
Edited by Alysandra#1165 on 6/4/2012 6:19 AM PDT
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]