Hacked with an authenticator

General Discussion
Prev 1 16 17 18 26 Next
Everyone who gets hacked is suddenly a security admin or computer expert. Give it a rest.
05/20/2012 01:59 PMPosted by !@#$in
Thank god this happened to somebody with an authenticator as well. Now !@#$ all of you who said "get an auth" to all the previous threads.


Yes. Thank god someone got hacked so you could have your 5 seconds. THANK GOD!
Submitted a ticket as well. Someone with the battletag fwerwe#1995 grabbed everything off my character as well. Seems likely that they cannot take items from your followers and your stash. Sure was easy to tell as I had not played with anyone and suddenly this guy is in my recently played list.

Wishing once again this game wasn't so online-centric.
Apparently whoever took my stuff is exploiting a bug with the friend list system...
When I logged on I had a pending friend request from "Ashlem"

In my recent players tab I was in a game with his level 2 barb named "rfhtrh"

http://imageshack.us/photo/my-images/28/screenshot005ied.jpg/
http://imageshack.us/photo/my-images/189/screenshot004zsi.jpg/

And no I definitely do not have a keylogger as I have not downloaded a single file/visited any malicious website since the diablo 3 release on the 15th.
Well, after a few hours of playing, logging off at around 11pm, I ran off to watch a movie. Returned to diablo 3 at 3:30am, to find all my gold and items have been taken. However, it doesnt look like the game glitched and deleted it all... as I'd find it very weird for the game to leave 2 items I had left in my chest... in my bag as they can't be traded.
I just want to point out that in response to the error 3007 problem several blizzard persons recommended :
a - turning off your firewall
b - opening ports manually
c - placing your machine in the DMZ
d - disabling antivirus

I'm not saying that I think the people who are getting "hacked" aren't completely at fault through their stupidity or naivite but none of these four "fixes" are ever a good idea, and blizzard should not have been encouraging people to drop security so they could play a game.


If you get "hacked" for doing any of the things in that list, you're still doing something massively wrong. honestly I've known at least 3-4 people who've been hacked and most of them have had it happen several times. There are a few other people I don't know in RL that have been "hacked", and many many people that i only slightly know that have been "hacked". There's a common denominator with almost all of them, they gave their passwords away. A few bought gold like idiots in wow, a couple tried to bot or hack wow and got keylogged. As for the people who I don't know IRL, I can't inspect their computer and find out what happened to them, but at least 3 or so admitted signing up to win free mounts and things when they got emails about them.

I'm not saying that no one has ever used a clever scheme like mitm to get access to accounts, I'm saying there are so many accounts that provide a vulnerability for you that you'd need to be dumb to waste time on anything like that. And honestly the gold farmers know it, the ones that stick around are very good at what they do. They sell you stuff against the eula and then turn around 2 weeks to 2 years later and de/sell all your stuff and take the gold from it.

TLDR: You probably gave your password away without even knowing it. (note that actual h4x are possible, just highly highly unlikely give the ease of other methods)

Steps to avoid this ever again:

Never use internet explorer, i recommend firefox, but chrome is ok too. The problem with IE is that it's far too closely mated with the OS to prevent exploits from accessing your compter in all sorts of crazy ways, and known security holes take forever for them to close up. Set which ever you do choose to delete all session data and cookies and any other information you can set it to delete between sessions. Never save passwords if your browser asks you, you don't know where they're saved or how they're encrypted and that CAN lead to them getting mined.

Go to the diablo/wow/bnet account website through the launcher, and bookmark it. Any time you want to access the site, do it through that bookmark. If the part of blizzard is not accessible by going to that book mark and then typing the rest of the path after us.battle.net, it's not a real path and you missed where they changed something at the beginning. This is very easy to do, do not fall for it ever again. If the site is crazy not even close to us.battle.net (or your regions bnet address which you will get linked to through the launcher) don't put in the same info you use for your bnet account.

Download a virus scanner and spyware scanner and run them. Trendmicro housecall is an acceptable run once free virus scan. Adaware is a free spyware sweeper. Mcafee and norton are notoriously poorly maintained and sometimes even act as vectors for certain viruses. You have been warned. Run the virus scanner AT LEAST once a month, I'd recommend once a week. Do it during server downtime if no other time.

Lastly and most importantly Do not use the same password for your email that you use for your bnet account. Do not use your bnet account password for other game services. Many have terrible security (like sony) and people getting access to that login/password combo and email address will go try it in every other game they can find. Not using that same login and password will save you more hack attempts than most other things you can think of combined, no joke.

edit:

I normally would say that the users are 100% to blame by either getting malware or broware (disgruntled family member with access to your computer and account). But...

I was farming in hell and I got a run of the mill rare drop. Nothing special but better than nothing. Then a few seconds later I got d/c'd. When I relogged, of course I was at the last checkpoint. Checked my bag and the rare was gone.

It's no big deal (it wasn't a legendary or an uber rare) but I can honestly say that during all the years in WoW, I've never had a drop vanish on me after a d/c. Looks like D3 isn't quite as robust as WoW in the online department.


This sounds more like a server rollback. IE when it DC'ed it went back to the last save point, which was before you picked up that rare. It's possible some data was even saved after that point, but that item changes were not. As frustrating as that is, it doesn't really sound like hax unless you were nekkid in the street suddenly with no gold or items on you.

edit2:
05/20/2012 10:28 PMPosted by yogafire
Well you can be 100 percent secure its just there are so many potential points where someone who knows what they are doing can try to hack an account and so many ways. Not to mention all the software involved. Windows XP is a mess if your still using that you need to move to move to windows 7 which is much safer.

No, actually no one is 100% secure. The odds that you can clean up every single security vector even passably are so much lower than the odds that someone will think up a new vector you never thought of, that it's nigh impossible to be even close to 100% secure. There are a very large number of things you can do to make huge leaps in the right direction though, and i suggested some easy ones above.
There's a common denominator with almost all of them, they gave their passwords away


^^ this.
I love how people are still saying it's the players when there's literally hundreds of unique posts about this, and plenty of proof.
I got hack too man and they were no help 40 hours wasted
Well lets see....there are more than a thousands or maybe millions of players in Diablo at anygiven time. I'm pretty sure that at least 1 person in a thousand will be stupid enough to try something to exploit the game through a third person party so it actually is very possible that it is the players fault and they may number in the thousands or hundreds. You guys say that the proof is there that someone hacked thier account...but do you guys even know the players background beforehand.

Example: It is so easy for a rival company of Blizzard with say...100 people....to go into Blizzards forums and complain about hacking just to make other people negative about Blizzard. It's dirty...but it can happen.

Diablo 3 is awesome...I have no idea why other people are hating it so much. What is the best hack and slash game that has come out in the past few years....that's right none...People should stop whining and start playing.
I was hacked as well. I am not asking for a handout, just for Blizzard to fix what happened. I spoke with customer service on the phone and they said "we can do nothing, you have to contact a GM via the website" The GM that responded to me on my support ticket gave me a canned cut and paste, followed by a thank you for playing WoW. I am furious right now!

MULTIPLE ACCOUNTS WERE COMPROMISED!

This is what happened to me.

I was playing and got booted with the error message that someone else had accessed my account. I immediately reset my password which only took a few moments. I logged back in and in two minutes all my stuff/gold was gone.

The hacker's is luckllezz (George Melchers) the guy added me as a friend before I logged back in. I joined his game and watched as they cleaned out 30+ players, one after another. I reported all this to Biizzard with little to no response, now I have a level 57 worthless and not able to progress. Couple this with the server issues that happened earlier, my Diablo 3 experience is going peachy!

Where are you Blizz? A faithful fan, and paying customer needs your help!

Blizzard just gave me a response.... another cut and paste....

Greetings,

My apologies but we were unable to determine any explotative access on your account. No restorations are going to be provided. Take care.

Warm Regards,
Game Master Junadier
Blizzard Entertainment
www.worldofwarcraft.com

THIS IS A JOKE! I am so pissed words cannot explain!


A level 57 is not worthless... even if no gear is on it, there is an easy way to get items back up to your level. These things happen, i understand your frustrated but why would you add a random you do not know in the first place? There had to be something you did wrong not that you deserved it. There is no reason to complain though or be mad at blizzard, be mad at the hackers.

Inside i do laugh at some people who are surprised they get hacked though.
i mentioned this in another thread. Have any of you who have been hacked played on a public game since the release?
I'm not sure if this helps, but a wow friend taught this method to me and it seems to have worked so far. On a trusted friend or another one of your own computers email your login info to yourself. Copy and paste it into a document on your computer, and then leave it in an accessible folder. Then, when you want to log into D3 or what ever mmorpg, go into the file and copy and paste it in. This way, a key logger never logs your info.
This has nothing to do with being phished, passwords, or authenticators

There's a security loophole allowing hackers to hijack your account and bypass all of that stuff
Apparently whoever took my stuff is exploiting a bug with the friend list system...
When I logged on I had a pending friend request from "Ashlem"

In my recent players tab I was in a game with his level 2 barb named "rfhtrh"

http://imageshack.us/photo/my-images/28/screenshot005ied.jpg/
http://imageshack.us/photo/my-images/189/screenshot004zsi.jpg/

And no I definitely do not have a keylogger as I have not downloaded a single file/visited any malicious website since the diablo 3 release on the 15th.


someone has to party with you to take away your gold and gears, not a bug.
It is probably a problem on blizzards end. I bet it has to do with the wacky way things are being saved and the constant server errors.

Join the Conversation

Return to Forum