Diablo® III

Bnet-account hacked despite authenticator

1 year ago my Diablo 3 account was hacked and robbed off all items and information. I let my account restore and bought an authenticator.

Today, I find myself unable to log into my battle.net-account. After writing a ticket, I was told my battle.net-account was hacked and my mail adress and security question(!) was compromised.
I have taken the necessary steps already and made a new email adress.

I just wanted to share this experience with you. I rephrase:
Even though having connected my account to an authenticator, my account was breached so far that the hacker even got hold of my security question (in my case: best friend in the past).

Your account is not secure, despite what they tell you. I'm done with the game and Blizzard altogether anyway, the last thing to do now is inactivate my bnet-account and disconnect every detail that could lead to hacker to important rl information. The risk is just too high. Bye.
Reply Quote
Most likely someone that knows you hacked you and your security question was obvious.
Reply Quote
Sounds like you used the same password for your email that you did for your Bnet account... facepalming if true.
Reply Quote
Nothing in security is foolproof. It's possible to get hacked by guessing the correct authenticator code.
Reply Quote
It's as secure as they can reasonably make it and nobody says it's 100% secure because that's impossible.

Isn't it funny how these threads are always made by the same kind of person? They're always completely confident that the issue couldn't possibly have come from something they did or did not do so obviously Blizzard just has godawful security.
Reply Quote
Guess you won't throw a party at your place anytime soon and be the first one to pass out!
Reply Quote
www.lastpass.com

never use a security question with real answers....

if your password isnt at least 15 characters long containing upper and lower, number, and symbol then you have a weak password.

Besides my Bnet password, computer password, and lastpass password, i have no idea what any of my passwords are because last pass creates and keeps them for me. And the passwords they use are things like A$ko7b!wno45na5C

You will not get hacked if you do the above.
Reply Quote
06/14/2013 05:13 AMPosted by Ringo
Isn't it funny how these threads are always made by the same kind of person? They're always completely confident that the issue couldn't possibly have come from something they did or did not do so obviously Blizzard just has godawful security.


Wasn't blizzard hacked and account information stolen a couple of months back. The same thing happened to me, had my account permanently banned for botting. At the time I had not played for a while because my video card packed it in and did not have a big enough one to play diablo 3. When I sent them a ticket over it I reminded them it was their security that allowed them to get hacked and it wasn't my fault some person managed to get a character on my account into paragon levels before they closed my account because of them getting hacked. Lucky for me they overturned the ban.
Reply Quote
06/14/2013 05:33 AMPosted by Steve
Wasn't blizzard hacked and account information stolen a couple of months back.


Yes, it was announced last August. Nearly a year ago and they warned people about it told people to change their passwords and secret questions. Not their fault if people ignore them (assuming that was the case).

Announcement: http://us.blizzard.com/en-us/securityupdate.html
More Info: https://us.battle.net/support/en/article/important-security-update-faq
Edited by Ringo#1617 on 6/14/2013 5:46 AM PDT
Reply Quote
MVP - Technical Support
View profile
Blizzard's security does often pick up on login changes such as an IP or PC change. However, if someone has been keylogged or phished (and given away the secret question) AND if the hacker is in their email then they can do the password reset needed to get in.

Yes, Bliz had a partial compromise last August, but they did not get enough data to get into accounts and compromises did not rise as a result. The passwords they got were encrypted with a salted hash and so far, we have no indication any were decrypted and used.

Your battle.net account also can't lead to any information about you in real life -note the name, address, and any financial information are masked. Even if a hacker did get in, they learned nothing of value.

As for the OP - there have been a handful of compromises with a supported Authenticator on the account(keychain or mobile app). Those were accomplished after the user downloaded and installed some nasty man-in-the-middle malware that captured the auth code and sent it to the hackers in real time. The hackers then had 30 seconds to login. This is VERY rare and is still the result of the user failing to secure their PC.

Most of these when looked at, we find the affected player did not actually have an Authenticator attached at the time of compromise despite what they claim. Some folks remove it themselves, or never had one to begin with. We have also seen some cases where hackers submit a ticket using a fake ID to get it removed from the account. To do that, they need a LOT of info that they can only get with malware on the PC or an elaborate phishing scheme (or if the player buys gold/items from shady sites and gives them the info).

Sadly we also see people who lie about the compromise entirely in an attempt to get an account unbanned for botting or get a rollback :( Not saying that is what the OP did, just saying it happens.

The bottom line is though that if the OP was compromised the info did not come from Blizzard, it came from his own PC either through malware, going to shady websites, a phishing scheme...or all of the above. Cleaning the PC should be the top priority.

Edit to say I would love to hear a Blue take a look and clarify the Auth situation.
Edited by MissCheetah#1661 on 6/14/2013 6:10 AM PDT
Reply Quote
1 year ago my Diablo 3 account was hacked and robbed off all items and information. I let my account restore and bought an authenticator.

Today, I find myself unable to log into my battle.net-account. After writing a ticket, I was told my battle.net-account was hacked and my mail adress and security question(!) was compromised.
I have taken the necessary steps already and made a new email adress.

I just wanted to share this experience with you. I rephrase:
Even though having connected my account to an authenticator, my account was breached so far that the hacker even got hold of my security question (in my case: best friend in the past).

Your account is not secure, despite what they tell you. I'm done with the game and Blizzard altogether anyway, the last thing to do now is inactivate my bnet-account and disconnect every detail that could lead to hacker to important rl information. The risk is just too high. Bye.


Your account is only as secure as you keep it, if you can't keep your personal information secure, your account is not secure. Your email was likely hacked, and through it, your b.net account. Your email account being compromised is not on Blizzard, that's on you. Through that breach, they were able to remove your authenticator and gain access to your account.

You do realize that Blizzard HAS to have account recovery steps in place for you to gain access in the event you lose your authenticator, correct? If someone gains access to your email and other personal information that allows them to meet all of Blizzard's needs regarding account ownership verification, maybe it's time to point the finger somewhere else?
Edited by Drayven#2543 on 6/14/2013 6:17 AM PDT
Reply Quote
06/14/2013 04:59 AMPosted by Hypersonic
guessing the correct authenticator code.


Bro, that's an 8 digit random number. What are the chances of you guessing it correctly? If someone guessed the authenticator # correctly, go play on the loterry, you are wasting your luck in here! lol

Anyway. I agree it was prob someone you know, a "friend" or something. Cause i think your account is blocked of u try to login in a different area u usually do. I mean, my parents live about 2.600km away from me, 1st time i tried to login from there, my account was blocked and i had to call blizz in order to unlock it.
Reply Quote
06/14/2013 06:17 AMPosted by mech
guessing the correct authenticator code.


Bro, that's an 8 digit random number. What are the chances of you guessing it correctly? If someone guessed the authenticator # correctly, go play on the loterry, you are wasting your luck in here! lol

Anyway. I agree it was prob someone you know, a "friend" or something. Cause i think your account is blocked of u try to login in a different area u usually do. I mean, my parents live about 2.600km away from me, 1st time i tried to login from there, my account was blocked and i had to call blizz in order to unlock it.


Did you have an authenticator attached at the time? I ask because I've had an authenticator attached to my account and I've never had an issue logging on from a different IP address to play D3, never had my account blocked, never had to contact Blizzard to play from an alternate location.
Reply Quote
MVP - Technical Support
View profile
Did you have an authenticator attached at the time? I ask because I've had an authenticator attached to my account and I've never had an issue logging on from a different IP address to play D3, never had my account blocked, never had to contact Blizzard to play from an alternate location.


This is true. Authenticators will not completely stop location based security lockouts, but they can greatly reduce them. SMS protect is also nice to have so that if you do get locked out, you can unlock it with just a code. It also keeps people from changing your email address on the account and such without a code.
Reply Quote
06/14/2013 06:07 AMPosted by MissCheetah
Most of these when looked at, we find the affected player did not actually have an Authenticator attached at the time of compromise despite what they claim. Some folks remove it themselves, or never had one to begin with.


Whilst I fall in this catagory of not having an authenticator, I can't even buy one to put one on. So how long before they become available. It's not as if there is a waiting list you can go on so you can get one when or if they become available
Reply Quote
Sounds like you used the same password for your email that you did for your Bnet account... facepalming if true.


I didn't, I bet my account is more secured than those of most other bnet users. Anyway, idc no more. No point to play on servers of a company which is so prone to being hacked.


The server wasn't hacked. More than likely you are a victim of man-in-middle compromise. They are extremely rare as they have a 30 second window to get into your account, but it is possible. That or someone got your authenticator itself. No where has Blizzard ever promised that getting an authenticator will keep you 100% safe. They state that it is just another layer of security. In the end, it's your own fault.

Third possibility: If you have a mobile phone and it is rooted/jailbroken you could have a spyware program on your phone that sends the serial number of your authenticator.

If their servers had indeed been hacked into, they are required by law to notify us and the authorites, kinda like what happened a year ago when the authenticator server was hacked into. They announced it, then made everyone get a new authenticator code based on a new algorithm.
Edited by DragonFlyy#1241 on 6/14/2013 6:30 AM PDT
Reply Quote
06/14/2013 06:17 AMPosted by mech
Bro, that's an 8 digit random number. What are the chances of you guessing it correctly? If someone guessed the authenticator # correctly, go play on the loterry, you are wasting your luck in here! lol


For the key fob, it's 6 digits and it's 1 in a million, 1 in 100 million for the app.

Highly improbable still means it's possible.
Edited by Hypersonic#1142 on 6/14/2013 6:37 AM PDT
Reply Quote
So. My main ISP is down (cable), but I have a backup (DSL), which gives me a different IP. If I attempt to log on will my account be locked?

I have an authenticator.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]