Diablo® III

Bnet-account hacked despite authenticator

Posts: 13,027
View profile
I say that while nothing is perfect and there are ways around any security system. Having an authenticator and keeping my personal information as safe as I can possibly keep it. Has prevented me from being hacked at this point in time. I will never think that it would be impossible for that to happen. But as long as I remain diligent as far as keeping my account as secure as possible on my end. Along with Blizz keeping diligent in keeping my account along with everyone else's secure. Then my chances of being compromised go down.

The only time a hack can occur with an authenticator as already been explained by the other replies so I will not repeat them. But those other methods that attack an account with a real authenticator attached to them. Usually take more effort and time to accomplish. In some cases as the man in the middle attack it might even take more money to pull it off.

Hackers will always be looking for the easy targets as far as compromising accounts. Anything that takes a lot of effort to compromise an account. Is time that they could've spent catching 10+ accounts that are easy to hack into.
Reply Quote
MVP - Technical Support
Posts: 18,846
View profile
06/14/2013 06:27 AMPosted by Steve
Whilst I fall in this catagory of not having an authenticator, I can't even buy one to put one on. So how long before they become available. It's not as if there is a waiting list you can go on so you can get one when or if they become available


What do you mean you can not buy one? I see several for sale on the Blizzard store. http://us.blizzard.com/store/search.xml?q=Authenticator

Unless you are trying to buy one in the EU store, and then yes, they are sold out there. The mobile one would be best in that case if you can use it and it is free which is nice.
Reply Quote
06/14/2013 06:27 AMPosted by Steve
Whilst I fall in this catagory of not having an authenticator, I can't even buy one to put one on. So how long before they become available. It's not as if there is a waiting list you can go on so you can get one when or if they become available


Where are you from?
Reply Quote
Posts: 2,810
So. My main ISP is down (cable), but I have a backup (DSL), which gives me a different IP. If I attempt to log on will my account be locked?

I have an authenticator.


Unlikely since you're using an authenticator anyways. Plus even though you have a new IP, the location is still the same. I doubt they start locking accounts that are always logging in from the same general area (they can see that as well). It's when you suddenly start logging in from a significantly different location that it should kick in.
Reply Quote
06/14/2013 06:07 AMPosted by MissCheetah
is still the result of the user failing to secure their PC.


This is honestly music to my ears... 20 years gaming and I've never been hacked because I don't download sus stuff or visit sus website or click on links in sus emails. It's really not rocket science... just be sensible and you won't get hacked, too many people who aren't sensible are out there...
Reply Quote
It's been said over and over the authenticator is not a 100% way of keeping your account from getting hacked.
Reply Quote
06/14/2013 07:23 AMPosted by DeeJay85
It's been said over and over the authenticator is not a 100% way of keeping your account from getting hacked.


The only way to have 100% account security is to not have an account.
Reply Quote
06/14/2013 06:27 AMPosted by DragonFlyy


I didn't, I bet my account is more secured than those of most other bnet users. Anyway, idc no more. No point to play on servers of a company which is so prone to being hacked.


The server wasn't hacked. More than likely you are a victim of man-in-middle compromise. They are extremely rare as they have a 30 second window to get into your account, but it is possible. That or someone got your authenticator itself. No where has Blizzard ever promised that getting an authenticator will keep you 100% safe. They state that it is just another layer of security. In the end, it's your own fault.

Third possibility: If you have a mobile phone and it is rooted/jailbroken you could have a spyware program on your phone that sends the serial number of your authenticator.

If their servers had indeed been hacked into, they are required by law to notify us and the authorites, kinda like what happened a year ago when the authenticator server was hacked into. They announced it, then made everyone get a new authenticator code based on a new algorithm.


Isn't it more likely that his email account was compromised?
Reply Quote
06/14/2013 06:27 AMPosted by Steve
Whilst I fall in this catagory of not having an authenticator, I can't even buy one to put one on. So how long before they become available. It's not as if there is a waiting list you can go on so you can get one when or if they become available
By now you should have at least one Android device, if not the much inferior and more expensive iOS. Then just download the free Blizzard authentificator app.

If you don't have any such device, it is still possible to get an authenticator for windows. Of course, if you run the authentificator in the same machine as the one in which you play, that is not as secure as having an authentificator. But it is still more secure than not having it. Also, with good encryption you will be able to protect yourself from any automated attack against your computer. (If you are targeted then there is little security you can use against that. But the chances of being specifically targetted are slim)
Reply Quote
You say you have an authenticator?

You either are shareing your account with someone else that lives with you and has access to your authenticator.

Or you disabled your authenticator.

The authenticator security (two token authentication) that Blizzard deploys is very stable and is used by banks and even the military.

06/14/2013 04:34 AMPosted by Nyngarra
Your account is not secure, despite what they tell you. I'm done with the game and Blizzard altogether anyway, the last thing to do now is inactivate my bnet-account and disconnect every detail that could lead to hacker to important rl information. The risk is just too high. Bye.


This sounds more like your rage quitting and your taking a cheap shot on your way out. If your going to leave then just leave.

NUFF SAID
Reply Quote
06/14/2013 06:27 AMPosted by DragonFlyy
If their servers had indeed been hacked into, they are required by law to notify us and the authorites, kinda like what happened a year ago when the authenticator server was hacked into. They announced it, then made everyone get a new authenticator code based on a new algorithm.
Also, because authentificators rely on public key encryption, even if someone hacked to the servers to steal your password, they would still need your authenticator to log in.
Reply Quote
www.lastpass.com

never use a security question with real answers....

if your password isnt at least 15 characters long containing upper and lower, number, and symbol then you have a weak password.

Besides my Bnet password, computer password, and lastpass password, i have no idea what any of my passwords are because last pass creates and keeps them for me. And the passwords they use are things like A$ko7b!wno45na5C

You will not get hacked if you do the above.


All negated via keylogger or social engineering. Most likely case is the OPs system was still compromised when he added the authenticator there by giving the hacker his serial number for the authenticator which can then be used to remove the authenticator from the account via a phone call and a lie that the authenticator is dead. The hacker would already know the information needed because of a compromised computer giving the hacker access to email and secret questions. Even if the OP changed all of that information, if the system was still infected then all that new information was delivered straight to the hacker.
Reply Quote
06/14/2013 08:56 AMPosted by Ujium
All negated via keylogger
Nope, because with a good password manager you don't ever type the password.

Well, maybe with something that looks for the password manager's RAM to find the unencrypted version of the password. But you said keylogger.

And of course, once there is a keylogger/spy program in your computer the attacker has broken enough security barriers. As long as you don't frequent dubious sites though, getting your password hash stolen by a leak is a more realistic scenario, so you still need a strong password. And nowadays, hash crackers have gotten very good. A completely random password of max length is the one kind of password that is guaranteed to be unbreakable. And in order to be able to use that kind of password, a password manager is a great aid.
Edited by vexorian#1817 on 6/14/2013 9:18 AM PDT
Reply Quote
www.lastpass.com

never use a security question with real answers....

if your password isnt at least 15 characters long containing upper and lower, number, and symbol then you have a weak password.

Besides my Bnet password, computer password, and lastpass password, i have no idea what any of my passwords are because last pass creates and keeps them for me. And the passwords they use are things like A$ko7b!wno45na5C

You will not get hacked if you do the above.


for bnet there is no difference in upper and lower case. they use case insensitive passwords.
just thought i should tell you.

everything else though is good to take as advice for bnet :)
Reply Quote
90 Tauren Shaman
10970
Posts: 348
i can't believe how stupid people are, it blows my mind
Reply Quote
06/14/2013 04:34 AMPosted by Nyngarra
Your account is not secure, despite what they tell you. I'm done with the game and Blizzard altogether anyway, the last thing to do now is inactivate my bnet-account and disconnect every detail that could lead to hacker to important rl information. The risk is just too high. Bye.
lol, you act like blizzard games have horrible security. You do realize this is still more than any other game. I don't see why you will stop playing blizzard considering all your other accounts are just as hackable or probably even more. Other games don't have authenticators.
Reply Quote
Support Forum Agent
Posts: 37,143
Nyngarra,

The account isn't showing any signs at all of being compromised. It is locked though. You'll need to submit a support ticket to get more information I'm afraid as I can't discuss it with you in a public forum.

This article will lead you through the process.

_________________________________________________________
I'm available in the forums Monday - Friday, 12 pm - 8 pm Pacific Time
Please provide feedback! - https://www.surveymonkey.com/s/Omrakos
Reply Quote
Posts: 147
Nyngarra,

The account isn't showing any signs at all of being compromised. It is locked though. You'll need to submit a support ticket to get more information I'm afraid as I can't discuss it with you in a public forum.

This article will lead you through the process.


His is registered in EU, did you try checking EU ticket logs or did you only check US logs since this is a US forum? Just curious because according to the op he got 3 different answers on his ticket from 3 different admins and all told him his account was compromised.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]