Diablo® III

Hacked w/authenticator already attached !!!!!

100 Worgen Death Knight
12005
Posts: 4
Not sure how its done but i did have an authenticator on my accnt but when i logged on today most of all my characters are all cleaned out gold gone so and so forth.. they left what i had equipped on my main on wow not sure why but what ever.

question is how in the world did i get hacked with authenticator on my accnt??? they took it off!! I did put a new one on when i found out all my stuff was gone.. I do have malware/antivirus/firewall all of what i thought was needed to keep my computer from being attacked.

Just put in ticket cpl hrs ago so hopefully i get all my stuff from wow and D3 back.
Reply Quote
oops posted with wow guy on
Reply Quote
Not sure how its done but i did have an authenticator on my accnt but when i logged on today most of all my characters are all cleaned out gold gone so and so forth.. they left what i had equipped on my main on wow not sure why but what ever.

question is how in the world did i get hacked with authenticator on my accnt??? they took it off!! I did put a new one on when i found out all my stuff was gone.. I do have malware/antivirus/firewall all of what i thought was needed to keep my computer from being attacked.

Just put in ticket cpl hrs ago so hopefully i get all my stuff from wow and D3 back.


Was it a usb authenticator or phone sms type?
Reply Quote
Phone authenticators can be hacked, easily IIRC. Also, having it only be used like once a week could allow you to get hacked. It doesn't make sense not to use it every time.
Reply Quote
Several months ago the blizzard servers holding customer info were hacked. No credit card info was hacked but they possibly got emails and account names.

Once a hacker gets your account name your finished. With today's brute force hacking powered by graphics card engines a 12 digit mixed alphabet, caps -no caps, numeric,standard symbol password can be brute force discovered in minutes.
Reply Quote
Posts: 2,942
Several months ago the blizzard servers holding customer info were hacked. No credit card info was hacked but they possibly got emails and account names.

Once a hacker gets your account name your finished. With today's brute force hacking powered by graphics card engines a 12 digit mixed alphabet, caps -no caps, numeric,standard symbol password can be brute force discovered in minutes.


Only problem is the Blizzard servers won't let you attempt passwords over and over in order to brute force them.
Reply Quote
Someone prolly got your personal home info (like old street adress) and called in to customer service. Or maybe they somehow got a hold of your cd key? Or maybe OP is a faker? *popcorn*
Reply Quote
Several months ago the blizzard servers holding customer info were hacked. No credit card info was hacked but they possibly got emails and account names.

Once a hacker gets your account name your finished. With today's brute force hacking powered by graphics card engines a 12 digit mixed alphabet, caps -no caps, numeric,standard symbol password can be brute force discovered in minutes.


Only problem is the Blizzard servers won't let you attempt passwords over and over in order to brute force them.


What the hackers get with the customer

Several months ago the blizzard servers holding customer info were hacked. No credit card info was hacked but they possibly got emails and account names.

Once a hacker gets your account name your finished. With today's brute force hacking powered by graphics card engines a 12 digit mixed alphabet, caps -no caps, numeric,standard symbol password can be brute force discovered in minutes.


Only problem is the Blizzard servers won't let you attempt passwords over and over in order to brute force them.


Brute forcing is only an option if the hackers manage to steal the encrypted (hashed) password as well. They will then run brute force attacks against the hash function until they get a hash that matches the one that was stolen, voila password cracked.
I don't think there were any hashed passwords stolen from Blizz, though which means brute forcing is indeed not an option.

With the account info stolen a lot of damage can be done anyways. If the hacker can get your account name, e-mail adress and real name they could google you for hints on your password recovery questions e.g. Or call custom support and pose as you and try to coerce the guys there to reset the password and authenticators.
Reply Quote
90 Pandaren Monk
0
Posts: 4
Same thing happened to me last night. i don't buy gold or any of that junk, i have antivirus running + authenticator (which was removed?) and i don't fileshare or browse carelessly i'm very careful with emails/phishing.
Reply Quote
MVP - Technical Support
Posts: 19,535
View profile
They did not get into your account while you had the Autheticator on it from the sound of it. There have been a lot of attempts by hackers to send in fake IDs lately to get the Authenticators removed. So really, there are two questions - how did they get your email/password and how did they get your Authenticator removed? We have some posts on this over in WoW as well so the hackers either got really good at fake IDs or found another way to get Authenticators removed from the accounts.
Reply Quote
Hackers suck! Happened to me last week also
Edited by FoRsAkEn#1309 on 6/24/2013 9:16 AM PDT
Reply Quote
MVP - Technical Support
Posts: 19,535
View profile
Edit - and then the post I was replying to was edited or deleted. yay. Ah well, the info is still good to have out there. Helps people see possible ways hackers could try to get it removed.

Please explain how only the password and email are needed. From what I remember you need to do one of the following to remove it:

-log in with email/pass and authenticator to access account management. From there remove it by putting in two sequential codes. (Requires Auth Access to do) https://us.battle.net/support/en/article/adding-and-removing-authenticators
-Use SMS Protect from your registered phone to generate a code that will remove it https://us.battle.net/support/en/article/battlenet-sms-protect#18
-Submit a government issued ID via the Remove Authenticator Removal Form https://us.battle.net/account/support/remove-authenticator.html

A simple email/password is NOT enough to get it removed that I know of. I would be interested to hear of another method.
Edited by MissCheetah#1661 on 6/24/2013 9:25 AM PDT
Reply Quote
government issued ID = ??

state drivers license?
Reply Quote
while these claims are interesting if you were truly hacked why did you post on your non d3 account
Reply Quote
government issued ID = ??

state drivers license?


Government issued id is an id issued by the government. Pretty self explanatory. State driver license is one example. Student id is not.
Reply Quote
MVP - Technical Support
Posts: 19,535
View profile
government issued ID = ??

state drivers license?


Yes, that qualifies. A State Gvt issued ID card will also work as will a Passport. They might even accept military ID, but I am not sure. I have heard rumors of some power leveling/gold selling sites asking for ID copies to "prove you are the credit card holder"... Not saying the OP did that! But yeah, the goldseller/hackers are unpleasant :(
Reply Quote
81 Human Paladin
8470
Posts: 4
i posted here after searching for a similar situation to mine that happened with my wow account. It brought me to this forum (still part of battle.net). I don't think there's any way this happened through my email. I was online last night playing for hours after using my authenticator to log in so even a key logger (which hasn't shown on scans) would be unlikely as the code should only last for a short while.
They should have required authenticator login to remove it from the account. I wasn't using the SMS thing so does that only leave fake ID's or is there another option out there?
Reply Quote
06/24/2013 09:37 AMPosted by MissCheetah
Yes, that qualifies. A State Gvt issued ID card will also work as will a Passport. They might even accept military ID, but I am not sure. I have heard rumors of some power leveling/gold selling sites asking for ID copies to "prove you are the credit card holder"... Not saying the OP did that! But yeah, the goldseller/hackers are unpleasant :(


Military ID IS govt issued, so it and a lot of other things should qualify.

Some forms of ID are easier to fake than others.

Combine that with the new smart phone malware and its fairly easy to see how it could be done.

I wont even put my SSN into my computer anywhere. Malware abounds.
Reply Quote
government issued ID = ??

state drivers license?


Yes, that qualifies. A State Gvt issued ID card will also work as will a Passport. They might even accept military ID, but I am not sure. I have heard rumors of some power leveling/gold selling sites asking for ID copies to "prove you are the credit card holder"... Not saying the OP did that! But yeah, the goldseller/hackers are unpleasant :(


You can get "novelty drivers licences" for US states that will pass a police scan (they have codes cops scan now) for cheap on the internet. All they'd need is the basic info that would be on your drivers licence. Not to mention it's pretty easy to create fake digital copies that could be emailed or uploaded somewhere, how would Blizz have any idea if a pic of an ID is real or not?
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]