® Account Security & Diablo® III

Blizzard Archive
Prev 1 21 22 23 209 Next
Going back to SC2. Blizzard doesn't care. -1 customer

Are you stupid, are you trolling or did you just not reallize yet that SC2 is also one of Blizzard's game, and that you are not paying them a penny to use their Bnet server (so they dont actually loose any income when you dont use your paid-for copy of D3)

I swear, people these days cant even be bothered to THINK before speaking/typing.
*looks about*

Many people are jumping to large comclusions without Facts.

Blizzard is a business. And like ALL business's they have chain of Leadership and protocols to follow. If you work in any Business as a Manager you would know this.

As Follows This information is one about at max 48 hours old at the most recent known Hacks pushing that I have been able to read up upon from postings and complaints.

RESEARCH into problems takes time. The post given By the Blue upon this board is the early response that is to be expected and nothing detailed put it for at least a couple reasons.

One Its what they have been told to post by their Supervisors/Management. TWO They do not have details that is verified factual and at moment worth of any help if they said anything to ease the CONSUMERS worries.

They made a post in regards to they know about the problem and looking into and researching it as well as giving information to help in many ways better secure and protect your account on

Don't Automatically assume Blizzard is at fault or doing nothing. Of course with a matter like this a company with the repution and following that Blizzard has they are not ones to just sit Idly by with a problem going on.

those that are waiting for responses or rollbacks must also think That there is only a certain number of Staff on any shift responding. Say they have a staff of 50 people taking in and working on these problems. There are probably 20 of those taking the reports 20 people working on rollbacks after getting the reports sent to them to try and get the gear back to the players. Give 5 as supervisors trying to keep things orderly in the situation and things running smoothly and asnswering questions to those under them. then the other 5 may ver well have been set the job into assisting or doing the research on solving this problem.

Now say that my above estimates are true for each SHIFT working on the customers problems.(I could be very wrong in numbers it could be a few more or many less People).If there are say 2500 people in a period of 4 hours reporting stolen or hacked acounts in diablo 3 each person taking a min up 15-20 mins just to get in touch with the representatives with 20 people trying their best how long do you think it will take to get through 2500 people.

Things like this take time patience is needed in this situation even though we are as a whole(speacking as a poplation as a whole) Are very impatient.

Hell this was not even this much rampage when Sony's Playstation Network was Hacked and peoples Credit card numbers were stolen.

There has been far worse things done by outside parties to Banks big business's and other software companies.

This is a game made for enjoyment. I would be more worried on things should say The real world Money Auction house was open as of this moment and I started losing money my real life money because of this problem. However The real world money Auction house is not open yet so your real lifemoney is safe from this problem. At moment your losing in game stuff that Blizzard it appears is rolling back accounts to save your stuff at the least. As is the real World Money Auction house has been it APPEARS to be delayed on opening up by another week so that Blizzard can have time to look into theHacking complaints, research and find a viable solution to better protect accounts before putting your real world money on the line.

That right there should say they are working to protect your wallet from being hacked through your battlenet account.

Finally Until actual facts are released do not assume that Blizzard is responsible for everything.

When they find and get good info I am betting we will get a much moredetailed and informative post from the blues.
Just once I would like to see someone say "My account was hacked and it was my fault". After spending 14~ years seeing people say "My account was hacked and it couldn't possibly be my fault because I am perfect" I am ready for something new.
Years ago, I learned the hard way, if your computer IS already infected, very often your AV will never find a majority of the viruses. Even if your computer is new, unless you instantly installed AV, and this includes before starting Windows Updates as well, before you did anything else, and virus scanned every single old file before copying it to the new computer, you stand a very big chance of infecting your NEW computer. Viruses and keyloggers are very good at hiding from your AV.

More than once, I've used AV and even valid website AV in addition, only to have no viruses show up, but when I took my computer to the computer shop, they told me that yes, the computer was infected, and the AV could not detect the viruses.

As a result, I've learned a lot of secure ways to browse the web, I don't let third party cookies set without my permission, I constantly use script and ad block programs, I even have my browser set to approve most first party cookies the first time around. I use safe browsing from my AV company, I'm extremely careful about the sites I visit. I don't allow my browsers to download ANYTHING at all without my permission first, as in I have to click YES first. (Sometimes this affects me when I visit some sites, they like to tell me I don't have Java, because of all the safe guards I've set up, when in fact I do, and I have to do a few work arounds to make the java function if I really want to use that web site lol.)

Does this mean that my computer is clean? No, it doesn't, but I've certainly done my best to ensure it stays as clean as possible. No AV is perfect, AV misses viruses, fact of life. The only sure way to clean a virus from your computer is to wipe your hard drive, and do a clean install of Windows. The ONLY way to make sure that no viruses remain. Period.

So for those who are insisting their computers were new and that their AV can find no keyloggers or viruses, that doesn't mean you don't have one. AV looks for known code, if the keylogger or virus is using code the AV doesn't know, or hides very well, your AV may never detect the virus, ever, even on a new computer.

That said, I don't believe the authenticator is flawless. I've known a friend that got hacked with one on WoW, I also know her computer had been showing repeated signs of have a keylogger on it, but not knowing how to secure her computer, and the keylogger hiding in spite of AV scans, well, she got hacked. I imagine the same could be happening with many a player that has been hacked in D3, sadly.
Are there plans to implement case sensitive passwords?
I've read thru this entire thread, and basically we all will just have to see if another statement will come from Blizzard. Regardless of how it happens, players have been looted. Definitely it raises a question of how this was accomplished. Blizzard not so far halting the looting going on, is amazingly bad. Can they not stop them? I am definitely not going near the AH, not that I currently care anyway. Nobody can deny that Diablo 3 has had lots of problems.
ps. I have in touch with a few hack victims much like myself, and we noticed a few "mystery friends" were banned/removed/banished this afternoon.
So I assume blizzard is dealing with the issue, even if they don't want to admit it openly.

That's the best we can hope for really.
05/21/2012 11:05 PMPosted by Koshi
If anyone thinks all these people were phished/keylogged they're an idiot

Sorry, read the previous posts. Especially concerning the recent implementation and what happened then. (Since you're obviously not going to read anything, because you didn't read anything up to this point, I'll copy and paste a recent one for you:)

In fact, this EXACT same thing happened when the new was implemented. Tons of people had keyloggers on their computers, but because they had "remember my account" checked, they never actually typed their account name anywhere. Then when they were forced to type in their new email instead of account name, the keyloggers (which were there for days, weeks, months, even years) captured everything and hackers had a field day of new information. Same old same old. People who never had to enter their login information for days, weeks, months, or longer all of a sudden had to enter it at least once in the brand new D3 login screen. They put it all out there for keyloggers to grab.
I am playing with two accounts on my computer, I am one of the victims that got hacked. The difference between the things that have been done with acc 1 and acc 2.

Acc 1: I have visited AH, placed bid on item and even placed out items for sale, I have joined Public Games.

Acc 2: Single mode all the way, no AH interaction or go public interaction.

Seeing the difference between the accounts and seeing how I play on 2 accounts but only 1 account that got hacked if the case is that I got keylogged, phished or whatever, the hacker would have hacked both of my accounts instead of just one? Why take one when you can take two?

Correlation is not causality.

still waiting for ANY one of you hacker victims to provide ANY EVIDENCE WHATSOEVER that the security exploit was on Blizzard's end and not yours. I'm not saying one way or the other. What I AM saying is:

Those who make the claims fall under the burden of proof. I'm not saying it didn't happen on Blizzard's end, I'm simply asking you to prove it.

Why don't we give it a try? Play on public and visit AH but make sure you scan your computer and clean ur computer first before doing so, play public for awhile and let's see if the next few days you are hacked or not and we can be sure?
05/21/2012 11:06 PMPosted by Roknir
Are there plans to implement case sensitive passwords?

...because that makes such a HUGE difference /sarcasm
They duplicate your session ID.There's no "logging in" involved in the whole thing. The Authenticators don't do anything.
Let me share a story, it is just a story,
Since I have no proof, and I'm sure someone know better than me.

Mr. A starts Diablo3, the game client first talks to the authentication server
Auth server ask for login/password/authenticator string, and after these are cleared,
Send some identity piece, permission to play info back to the client.

The client, storing these info in the RAM, goes to the game server.
The game server check that piece, and let the client plays as Mr.A.
and the piece is what people calls "session ID"

SO, the rampant theory is, a hacker somehow able to forge a session ID that represents other player,
And they walk to the game server, and do whatever they want.

Since the authentication server is never involved,
Authenticator or not, key logger proofed or not, doesn't matter.
And there will be no "login activity" log, because it never happened.

The only question is: Is it just a myth,
Or hackers really able to forged such ID?
gg sql injection, doesnt really matter !@#$ if you have authenticator or not.
I am very skeptical of blizzards claim that this is individual people's fault because they are unable to detect any outside logins to these accounts. I have had WoW accounts compromised and they have simply checked the account log, found an unusual login point, and undid everything that was done during that time.

They have no data on these break ins, which makes me think that people have figured out how to get into the Blizzard infrastructure and have been taking information AND covering there tracks from that standpoint. They cannot login to a server like a "ghost" without a means of erasing this data from the server.
05/21/2012 11:06 PMPosted by Roknir
Are there plans to implement case sensitive passwords?

Case sensitive passwords are not the issue. They only protect your account from someone guessing your password or brute-forcing your password. And since Blizzard already implements limited login attempts before the account is locked out completely, that virtually eliminates the possibility of brute-forcing a password. Case sensitive passwords will have 0 effect.
Blizzard still doesn't understand that when thousands of players are "hacked" on the very same day, it's most likely NOT a client side problem.
Oh. My. God.

This issue had already been researched, and conclusively shown to be a Session-ID spoof. FFS, you even had people getting kicked out of game the moment they popped an achievement, and immediately came back in to find their stuff gone. You had confirmed reports from CS staff telling customers that there was no login from a different IP.

And yet, this is what you do. Disregard the issue, and blame it on your customer, then try and sell them something that you know God-damned well will do nothing about this issue.

How can you do this and look at yourself in the mirror, you miserable liar?

Join the Conversation

Return to Forum