Blizzard Fails Again

General Discussion
This title is mainly to get as many people to view this as possible, because attacking your poor Blizzard gets you all in a huff. Anyway, just a little something to shed light on this recent failure.

http://www.eurogamer.net/articles/2012-05-21-diablo-3-accounts-hacked-gold-and-items-stolen

Now, to make a few things clear

1) Hacking via SQL injection as stated in the article, not an issue with unprotected home computers as some have suggested.

2) Accounts with authenticators have still been compromised.

3) If it weren't for an always online DRM 'protection' or a required account to play single-player, none of this would have happened, or mattered if it did. (If you were allowed to play the single player how you wanted, you would have access to resources such as the developer console, allowing you to get any items you lost for whatever reason.)

4) Blizzard has been working with people to get their accounts and items back, but as seen with WoW, there is no 100% fail-safe return to normal for hacking victims.

5) You might want to remove any authenticator you have, because even those have proven not to work as a full proof security measure.

6) If you are really paranoid, drop your valuable items somewhere that a hacker wouldn't know to look if they gained access to your account, not really recommended.

7) As seen in the video, if the game begins to freeze up or not allow you to load into a different zone, there is a chance it is because someone else is logging into your account.


That Eurogamer article was a fascinating read full of "may have" and "could be" and "as yet unconfirmed" and "has been suggested". They're reporting on the posts made on the Diablo 3 forums.

In other words they, like everyone in these forums, has zero evidence of anything.
Lets all jump on the rumor train. The more of there are, the more real it gets!!!!!
i got my account hacked as well gg my lvl 55 Monk is now naked ty Blizzard 40+ hr
05/24/2012 05:37 PMPosted by Wargear
i got my account hacked as well gg my lvl 55 Monk is now naked ty Blizzard 40+ hr


Your fault.
05/23/2012 05:43 AMPosted by Mouthwash
It could also be, but very unlikley, that the Authenticators algorithm has been broken, but that still requires the original password as well and it would affect WoW and SC2 as well.
If someone had cracked RSA encryption, they would not be using it to attack Blizzard. In fact, they wouldn't even need to rob banks with it, though they could with great ease, because I'm sure the world would fall over itself in a race to give that person millions of dollars for solving the "factoring problem."


Cracking RSA encryption would be one thing. Cracking your already cracked, always connected, 3g Android or iOS devices? Piece of cake. Wirelessly, without you even knowing.

Not saying that is what is happening though. (My theory is with the phishing/keylogger theories).

Come to think of it, perhaps I should post my theory on here at some point...
I just had my account hacked, and I am missing alot of gold.
5) You might want to remove any authenticator you have, because even those have proven not to work as a full proof security measure.
\

This is how I know you're either a hacker or a patsy.
We've already made a statement here: http://us.battle.net/d3/en/forum/topic/5149181449

05/21/2012 11:57 AMPosted by Hurr
1) Hacking via SQL injection as stated in the article, not an issue with unprotected home computers as some have suggested.


We're well aware that someone posted an idea once and it has been picked up and reposted as fact by more than a few people. It's unfortunate.

2) Accounts with authenticators have still been compromised.


We have yet to have a single report of account compromise in which an authenticator was attached beforehand, this is absolutely false. While an authenticator does not guarantee 100% protection, one has not been found on a single account that has reported a compromise. We'd appreciate people stop spreading rumors.

5) You might want to remove any authenticator you have, because even those have proven not to work as a full proof security measure.

6) If you are really paranoid, drop your valuable items somewhere that a hacker wouldn't know to look if they gained access to your account, not really recommended.


I don't honestly even know what to say to either of these.

If you want to improve your account security please visit www.battle.net/security and follow the steps there, ensure your battle.net email address and password are unique (you're not using them in other places), you have an authenticator attached, and in the event you have been compromised please follow the instructions in the thread I linked above.

Join the Conversation

Return to Forum