It’s only been five days, but we’ve seen what appears to be the first big rush of “hacked” Diablo III accounts. Numerous players have reported changed passwords or an inability to log on at all, while others have logged on to find their best items, gems, and gold all stripped. There doesn’t seem to be any common denominator to the affected users — they didn’t all try some new maphack program that was actually a key-logger trojan — but that sort of thing was the culprit countless times back in the D2 days, almost always delivered via social engineering.
As Blizzard (and every other security company always says), do not share your password with anyone ever for any reason. Not even if that someone is in chat and sounds totally convincing when they tell you about the secret cheat that can wildly enrich you and which they’re willing to set up for you just because they’re such a super nice guy like that. Blizzard will never ask for your password, especially not in those emails that look almost perfectly authentic. (I get them regularly in regards to the World of Warcraft account I’ve never had.)
All the other common sense precautions also apply; pick a password that no one could ever guess, don’t use that password for your log in on any other sites or forums, and it’s not a bad idea to get a Blizzard keychain Authenticator as well. That’s the first precaution listed on Blizzard’s Security Checklist, and not just because Blizzard sells them for $6.50. (Diablo III model now in the Blizzard Store.) You probably don’t want to spend the money, but would you pay $6.50 to get back all of your lost items and gold? How about $114 in Bobby Bucks™ you earned from RMAH sales that someone just stripped from your online balance?
A typical user account, from Buu in our forum:
My account was just broken into.
I was playing in NM trying to get to Act III. I got disconnected. After reconnecting, I get booted again, this time reading the error message. Another computer has logged on to my account. I reconnect and check my stash, to find that all of my gems, and about half of my items are gone. Needless to say, I immediately changed my password into a (hopefully) strong password.
Similar brand new reports from the B.net forums can be seen here and here. Also here and here and here and here and here and here.
Thanks to Mark for the tip and URLs, which he was viewing for a very painful personal reason you can well imagine.
Update: Several people in comments point out that the Blizzard mobile authenticator works with any smart phone and is free or very cheap, depending on your service. Get the US or EU version.