Diablo® III

Important Security Update

And so the spam has begun. Woke up this morning to find 3, (yes, three) spam's asking me to login to my account to verify my password. Sure on the surface the letter looks legit (NOT) with it's broken engrish and various grammatical errors.

When viewing the source of the message however, it clearly shows that the url shown is not where the link would actually be taking the person that clicks on it.

Sad, just plain sad.

Dear customer,

This is an automated notification sent from our account security system. You login your account successfully at 4:27 on August 11th form the 125.87.108.* range, but our system shows the 125.10.151.* IP range exists a large number of hackers. As too many customer complaints, the 125.98.104.* IP range has been blacklisted.

We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, visit click:
[URL SNIPPED]

website fill out some information to facilitate our investigation.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Sincerely,
Blizzard account system
Blizzard Entertainment

(bold text is me bolding the text to make the mistakes stand out)
Truly Blizzard should be the one sending out emails to warn their customers that the phishing IS (yes, WILL, IS) going to go up now that our email addresses have all been compromised.

Damn I wish I had created a new email address just for battle net to avoid spamming my real email address that I use daily.
Edited by Runar#1385 on 8/12/2012 9:39 AM PDT
Reply Quote
someone got my info and i got locked out of my account by blizzard. i now have to use that stupid authenitcator and make a new password. new secure passwords are hard to come up with so they bet not force to do it again.
Reply Quote
08/12/2012 09:39 AMPosted by quazarblack
someone got my info and i got locked out of my account by blizzard. i now have to use that stupid authenitcator and make a new password. new secure passwords are hard to come up with so they bet not force to do it again.

Use something like 'LastPass' just to generate a new password that complies with Blizzards rules for passwords, then write it down and hide it somewhere that nobody could possibly find it, or just leave it under your keyboard if you live in your home alone.

My only problem with Blizzards passwords is that they are too short. I much prefer a 24 to 32 alphanumeric password rather than the limits that Blizzard puts on them. It may not be more secure, but it makes me feel better knowing that a hacker would have to brute force crack a 32 character password rather than the 16 that Blizzard allows. Personally I don't need to write them down as I have one of those brains that memorizes things right away for some reason.
Reply Quote
08/12/2012 03:19 AMPosted by mik
Thanks a lot guys. Real name + Mail. That actually sucks...


Real names were not part of the compromise, so most like they got you through hacker/Spammer's more conventional means. Such as: you using the same email account on other game related sites; posting your email account on facebook; or the most likely way by hacking a friend's email account, and then using his mailing list, to send spam.



08/12/2012 07:31 AMPosted by Eglyntine
Well considering that they logged into my e-mail account and sent out over 2000 spam mails, tried to hack into my Facebook account with the e-mail but the password is different (thank God) AND two of my bank accounts which was the same password only a few letters reversed I think it is safe to say that the passwords were unencrypted and are actively being used.


So you used the same password &/or SQ&A on both your B-Net account, and the email account attached to it.

And so the spam has begun. Woke up this morning to find 3, (yes, three) spam's asking me to login to my account to verify my password. Sure on the surface the letter looks legit (NOT) with it's broken engrish and various grammatical errors.


Darn! I feel so left out! I still never have received any spam on the email account that I have been using only for B-Net for the last 4 years. The one that only me Blizzard and my ISP know about. Not even my adult son who live in another town, and who plays as well doesn't even know it.
Edited by Ewing#1365 on 8/12/2012 10:04 AM PDT
Reply Quote
In case you are worried about it: Here is a blue post on the WoW CSF in regards to out Credit Card/financial information.

http://us.battle.net/wow/en/forum/topic/6307731795?page=1#8

Just wanted to take a moment to re-read the post from Mike, after reading this comment:

I know if i see any funny charge on my CC i know who I am blaming and who I will be taking legal action on.


I will take solace in assuming you will continue to stay up-to-date on breaking information about this situation, Sydonie. As you know, at this time, no information has been released indicating that financial information was acquired. Therefore, you certainly recognize that if your credit card is used fraudulently in the near future, you have no reason to assume that it was due to this recent event.

Just to be sure you are aware, [url="http://us.blizzard.com/en-us/securityupdate.html"]here is the post[/url] I'm referring to:

"At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed."


They have to hedge with legalese a bit. If they say "no financial or personal information was taken" and later discover that were; they then open themselves to big lawsuits.
Edited by Ewing#1365 on 8/12/2012 10:52 AM PDT
Reply Quote
So... I was Locked out of my account, and suspended for whatever it was they did with my account while they had the information. including suspending for something said while chatting, and other "illegal activity" also got a notice my account was locked because it was attempting to be sold..
My brother somehow got the good end of the stick... He got hacked, logged on to find a couple extra toons at lvl 60 and a few mil gold on his account... haha he got the diablo hacker fairy!
Reply Quote
Well considering that they logged into my e-mail account and sent out over 2000 spam mails, tried to hack into my Facebook account with the e-mail but the password is different (thank God) AND two of my bank accounts which was the same password only a few letters reversed I think it is safe to say that the passwords were unencrypted and are actively being used.

I caught it quickly enough because I host my own domain on my own server and was alerted immediately about the break in so I was able to stop any serious damage. But in the 20 years that I have had this password and 10 years that I have had this particular e-mail address it has NEVER been hacked so I think I am pretty safe in assuming this was caused by the Blizzard issue. At the time it happened there were only two options that I could think of where this person got my password. My banking institute or Blizzard. And guess who it ended up being?

Ppl have been directly affected by this and I would even bet a lot of ppl do not know about what happened to Blizzard because they have not been directly contacted by Blizzard and they have stopped playing Diablo/Wow so it has not occurred to them to check so they are dealing with their issues on their own not knowing how or where the breach occurred.

I am glad that you have warm fuzzies about Blizzard and feel the need to defend them with your last dying breath but a lot of us are dealing with the aftermath of this problem. Our passwords and personal information WAS stolen and is being used but Blizzard does not want to admit it. In the meantime instead of getting an apology we are getting dumped on by ppl like you and Blizzard who are still maintaining that it is not their issue and treating this like it is no big deal.

This is a serious issue and you are a fool to keep down playing it. Yes this kind of thing happens but when you are part of the group on the internet that knows this, has worked in this field for as long as I have, you put every precaution in place you can and like I said previously, in 20 years this has NEVER happened to me before and I am pretty damn pissed about the way it is being handled. Not that it happened, that is expected from time to time but to brush it off and treat the victims of your mistake like it is their fault or they are completely ignorant of what they are doing is pretty asinine and insulting to say the least.


I wish I could like this 1000 times, and that blizzard would actively respond. I know if my banking information gets leaked someone will be answering legal questions in a hurry. Bad deal blizzard. If there is even a snowball's chance that people's information has been compromised this needs to be handled immediately. To wait only hurts your legal position, and strengthens anyone's who happens to be hurt by this. Playtime is over. People need to start getting official email's or letters about this. Finding out by accident is NOT acceptable.
Reply Quote
Well considering that they logged into my e-mail account and sent out over 2000 spam mails, tried to hack into my Facebook account with the e-mail but the password is different (thank God) AND two of my bank accounts which was the same password only a few letters reversed I think it is safe to say that the passwords were unencrypted and are actively being used.

I caught it quickly enough because I host my own domain on my own server and was alerted immediately about the break in so I was able to stop any serious damage. But in the 20 years that I have had this password and 10 years that I have had this particular e-mail address it has NEVER been hacked so I think I am pretty safe in assuming this was caused by the Blizzard issue. At the time it happened there were only two options that I could think of where this person got my password. My banking institute or Blizzard. And guess who it ended up being?

Ppl have been directly affected by this and I would even bet a lot of ppl do not know about what happened to Blizzard because they have not been directly contacted by Blizzard and they have stopped playing Diablo/Wow so it has not occurred to them to check so they are dealing with their issues on their own not knowing how or where the breach occurred.

I am glad that you have warm fuzzies about Blizzard and feel the need to defend them with your last dying breath but a lot of us are dealing with the aftermath of this problem. Our passwords and personal information WAS stolen and is being used but Blizzard does not want to admit it. In the meantime instead of getting an apology we are getting dumped on by ppl like you and Blizzard who are still maintaining that it is not their issue and treating this like it is no big deal.

This is a serious issue and you are a fool to keep down playing it. Yes this kind of thing happens but when you are part of the group on the internet that knows this, has worked in this field for as long as I have, you put every precaution in place you can and like I said previously, in 20 years this has NEVER happened to me before and I am pretty damn pissed about the way it is being handled. Not that it happened, that is expected from time to time but to brush it off and treat the victims of your mistake like it is their fault or they are completely ignorant of what they are doing is pretty asinine and insulting to say the least.


I wish I could like this 1000 times, and that blizzard would actively respond. I know if my banking information gets leaked someone will be answering legal questions in a hurry. Bad deal blizzard. If there is even a snowball's chance that people's information has been compromised this needs to be handled immediately. To wait only hurts your legal position, and strengthens anyone's who happens to be hurt by this. Playtime is over. People need to start getting official email's or letters about this. Finding out by accident is NOT acceptable.


Thing is he's probably wrong. Blizzard is not stupid enough to store password unencrypted.

I've had a paypal account hacked, and that was with a 24 alphanumeric password with special characters, nobody knows my passwords but me, yet somebody managed to hack my paypal account. it happens sometimes. I'm guessing somebody hacked his email account password and it just happened at the time that this whole thing came out, assuming he's not lying through his teeth to begin with.

Try looking on the forum, you'll see how passwords are handled, they are not stored on Blizzards server unencrypted else you'd see a ton I'm talking hundreds, or thousands of new "I've been hacked" topics popping up since the 4th of Aug, which there hasn't been.
Reply Quote
08/09/2012 03:57 PMPosted by superclove
Please [url="http://www.blizzard.com/securityupdate"]click here[/url] to read an important security update about your Battle.net account.


I find it disconcerting that instead of really making it clear in the article title, you decide to label it obscurely as a "Security update". You also haven't emailed any of your Battle.net users to notify them of the breach, so users who haven't actively logged into B.net are still unaware that their information has been stolen.

Blizzard, it is clear that you're intentionally avoiding taking every possible step to ensure your customers are aware of this serious issue.
Reply Quote
So glad I quit WoW a couple of months ago. Pandas? LOL With that new expansion and lack of an epic combat system such as Tera Online's, it's definitely not worth staying around for. When I heard about the security compromise on Fark, I decided to change my password and delete all my payment options.
Reply Quote
My account was hacked this morning. 36.6 million gold totally removed, and another 40+ million in items gone, including my main DPS weapon, shield, boots and ring. They were actually quite particular on what was taken, which makes me think it was automated. All i63 items removed, yet lower level items remained which would sell for millions. Strange. Anyway, I haven't been hacked for 20 years. I used to be an IT admin/Sys-Op for a British government department, so.. I'm pretty good/careful with security. While I concur that often a hack is the result of user error, this at least has made me believe some of those who have been hacked despite allegedly being careful with passwords. I got no phishing text/email, no IP hack, trojans, key loggers, etc. It is pretty clear where the weak security link was in this instance.

So... ticket filed, expected to be ignored. If I get my stuff back, I'll keep playing. Otherwise I'll treat this incident as the push I needed to leave the game. What I've lost would take me (medium/mediocre player) about 250 hours to replace. I'm not willing to do that since I was at the rage-quit Inferno Act 3 point.

Good enough game for the cost. Just a shame there was so much botting and hacking going on.
Reply Quote
Still wondering how my WoW account got hacked when it was already inactive for 1 year, had a password change after I left the game AND the hackers even paid for a sub, submitted 'got hacked' tickets on my account after taking my gold away (which was restored by this ticket)

Apparently people are still insisting that companies like Blizzard would never allow themselves to be hacked. Such people should take a look at the real world and see how many times information was compromised without allowing the customer to do anything to stop it
Reply Quote
08/12/2012 09:53 AMPosted by Ewing
Thanks a lot guys. Real name + Mail. That actually sucks...


Real names were not part of the compromise


You realize that a lot of people have e-mail addresses which are like firstname.lastname@isp.net or similar right?
Reply Quote
And so the spam has begun. Woke up this morning to find 3, (yes, three) spam's asking me to login to my account to verify my password. Sure on the surface the letter looks legit (NOT) with it's broken engrish and various grammatical errors.

When viewing the source of the message however, it clearly shows that the url shown is not where the link would actually be taking the person that clicks on it.

Sad, just plain sad.

Dear customer,

This is an automated notification sent from our account security system. You login your account successfully at 4:27 on August 11th form the 125.87.108.* range, but our system shows the 125.10.151.* IP range exists a large number of hackers. As too many customer complaints, the 125.98.104.* IP range has been blacklisted.

We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, visit click:
[URL SNIPPED]

website fill out some information to facilitate our investigation.

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

Sincerely,
Blizzard account system
Blizzard Entertainment

(bold text is me bolding the text to make the mistakes stand out)
Truly Blizzard should be the one sending out emails to warn their customers that the phishing IS (yes, WILL, IS) going to go up now that our email addresses have all been compromised.

Damn I wish I had created a new email address just for battle net to avoid spamming my real email address that I use daily.


You should forward that email to Blizzard and the appropriate dept.
Reply Quote


Real names were not part of the compromise


You realize that a lot of people have e-mail addresses which are like firstname.lastname@isp.net or similar right?


It is not Blizzard's fault that they were so sloppy with their own personal security to: Have an email account with their real name in it in the first place; or that they use that same email for everything.
Edited by Ewing#1365 on 8/13/2012 8:20 AM PDT
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]