Diablo® III

Thanks blizzard

05/30/2012 08:22 PMPosted by sincara

Battle net doesn't allow Brute force attacks and all passwords are stored as one way hash numbers.

The issue is on the User end not Blizzards.

So I can't enter a different email and try passwords until my fingers bleed? Someone couldn't use a script to do this through the GUI in D3? I'm not going to go try it, so I'm asking sincerely. Is there some system where after 3 tries in rapid succession it locks the account somehow? If so, I'm satisfied.

Yes, you can only try once per second. Even the minimum length password, case-insensitive, would take over 2 million years to try all the combinations.
Yes the issue is on my end *sarcasm* I did not give away any information and I have no keylogger's on my computer.

You don't work at blizzard you can't say how they work their !@#$

I'm not trying to piss you off, but until you can prove that you had no malicious software on your computer immediately before the event (and moreover, you'd need to know the exact time/date the breach occurred), you can't prove that there's nothing on your end to blame...

i'm doing laundry.

Hahahaha.. good to know.
85 Human Warrior
Posts: 184
If you have an Android phone, you don't have to pay a single cent. The keychain authenticator is right around $6 iirc. I have the keychain one for WoW and now for D3 and the BF has the one for the phone. They both work just fine.
90 Pandaren Warrior
Posts: 6,898

Phishing, infected adds, redirected web sites that look legit, etc

only takes one time to get your password.

Is this just your opinion? I'd like an official response about the nature of these events.. do you know if there's been one?

I still think there is some amount of brute forcing going on due to the average person's password habits being mixed case and numerals. I had no idea that my password since WoW days was not case sensitive. I always typed it as I entered it the first time: with mixed case. I immediately attached an authenticator when I found out they are not case sensitive.

I still don't understand why they aren't... but oh well.

/sigh... okay, no it's not an opinion. There are a lot of us, especially the longer term WoW players who have seen this on our gaming side of things.

While your Diablo 3 session can not be spoofed as people have claimed, it is very easy to hyjack an ad you might click for just about any web site. It happens where I work all the time with our local news station and ESPN. Those are the most comon places people pick up nasties from. Not because those sites are bad or unsecure, but because a link that jumps from server to server in different locations in the US/World can easily have a light keylogger or other hacking/malware tool piggy backed onto it. Without the site operator, or the user even noticing.

Most AV/AM software will not catch these little logging programs. Especially due to the sheer number of varients for each type. AV/AM helps protect you, but is not a 100%.

There are no events to be disclosed other than, "It's not happening." To claim otherwise after an offical response is just further pushing the misinformation campaign that keeps going. The best way to protect yourself beyond standard methods is the authenticator tool, which as we've said over and over again, is free/sold at cost and easy to use.

They are offering you the solution... on their dime...
It's much easier to blame Blizzard than to admit to one's self that something may have slipped past their defenses undetected. .

By in this case it really is Blizzards fault - if it was a general security problem why hasn't anyone hacked my online banking or any other program
90 Pandaren Warrior
Posts: 6,898
05/30/2012 08:29 PMPosted by BadPanda
It's much easier to blame Blizzard than to admit to one's self that something may have slipped past their defenses undetected. .

By in this case it really is Blizzards fault - if it was a general security problem why hasn't anyone hacked my online banking or any other program

Hacking a bank account typically gets other more agressive enforcement groups involved. IE: FBI, local police, etc. Things like that are very very serious and taken as such.

Hacking a video game is usually ignored by the authorities.
90 Undead Priest
Posts: 65
When people say "I never visit anything other than..." My eyes naturally blur anything they're saying out. I have amazing super powers like that. It's a shame really superman gets super strength, laser eye sight, x ray vision ect. I get the power to ignore bull!@#$.
I have the authenticator. I'm just curious. Also, I'm not sure you understand how injections from "ads" would work. You would need to have an INCREDIBLY vulnerable system to get a keylogger from a website advertisement. You would need to allow the "ad" (more likely a small program) to execute code, which all modern browsers prompt you VERY LOUDLY against doing, or you would need to have a system that is already vulnerable in another way. There are no advertisements on the internet that, when you click them, BAM, you have a keylogger. It doesn't work that way. You'd have to authorize a piece of javascript or run an executable.
Yes the issue is on my end *sarcasm* I did not give away any information and I have no keylogger's on my computer.

You don't work at blizzard you can't say how they work their !@#$

Well, neither do you. Yet you have the audacity to come here and blame them because you think you're not the one at fault here.
05/30/2012 08:30 PMPosted by Pixel
I have no way of testing this so will just rely on Blizzards confirmation that they have systems in place to prevent brute attacks.

Not to nit pick but you can test this easily put a wrong password in several times in a row and wait for the pop-up that says that your account has been locked do to suspicious activity and are required to follow the link to get it unlocked. Which in turn makes you go to your e-mail to get it unlocked (along with a mandatory paswword change)
Posts: 1,088
This thread makes my soul hurt :(


No. Not that. It flies in the face of all logic and evidence to the contrary. This is a very serious matter. A company doesn't just get away with covering up something like that.

It's an incredibly serious allegation and the ramifications would be so much more far-reaching than what you've witnessed. Again, I understand you're upset, but I caution you not to perpetuate this nonsense any further.

I feel sorry for you Zarhym. I really do.

This is not a compromise of Blizzards database or someone stealing personal info directly from Blizzard. If it was a blizzard compromise there would be more then a few accounts being compromised there would be a mass accounts being compromised and it would make the news.

More then likely you went to a bunch of sites during the closed beta and signed up for a chance to win a beta key and used the same password for your account.

Stop raging like a two year old and grow up.
93 Gnome Rogue
Posts: 1,049

If it is secure let us open up a remote connection to your computer so we can see the results of the standard system scans, and network logs. then we will know for sure.

and by us I mean one person, not every one.

This is, without a doubt, the biggest load of self-serving twaddle I've seen all day, and it's about about 10:30p here. Again, for the cheap seats: I'm not here to indulge anyone's ego OR engage in pissing contests.

Which is why you are continually feeding the pissing contest. /facepalm

Regardless of what happened, or why it happened, any account that has been hacked since the beginning of the D3 hack flood, would have been protected (without incident) if there were a proper authenticator attached (i.e. the dongle, or the free app for smart phones. the dial-in auth does not protect D3) to that account.

Making the choice to not attach one of the available options puts the blame on the user. It is as simple as that.

Therefore, pointing fingers does nothing. Most of us know the truth, whether or not the hacked users want to admit it.
100 Undead Priest
Posts: 17
There are a lot of people that don't seem to draw a connection between a 'minor' occurrence and an account compromise. A friend of mine told me today that he got 'hacked'. I (mostly jokingly) asked him what shady sites he had been using. He said "nothing, I haven't done anything like that..." started to ask him a serious question and he responded with something like "oh, except for that MOP phishing email I got, I might have logged in on that. But that was a few days ago." Just because your account isn't immediately stripped doesn't mean the attempt didn't work.
90 Human Rogue
Posts: 1,325
Really, don't you have something better to do than badger complete strangers over your BS interpretations? I'm sure there's someone, somewhere who's willing to tell you how brilliant you are.

Badger? I answered this:

I'd also like to see Blizz release a statement with their best guess (forensically speaking) of what happened, and how.

With this:

05/30/2012 07:31 PMPosted by Spug
They have. It's in stickies, it's in the blue tracker, would you like them to write you a book and mail it to you? Every account compromise so far has been a result of a simple log in / log out of the account. they had the info. It wasn't brute forced either, Blizzard throttles log in attempts

But you routinely ignore logic and keep posting stupid things. Blizzard has explained everything you need to know, you just need to learn to read a bit and stop stealing moms tinfoil to make funny caps.
Edited by Vodkaphile#1670 on 5/30/2012 8:48 PM PDT
05/30/2012 06:38 PMPosted by Secoya
If it were realy ''free'' it wouldnt be on phone but on computer it would be the first link and would not require a ''phone'' everything that an additional requirement then the machine to run the game cannot be considered free as it require additional material not needed to simply run the game and protect it on same machine.

If you wish to make an apple pie from scratch, you must first invent the universe.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Explain (256 characters max)