More from Blizzard on Account Hacking


Players continue to report accounts that have been stripped of their valuables, and Blizzard continues to say “Sorry, but we can do anything more than give you security suggestions and tell you to use an authenticator.” Despite rumors about Battle.net being compromised and players with authenticators getting cleaned out, Bliz continues to say that every single report they’ve looked at has been accessed via the account/password, just like you do to your own account, which seems to mean it’s all being done with key loggers and social engineering.

Blizzard can roll back your account if you were hacked, if their investigation shows that it was accessed from a distant IP# and stripped that way. Use this page to submit such a claim, but be prepared to wait a few days when you can’t play, since the fix is to roll your account back to where it was when you were “hacked” which means any progress since then will be erased. Players are reporting something of a wait for this service, which isn’t real surprising given the amount of claims, and the fact that Bliz tech support has to investigate them all individually, since you know people as are trying to abuse the system by dumping all their stuff on a friend’s account and then petitioning for a rebate.

Here’s Bashiok replying to a typically angry poster who is convinced of conspiracy theory evils.

Blizzard Fails Again

This title is mainly to get as many people to view this as possible, because attacking your poor Blizzard gets you all in a huff. Anyway, just a little something to shed light on this recent failure.
We’ve already made a statement here.

1) Hacking via SQL injection as stated in the article, not an issue with unprotected home computers as some have suggested.
We’re well aware that someone posted an idea once and it has been picked up and reposted as fact by more than a few people. It’s unfortunate.

2) Accounts with authenticators have still been compromised.
We have yet to have a single report of account compromise in which an authenticator was attached beforehand, this is absolutely false. While an authenticator does not guarantee 100% protection, one has not been found on a single account that has reported a compromise. We’d appreciate people stop spreading rumors.

5) You might want to remove any authenticator you have, because even those have proven not to work as a full proof security measure.

6) If you are really paranoid, drop your valuable items somewhere that a hacker wouldn’t know to look if they gained access to your account, not really recommended.
I don’t honestly even know what to say to either of these.

If you want to improve your account security please visit www.battle.net/security and follow the steps there, ensure your battle.net email address and password are unique (you’re not using them in other places), you have an authenticator attached, and in the event you have been compromised please follow the instructions in the thread I linked above.


There are some laughs to be had, at least. I didn’t think I’d ever say that Bashiok had just pwned someone, but how else would you describe this reply?

Finally Got Hacked

It seems that if you have a level 60, authenticator or not, you will lose all of your items. It finally happened to me, 4 hours after I hit level 60 on my first character. Blizzard needs to do something about this. Take the damn servers down until you find the exploit, if you have to.
Bashiok: You do not currently have an authenticator attached to your account. If your account has been hacked please follow the steps here.

Since I’m curious, here are a couple of quick polls to measure how prevalent the hacking is, and to see who you guys think is to blame.


Has your Diablo III account been "hacked?"

  • 2) Nope, no problems. (88%, 3,461 Votes)
  • 3) Not mine, but a friend was hacked. (7%, 285 Votes)
  • 1) Yes and I was robbed (5%, 206 Votes)

Total Voters: 3,952

Loading ... Loading ...



Who is to blame for the D3 account "hacking."

  • 1) Users without adequate security measures. (72%, 2,284 Votes)
  • 4) Blizzard for online-only DRM forcing us to play on Battle.net (15%, 472 Votes)
  • 2) Battle.net is getting hacked directly. (7%, 217 Votes)
  • 3) Blizzard should have required more user security. Mandatory authenticators? (6%, 178 Votes)

Total Voters: 3,151

Loading ... Loading ...



None of this changes the unfortunately reality that many players, through virtually no fault and certainly no intention of their own, are getting robbed. Typical sad post:

ALL my items are gone

I was on last night after being off the game for about a week. I noticed all my crafting materials were gone. that’s not too big of a deal to me. but the part where I log back on this morning and absolutely every single item on my level 46 Demon Hunter is gone. that’s about 30 hours of gameplay on this guy and all I have to show for it is his level. I am not pleased.

I love the game and I really want to keep playing it. but I would have to spend at least another 10 hours of my life to find half decent items for my guy. I would like it if someone from Blizzard could roll back my account to last night/early this morning because I just want my items back
Omrakos: David,

The account appears to have been compromised. Unfortunately we’re unable to assist directly with account issues like this in this forum. The most we can do is suggest you make sure your computer is secure from viruses and other malware that could be the cause of the compromised.

Also, we do have a proper way to report compromised accounts through our support site. When creating a ticket, you’ll be guided through that process.

For information on both of these things, please check here.

Comments

You're not logged in but can still post comments. Register or login to remember your details.
  1. I thought it is common knowledge that hacker wait before they use your account, since most people doesn’t switch password regularly. They often wait until something big happens to cash out. This is why it is suggest that you should change password regularly.
    By the way, most malware comes from legit site that have been hack, I remember this site was infected a while back. There seems to be a misconception that malware only come from doggy sites/email.
     

    • I had my account hacked 4 days ago and still waiting for a roll back from Blizzard. The only way I could get them to reply to my ticket was to tweet @ their BlizzardCS account, but now I’m waiting for another reply. They make you clearly confirm that you want a roll back since you could lose items. Of course you can lose items, and I stated I wanted a roll back in the first ticket, but I digress…
      I have yet to find a keylogger on my computer. Nobody knows my password but me. I run noscript, adblock, and am very  careful about the addresses of sites I visit so I don’t think I was social engineered.
      I thought it was people’s own faults they were getting hacked. Until I got hacked and I have no evidence that it is the result of anything I did.

  2. TLDR: Blizzard forced you to play online only, but cares not whether their online infrastructure is safe. The only way to resolve the hacking issue is to sell more authenticators. Job well done, Bobby is smiling and maybe Vivendi won’t sell Blizzard to save themselves.

    • A physical authenticator cost something like 10€, the mobile app is free and with those you got a 99.99% chance NOT to be hacked.
      Their infrastructure is probably very safe, but I doubt that those hacked people either have a strong password, or a secured PC. Stop the hate for the hate. 

      • Authenticators give you 100% security. All the people claiming they were hacked with one are liars or haven’t had that happen to them but are instead retelling what may have happened to  friend of a friend of a relative of someone they use to know. That has been proven. This right now are just haters spreading rumors to spread mistrust among more naive costomers.

      • Let him be. The infrastructure of Blizzard is 100% safe, period.

        If you do not want to close your car, don’t blame Ford that your car can be stolen.

        These complaining dudes are the same few hundred Blizzard haters that gave zeros to Diablo3 on Metacritic, while the official reviews like IGN. Gave it 9 to 9.5…

        The hate against Blizzard is ridiculous and all done by a few maniacs who constantly create the same posts with different alts.

        The lunatics of the internet…

        Btw the security of the authenticator is something of 99.99999999 % safe in view of the fact there simply is no account hacked that uses an authenticator.

        Of course nothing can prevent the Gold maffia to lie and cheat about it. It is enough that a few of these gold farmers declare that their goods were stolen and they collaborate to steal it from each other and then demand Blizzard 
         To refund their stolen gold and gear

  3. Half the problem is people seem to think antivirus and not visiting “dodgey” websites means you’re safe and your computer isn’t infected with anything. Guess what, you’re not. So it’s a waste of time to use that as evidence that it was Blizzards fault.

    • Yep they forget that someone who trying to infect your computer via the web is more likely to infect a web page via an advert/hacking the website host and inserting it into the code.
      The sites they want to infect are ones like Facebook Twitter and Youtube that have huge number of visitors.
      Someone looking steal D3 stuff will focus on trying to infect D3 related sites and webpages.

    • True, you aren’t safe, but here are some quick security tips:
      – Keep browser up to date
      – Disable as many plugins as possible in browser (i.e. Java, Adobe Acrobat, Google Update, and as many as you can stand not having)
      – For FireFox, Disable as many addons as possible — also you get the added benefit of a faster launch!
      – Keep as few programs running as possible
      – Run antivirus/malware scans occasionally
      – Use different passwords for different accounts so if a hacker gets your password, he likely can’t access all your accounts
      – Make your main email password VERY strong. Use upper and lower case letters, use a few numbers, and even throw in a punctuation mark.
      – Don’t be afraid to tie your email to your phone number (like on GMail). This can be a life saver if your account is hacked like if your password is changed by a hacker. In my opinion, the “loss” of privacy by giving them your cell number is worth the benefit.

  4. “if their investigation shows that it was accessed from a distant IP#”
    Maybe they should just implement something like steam guard. =P

  5. correct me if I’m wrong but mobile authentication prevents anyone from logging in from outside of your IP without you responding to their text with a pin, so is it possible at all (like, do hackers have enough smarts/tech) to still hack you? or is it pretty much foolproof despite blizzard saying it’s not 100% safe?

    • Authenticators are safe. How many more times do you need to read that line. 5000 times or 30.000 times ?

      And the rest is pure hating trolls who spit out anything they can invent.

      Sickening really. 

    • Authenticators are 100% safe, but Blizzard wont say they are in case someone manages to find a way to pass the check either by lucky guess (odds of this happening is 1 in a million), getting access to it IE A family member/friend, or someone finding a way to clone it.
       
      The most likely is someone one else getting there hands on the Authenticator.

      • They are not really 100% safe, but they are as safe as it gets.
        It is theorize that someone could keylog you then log on within the time frame that the code works, while have a virus prevent you from log in.
        Of course keylog the password is already very difficult not even mention it’s in real-time. Then a virus that can terminate another task, you really can not do it without hacking the kernel.

  6. Who’s to blame?

    THE HACKERS.

    Duh. 

  7. I’m rather impressed with the poll myself and as far as I can tell just get authenticaters and be done with the worry 

  8. I was hacked, but I have to say that blizzard had reset my char fairly quickly and i was up and running in 20 minutes.
    Unfortunatly though it was a backup of a day and half before, so my nice gear which i had just found was gone and I was 4 levels lower, still it was better then the “days”  being reported here.

    But no matter how fast they “fix” this issue, it shouldn’t have happened in the first place.
    I still feel, as I have done ever since we learned about the online only, that there needs to be an offline mode and not be forced to be online.
     
    All the people saying that you should just get a authenticator etc etc. with an offline option I would not have to worry about this sh!t at all, and spend another €10 to buy something else from blizzard just to be able to be safer.
     
    Just hope you do not get hacked. it’s not just the annoyance of the loss of levels or stuff after the reset has been done. But for me, the bigger thing was the feeling of being violated by someone stealing my account.
    It really felt like having someone break into my home and stealing my stuff.
    It was a really unpleased and disconcerting thing to have happend.
    and it actually put me off of playing for a short time. just because it completely sucked the fun out of the game for me.    

    • You did not have an authenticator, right?

      Getting one of those is better than “just hoping” you don’t get hacked 😉

      • No i do not but i have now ordered one as i feel forced into the decision. not a good feeling.

        the “just hope” was ment as a warning to those people who are being blasé about it. it actually was, personally, unpleased and disconcerting.

        • It’s like an alarm system for your house, it costs some money, but it can help you protect your property. Blizzard is doing his job by protecting their server, do your job and protect your account :).

        • You wouldn’t need the authenticator if you made sure you computer was clean. I think what amazes me most is all the people worried about their diablo account being hacked. Your bank account login and password is next…

  9. My friend’s account was just wiped out. I’m kinda freaking out feeling like I’m next. Just ordered an authenticator. 
     
    Thing is though…why would people bother to steal Diablo items when you could also hack steam, paypal, amazon, etc.? Doesn’t make sense. Makes me think Blizz is fucking up somewhere.

    • Because there’s real money to be made in selling them.
       
      You might as well ask “why rob a museum when you can rob a bank”. There’s room for all kinds of crime :p

    • Because Diablo 3 players are using week passwords without authenticator and they fall for fishing emails, so the hackers know there’s money to be made here, where you have 6.3 million people “playing” D3 + 10.2 million WoW players.

      • Whistle yep they are using a weak password (that is one that with some basic public info is guessable in few tries)/or they use the same password for every game and forum under the sun.

  10. I haven’t had any issues yet *knock on wood*. Don’t have an authenticator yet either, heh… have a compatible phone so could get one, but I am just a little bit curious as to whether I WILL get hacked without one (if I did, would be a heads-up to beef up my local system security). And not so fussed about potentially losing some virtual property.
     
    Don’t like the second poll, the “whose fault is it” one… it’s missing the option I’d have picked, namely “I don’t have enough information to evaluate whose fault it is”, the only response a rational person could make :p
     
    Really, if people wouldn’t rush to judgment when they cannot reach an intellectually honest conclusion, the internet and especially our corner of it would be a much more reasonable place :p

    • Do you use the same password on this or other public website?
      Is your password really simple IE 123456? Or is based on something in your life like name of a relative?
       
      If the answer to these are all no then you should be safe outside of key-loggers etc.

  11. So many fucking retards.

  12. I got “hacked” but I was on when it happened, a quick hop onto Bnet to change PW and all is good.
    *The “hacker” was even nice enough to renew my WoW account for me whilst he was there.

    Honestly though the issue is on Blizz’s end, seeing as this machine came from a clean format the night of D3 launch, and had only played D3.

    • Right, your install was fresh, with nothing done other than playing diablo. Just like the people that were hacked with an Authenticator attached to their account…

      • exactly.
        …just… what he ISNT telling is that his windows, his wow plugins, his ping lowering software and his 7 proxies all came from diablohacks and isohunt. 

        oh one more thing: formatting your harddrive is NOT freeing you from persistent viruses

    • your username/password were likely known before the D3 launch.  No one stops to think about this.   Hackers have access to huge password lists.  It’s more likely they just took advantage of your already compromised account(s).

  13. IF someone says they got hacked even w/ an authenticator, they are lying.

  14. For those of you saying it’s impossible to get hacked with an authenticator you’re wrong. I know a person who got hacked with an authenticator. He logged on in the middle of getting hacked, took screenshots, and Blizzard refuses to acknowledge it. Just because Blizzard doesn’t accept reported hacks from people with an authenticator doesn’t mean they didn’t happen. They did.

  15. Looks like number 2 on the list is not true.

    From the blue tracker: http://blues.incgamers.com/Posts/10/1/42/881/163488/hack-refund#postId_438142

    [quote]I’ve personally examined the MSInfo files of nearly all of the handful of people who have truly been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.[/quote]

    So there are some “legit” cases out there of people that were “hacked” while they had an authenticator set up on their account.    
         

    • They could be referring to post Diablo release in that statement, though it wouldn’t be the first time Bashiok has spread false information.

      • I suspect Bashiok was misinformed, not intentionally being misleading…
        That said an account with an authenticator is SIGNIFICANTLY more secure than one without…

  16. Of course users are to blame. Loads of people don’t use antivirus, don’t use any kinds of firewall, click on random links without knowing where it takes, falling for scamming e-mails, use b.net e-mail address on many diffrent websites, using b.net password not only for their b.net account, etc. I can bet that over 90% of internet users think that copy/paste password method protects you from keyloggers.
    I would be surprised if there were even 5 cases when Blizzards protection failled.

  17. 600 000 user accounts are hacked on Facebook every day. On the other hand it’s just 0.06% of their total accounts and in fact quite a low number. 
    http://techcrunch.com/2011/10/28/facebook-sees-600000-comprised-logins-per-day/

  18. Im sure that these people are just lying… Start from a single person and then its continuing… Like human waves. Get auth and sms…. Should be safe enought?

    Maybe they are like my azure was stolen 🙁 hoping to get new one from Blizzard haha 

  19. Well, I have a strong password, and only had played one public game. Then today out of nowhere I log on to find all my gold and gear missing.. Very frustrating, I hope I get my stuff back soon.
    This pretty much makes me not want to play this game anymore. I have never had an account of any kind from any game hacked previously.. but miraculously I get hacked on Diablo 3. I am not a fucking moron.. I don’t click on random links, I use more security measures on my computer than most.

    No I don’t have a fucking authenticator.. and we shouldn’t need to buy extra shit to be safe on a video game we purchased.

    It’s god damned rediculious.. I assume they won’t refund a digital purchase either will they?

  20. Not everyone can use the SMS protection as there are quite a few cellphone carriers out there that arent on that whitelist. On top of that I am having an issue with my mobile authenticator where its not accepting the authentication code when I try and assign it to my account. I am trying to get this done before I pick the game up after I get my new pc becuase this pc could barely handle the beta on lowest settings. So I wanted to get a new pc before picking the game up in several months.

  21. I was just hacked, and there is no way that anyone else had my password. The is a vulnerability somewhere in B.net

Comments are closed.