You're not logged in. Register or login to post a comment.

39 thoughts on “Blizzard Addresses Hacking Issue: Updated

  1. I have taken every measure to avoid getting hacked! It would be nice if blizzard could deny the rumors about people with authenticators getting hacked! As it is right now I don’t know what to believe ..  

    • You can’t get hacked if you have an authenticator. It’s impossible because they can’t know your authenticator number.

      • It’s not impossible, but it’s so complex and time-consuming compared to just phishing for your details via email, that it might as well be.

      • Wrong.

        The D3 hacks bypass the entire logging in progress using an exploit of insecure information within the public games system. An authenticator cannot stop it and people with them have had their accounts compromised. 

    • Blizzard was hacked.  How do I know, the PR response says it all.  It’s nothing but “security is important to us” and “we provide tools to protect your account”.  If Blizzard was not hacked, the PR response would have said so, period.

  2. That’s not addressing (as per title), that’s trying to ignore the issue with their netcode security.

    For more info, see

    …and the post by KhelThuzad here:
    (Quote: “The exploit itself was confirmed over at BlizzHackers.”)

    The first post of that thread is also interesting, proving that authenticators are not preventing these hacks, probably because no login/pass is required in the first place. Also, if Bnet accounts passwords were being compromised in order to strip the chars of their gear and gold, then we should also be seeing a massive wave of WoW players complain on the WoW forums about the same thing happening to their WoW chars, and that is not happening at present.

    There are 2 things happening here at the same time. One is the exploit, the other is the usual reports of people getting hacked because of their PCs having been compromised, or having used their password elsewhere, etc.

    In a blue post on the D3 forums, Blizz have stated that they have yet to discover a case in which someone was hacked without their account having been logged into by someone else. This is not true. This directly contradicts a report from a player on the same forums. He stated that the response he received from Blizz support regarding his char being stripped of gear and gold, included the statement: “Your account has not been compromised”, judging from the fact that no one with a different IP than that player himself had been logged into his account.

    PS I have not been hacked, so I don’t have any such motivation for writing this. Where there is smoke, there’s fire….

    • The forum says not to get to clvl 50.

      But it seems it’s just about playing in public games? Being clvl 50 has nothing to do with being hacked? 

    • Hmm your sure that there is a net code issue and it not just someone making stuff up? To make it sound worse than it is.
      IE all you got is someone saying it happened, there’s no evidence that the guy was using an authenticator, that all.

      • Of course I am not sure. I could only be sure if I tried to find the hack, ask/search for how to do it, test it, and report back. Not going to happen for various reasons.

  3. So much for online only being a bastion of security where no one could possibly ever cheat and everyone would be secure in spending their cash while buying power over other players.

    • Grumpy Old Wizard this is not a cheat or any other exploit that the always on-line is meant to prevent (this means people using in game cheats/exploits like duping). This is plain old account hacking.

      • except, if these reports are accurate it is the definition of ironic that the system that they enabled directly for security reasons is pivotal in giving the hackers access to accounts they would not otherwise be able to reach as those players would be playing single player.

        The reports may or may not be accurate, we will see soon enough.  

        But this is serious business, with the potential to become one of the biggest snafus in gaming history.

        It would certainly behoove players to only play with people they trust for the time being.  At least until this is all sorted more definitively.   

  4. This is scary S*it man. Glad to see Blizz are doing what they can to help, but will it work? Probably not. Because no matter how much security you apply, someone will always find a way to crack or hack it. I’m sure no body will use the RMAH until this problem is solved, and even then many will refrain from using it now. I think that Hackers are just playing with Blizzard and showing/convincing them that Always Online DRM was not an option and it is not to late for an Offline mode.
    Here is a solution, Blizzard should patch in an offline mode with some clear messages that say
    Also, they have made millions from the sales and all that, an Offline mode right now wouldn’t hurt them.

      But they want everyone to use the RMAH.
      All this sh*t is about business.

      • This.

        I would gladly click the disable RMAH button the minute they enabled it…

        But thats not what blizzard wants, and it seems most people don’t understand that.. 

    • Not gonna happen because that’d make it easier for the servers to be cracked because the server code would be on our side, wouldn’t it?!   🙄

  5. As if logging into your account with passwords not giving a shit if it’s case-sensative or not was bad enough.

  6. The message is – Blizzard is insecure. Either that or we’re just getting used as test dummies for their next world of warcraft systems. Better us then them right, after all we don’t pay monthly subscriptions. Do I believe this, at course not lol, j/k j/k 😈 So I guess Blizzard is insecure then  🙁 Gotta give it to dem haxors though, at least them got tastes. 😆

  7. Looks like they won’t admit that there’s an exploit on their side. Well, it’s understandable because that will compromise RMAH release and DRM as security measure. And now that stolen gold is offered on chat channels for real money. How sad!

  8. a report from last year comes back to me which said that the D3 cannot be or was really hard to hack. I was the first one to deny Blizz’s claim in the comments and I directed some pretty intense heat from Blizz fanbois, the article also had Online Only as the only great way to play d3, I denounced it, in this regard I was also called a troll, people were calling me a Pirate back then.
    Since my and many other open minded people’s first claim has come true, you think Crack is just around the corner?

  9. So basically their answer is, ” we are sorry, but if you want to be safe spend  more $ and get our authenticator”
    It is all about the bottom line now.

    • The smart-phone version is essentially free, and the hardware version is sold pretty much at cost and with free shipping. Where’s that bottom line again?

      • IF (emphasis on the if) the reports are true the free authenticators are not working very well, forcing people to buy the paid version. And you honestly believe a company would sell something at cost? Please, don’t be silly. Also, aren’t there fees in the paid authenticators?
        In my point of view its mandatory for any game to offer a complete safe environment for FREE (zero, nada!), no matter how cheap are the extra securities offered. That, of course, assuming the player was not stupid to install malwares in his computer.
        Its convenient for a company to patch the problem and lie about it saying it was the players fault, especially when they can use that as a form of marketing for one of their secondary products. I’m not saying Blizzard did this, but we can’t assume its the fault of players just because Blizzard said it was. Players are being hacked since I know myself as a gamer, there’s always a stable number of hacking reports every day, mostly caused by phishing, but when we see the number of attacks increasing so subtly like that then its a good indication that something else might be happening.

  10. Online only has never been a feature of preventing your account to be compromised… it’s there in order to avoid bots/dupes and other hacks of the sort, as well as a piracy counter.
    Personnaly I like it because I wouldn’t play offline anyway (provided it’d be the same closed system as D2) so it’s all good to me if they have a little more power over cheaters. Server downtime sucks but it would have sucked all the same with an offline mode.
    Also I see a pretty easy way to bypass authenticator, if you have your victim wormed you can get his acc/pass but you can also use tunneling to connect to bnet through his IP thus not prompting any authenticator and not being detected as an intrusion… but well don’t wanna give the bad guys any idea :p
    Anyway there’ll always be a hack or something once in a while that’s part of an online gaming experience so there’s no reason to be shocked. Sucks for those who’ve been had though.

  11. I have an authenticator, but D3 only ever asked for me to use it the first time I logged in.  It hasn’t since then, which kind of worries me.

    • This was something they added for convenience.  As long as you log in from the same location it won’t ask you for your authenticator all the time.  As I understand it, the moment you try to log on from another computer/location you’ll need to use it.

  12. An authenticator cannot stop the hacks that are happening. They are happening because of insecure information being passed on in public games. People who have authenticators have been hacked because of this.

    Don’t want to get hacked? Avoid public games until Blizzard fixes the exploit. An authenticator will do nothing to stop this public game hack that is happening. 

    • Sounds to me like you’re basing theories to shoot facts.

      There’s nothing proving this at all. Show me a video of it in action and I’ll consider believing it. As of right now, I sense fear-mongering, bandwagoning, trolls, and haters fueling this scare.
      Please don’t add to it.

      • Nizaris, hate to call you out but ScytheNoire is absolutely right. Authenticators do nothing to stop this. My Dad got hacked today and is considering never playing again. The only people he EVER played with is me, my fiance and my best friend whom I’ve known for 20+ years.
        He’s never touched any public games, but today he found all his characters naked and a player named TooFreaky on his list of people met – the only person he’s “met”. He doesn’t visit shady sites and his PC isn’t compromised- I built it for him and I can confirm its 100% clean. The only thing I can think of that might have drawn the attention of account hijackers is that his Battletag is from a very well known book series and is a common name seen in a lot of fantasy games.
        Probably only a matter of time before me and the other 2 on his friends list suffer the same unless Blizz fixes this.

        • Blizzard would be legally obligated to publicly announce if there was any actual hacking going on. They haven’t mentioned it at all, therefore it’s not going on. All these people who got their accounts hacked just somehow managed to give their account login details to the hackers some time since they last changed their password.

          • “Blizzard would be legally obligated to publicly announce if there was any actual hacking going on.” -Proof?

            “They haven’t mentioned it at all, therefore it’s not going on.” -Wrong. They don’t know for sure yet! They are keeping an eye on the reports. Just like you, they currently still assume that it’s just the usual, people being idiots with their passwords, using the same one on some forum that then gets hacked. This is happening too, but not in all cases reported.

            Besides, even if it was the law to publically announce, that doesn’t mean they actually would. They might choose to keep it quiet.

            “All these people who got their accounts hacked just somehow managed to give their account login details to the hackers.”

            Some of them may have, but that’s got nothing to do with the problem at hand. Read my earlier post…!!

            You’ll have to open your mind first, however. (Critical thinking is still encouraged, though!) You seem to have your mind made up and your thoughts bolted down, just so you can ignore any security problems and play the game in peace, hoping/expecting it won’t happen to you…

        • Drytchnath,

          The people affected by the hack had ONE character stripped that they were (last) using, NOT their entire account (all their characters.).

          Your dad’s account password was most likely obtained and used by someone else to log on to his account, because ALL his chars were stripped. The thief had his account password, otherwise he wouldn’t have been able to switch to the other chars.

        • How is your tale calling me out about anything? There are many different reasons that could have bypassed your security and stripped your dad’s account.

          1) Did he use an authenticator? (Can’t take your word for it, Blizzard has outright stated that no compromised account has had one)
          2) Do you have any other Blizzard addons for games like WoW?
          3) Can you be 100% certain thata keylogger didn’t make it into your dad’s computer?

          Haven’t you noticed that every high-profile D3 poster hasn’t been hacked? Don’t you find that odd? I haven’t heard of a single D3 community administrator/poster having this problem.

          This information simply does not add up. No definitive proof has been provided by any claim. Period. Provide it, and I’ll change my mind. So as of right now, I am calling out yours, and every other post, that is fueling a fire that is unnecessary.

          Weighing the probabilities of the truth, I’m hedging my bets on Blizzard.

Comments are closed.