Hacked with an authenticator

General Discussion
Prev 1 5 6 7 26 Next
Some points to note (though I am sure they will be lost in the anger here):

1. Malware CAN be written to successfully hide from AV software. Sure, the AV engineers will eventually find ways to detect it but it can be hidden. A declaration from an AV program that the system is clean does not mean that there are NO malware programs present, only that there are no KNOWN infections.

2. As others have stipulated, man in the middle attacks are possible against users with authenticators. MITM attacks can be of varying complexity and scope and it IS possible that someone has automated a system to exploit some vulnerability either on Blizzard's side or on the client side.

3. If there was a breach of security on Blizzard's system they may be investigating and identifying the attacker to restore the breach before making any announcement. If the breach did not give access to CC#/bank account information it would not be critical to immediately inform the public. The act of informing the public might hinder the investigation and allow the attacker to cease activities until such time as another vulnerability could be identified.

4. The cloud-based nature of this game means that the networking issues are exponentially more complex than those involved in WoW or SC2. Investigating a compromise on this system would be a challenge even without millions of legitimate users. If an attacker has compromised Blizzard's servers somehow then the breach must be something obscure or the attack would have been identified and dealt with VERY rapidly.
Sairin, when blizzard shuts down bnet to fix this obvious problem they have, make sure you come back here and tell us how wrong we still are.

douche bag

btw I am a Network Administrator / Linux System admin for an ISP, and have been for 10+ years, I think I know how to keep my computers and passwords safe and secure.


I will, just so I can tell you to find a career you are good at.
Some points to note (though I am sure they will be lost in the anger here):

1. Malware CAN be written to successfully hide from AV software. Sure, the AV engineers will eventually find ways to detect it but it can be hidden. A declaration from an AV program that the system is clean does not mean that there are NO malware programs present, only that there are no KNOWN infections.

2. As others have stipulated, man in the middle attacks are possible against users with authenticators. MITM attacks can be of varying complexity and scope and it IS possible that someone has automated a system to exploit some vulnerability either on Blizzard's side or on the client side.

3. If there was a breach of security on Blizzard's system they may be investigating and identifying the attacker to restore the breach before making any announcement. If the breach did not give access to CC#/bank account information it would not be critical to immediately inform the public. The act of informing the public might hinder the investigation and allow the attacker to cease activities until such time as another vulnerability could be identified.

4. The cloud-based nature of this game means that the networking issues are exponentially more complex than those involved in WoW or SC2. Investigating a compromise on this system would be a challenge even without millions of legitimate users. If an attacker has compromised Blizzard's servers somehow then the breach must be something obscure or the attack would have been identified and dealt with VERY rapidly.


QFT

The act of informing the public might hinder the investigation and allow the attacker to cease activities until such time as another vulnerability could be identified.
05/20/2012 03:15 PMPosted by SirBigmark
when people log back, have unknow friend on their list, join the game and then they see him get drop from other character that join, drop everything and disconnect it's not that absurd to state that they was somehow hacked and it isn't just a glitch..


Good point, completely forgot about this. This is another thing that lends credibility to the whole 'hacked' notion.


I smell a troll.


Then go smell the other 100 some posts in the support forum about the same issue.


"then go smell" LOL
Some points to note (though I am sure they will be lost in the anger here):

1. Malware CAN be written to successfully hide from AV software. Sure, the AV engineers will eventually find ways to detect it but it can be hidden. A declaration from an AV program that the system is clean does not mean that there are NO malware programs present, only that there are no KNOWN infections.

2. As others have stipulated, man in the middle attacks are possible against users with authenticators. MITM attacks can be of varying complexity and scope and it IS possible that someone has automated a system to exploit some vulnerability either on Blizzard's side or on the client side.

3. If there was a breach of security on Blizzard's system they may be investigating and identifying the attacker to restore the breach before making any announcement. If the breach did not give access to CC#/bank account information it would not be critical to immediately inform the public. The act of informing the public might hinder the investigation and allow the attacker to cease activities until such time as another vulnerability could be identified.

4. The cloud-based nature of this game means that the networking issues are exponentially more complex than those involved in WoW or SC2. Investigating a compromise on this system would be a challenge even without millions of legitimate users. If an attacker has compromised Blizzard's servers somehow then the breach must be something obscure or the attack would have been identified and dealt with VERY rapidly.


QFT

The act of informing the public might hinder the investigation and allow the attacker to cease activities until such time as another vulnerability could be identified.


They don't even have to inform the public about what exactly is going on. AGAIN, a lot of people on the tech support forums are getting blamed by GMs for having crappy security or just selecting the wrong region to play in. They are telling them that nothing suggests a compromise of their account so they won't be getting rolled back. I luckily was told I WILL be rolled back, but I could see how this would be incredibly infuriating.
Sairin, when blizzard shuts down bnet to fix this obvious problem they have, make sure you come back here and tell us how wrong we still are.

douche bag

btw I am a Network Administrator / Linux System admin for an ISP, and have been for 10+ years, I think I know how to keep my computers and passwords safe and secure.


I will, just so I can tell you to find a career you are good at.


It must be hard for you to live in your parents basement, but at least your good at McDonalds.
You guys realize that according to blizzard none of our accounts were accessed by anyone other than us. No other IP addresses.

Would this not signify then that every one of us either had to have a trojan on our computer and therefor they logged onto our accounts from our computers, or the malware was designed to get our password, start up diablo, log in, and join a game with the hackers. Keyloggers wouldn't explain it.

It doesn't make any sense looking at it from the perspective that we were all careless and got our computers compromised. There are too many holes both with what we know and what blizzard has told us.


Then go smell the other 100 some posts in the support forum about the same issue.


"then go smell" LOL


Typos, lul I kno rite?
this same thing happened with rift, they had a leak and a LOT of people got hacked in the start of the game.

same comments on every page
"learn to computer"
"you got hacked, your fault for being a noob"
"stop downloading !@#$"

etc

even after the devs said they had a issue people still blamed the player. this kind of ignorance is all over the forums and will always be around. people have nothing better to do then harass people that are trying to reach out and find out what is going on.
this same thing happened with rift, they had a leak and a LOT of people got hacked in the start of the game.

same comments on every page
"learn to computer"
"you got hacked, your fault for being a noob"
"stop downloading !@#$"

etc

even after the devs said they had a issue people still blamed the player. this kind of ignorance is all over the forums and will always be around. people have nothing better to do then harass people that are trying to reach out and find out what is going on.


The end result when the majority of the community is 12-16 years old unfortunately.
thread 0/10

would not read again


And u are the only one that cares about ur response...
You guys realize that according to blizzard none of our accounts were accessed by anyone other than us. No other IP addresses.

Would this not signify then that every one of us either had to have a trojan on our computer and therefor they logged onto our accounts from our computers, or the malware was designed to get our password, start up diablo, log in, and join a game with the hackers. Keyloggers wouldn't explain it.


not everyone, someone receive a response from support stating that the account was compromised and a rollback feasible.
I'm inclined to think that those ones are just scammed in the old fashion way.
The others, with an autenticator,doesn't have any explanation right now, beside that they are all just a bunch of liar. And I don't think so.


"then go smell" LOL


Typos, lul I kno rite?

what? I was laughing at smelling posts... not typos...
this same thing happened with rift, they had a leak and a LOT of people got hacked in the start of the game.

same comments on every page
"learn to computer"
"you got hacked, your fault for being a noob"
"stop downloading !@#$"

etc

even after the devs said they had a issue people still blamed the player. this kind of ignorance is all over the forums and will always be around. people have nothing better to do then harass people that are trying to reach out and find out what is going on.


The end result when the majority of the community is 12-16 years old unfortunately.


Amen to that. Also, "learn to computer" <-- lol.


The end result when the majority of the community is 12-16 years old unfortunately.


Amen to that. Also, "learn to computer" <-- lol.


lol now I'm laughing at typos :P

Join the Conversation

Return to Forum