Blizzard Comment More on Hacks, RMAH Delayed Again and Hotfixes

Sadly the hacking problem has been a hot topic this week and we were expecting some sort of comment from Blizzard last night pending further investigations on their end. We now have some further comments on this from Blizzard this afternoon which indicate that there is nothing wrong with the Battle.Net system following their testing ans that accounts can not be compromised with an Authenticator in place.

Over the past couple of days, players have expressed concerns over the possibility of account compromises. First and foremost, we want to make it clear that the and Diablo III servers have not been compromised. In addition, the number of Diablo III players who’ve contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we’ve investigated, none have occurred after a physical Authenticator or Mobile Authenticator app was attached to the player’s account, and we have yet to find any situation where a Diablo III player’s account was accessed outside of “traditional” compromise methods (i.e. someone logging using an account’s login email and password).

To that end, we’ve also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these “traditional” methods — for example, by “session spoofing” a player’s identity after he or she joins a public game. Regarding this specific example, we’ve looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we’ve determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.

The RMAH was supposed to launch on the 29 May but it looks like it has been delayed again and no new launch date has been put in place as yet. It is likely that due to the spate of hacks Blizzard will be wanting to hold off launching this until the hacking mess is cleared up.

In light of the post-launch obstacles we’ve encountered, we have made the decision to move the launch of the real-money auction house beyond the previously estimated May time frame. As we mentioned in our original announcement, our goal has always been to ensure everyone has the smoothest experience possible when the real-money auction house launches, and we need a bit more time to iron out the existing general stability and gameplay issues before that feature goes live. While we don’t have a new launch date to share just yet, we’ll have more information soon.

Finally, we have a note on hotifixes and it looks lile we could see more regular  maintenance windows

Since the game’s launch, we’ve applied a number of hotfixes to address gameplay issues, made tweaks to improve our service stability, and performed occasional server maintenance when necessary to ensure that in the long term, players have the best gameplay experience possible. Moving forward, additional server maintenances will be required — and sometime next week, we plan to release a game update in the form of a patch that will further address client issues and apply additional bug fixes.

We also wanted to let you know that we’re still looking into the best way to address the achievements that some players lost in the hours following the game’s release. While we don’t have any concrete details to share with you just yet, we will have more information to share in the weeks ahead. We appreciate everyone’s patience as we work to improve stability and usability for all players.

Related to this article
  • Diablo 3 Hotfixes
  • Diablo 3 PTR Hotfixes 15 September
  • Diablo 3 v2.4.3 Hotfixes

  • You're not logged in. Register or login to post a comment.

    48 thoughts on “Blizzard Comment More on Hacks, RMAH Delayed Again and Hotfixes

    1. I think the later RMAH comes, the better. Still wondering about the item quality and quantity differences between the two AHs.

    2. So, just to be clear, Blizz is saying that all the people who swore they had an authenticator and got compromised anyway are liars.

      I figured that’d be the case. I don’t like calling people liars, but it’s become sadly common that folks will claim something totally off base to put blame on the entity they want to be responsible. All these people wanted it to be Blizz’s fault, but in the end it really was the users.

      Of course, it could be that Blizz is the liar, but I’m not one to believe in the whole “businesses are evil” hyperbole. 

      • Yup – I’m definitely more inclined to believe Blizzard on the whole security thing. If they had mysteriously shut down the option to play public games for a while, then I would be suspicious – but they haven’t.

      • So on some of the threads I braved about this on the official forums:
        1. The person admitted right off they had no authenticator
        2. When pressed, one guy admitted that he added a mobile authenticator AFTER being hacked. Since “time travel” isn’t one of the features of the software, that didn’t help at all.
        3. People have taken to saying that they shouldn’t NEED an authenticator. One can see the arguments on both sides (see “coin locking” on Rift and how Steam deal with logging in from different IPs) but Blizzard’s chosen method of dealing with security is the rolling token authenticator. Oh yeah, Star Wars and Rift both have moved to this method as well.
        In no cases did I find a post saying “I was using an authenticator and I still lost my stuff to a hack”.

      • I can only speak for myself when I say that getting an authenticator is the best thing I’ve ever done as far as account security goes. My wow account was getting hacked all the time until I finally got one.

        I haven’t been hacked so far…knock on wood.. 

        • Wow, maybe you should look at running an anti-virus scan or something? Or stop clicking on suspicious emails?

      • Well they may have been using the “dial-up authenticator” thinking that it would work without realizing that its WoW only.
        But its more likely they are a big bunch of trolls and band wagon riders hating on D3 and blizzard.

    3. D3 is a steaming pile of mess but seriously, what can you expect from the company who is releasing a game  about pandas…

      • riiight.  cuz it is in their best interest to lie thru their teeth about security.  Blizzard takes it’s reputation VERY VERY seriously.   IF they are lying right now, then the entire support staff and PR people need to be fired. 

      • Maybe you should use YOUR brain. I would be willing to put my entire lifes savings on the fact that 100% of people that got hacked shared their account, or logged into their account from a computer that was infected with a key logger. 
        People need to learn to take some blame for their actions. Stop visiting shady sites… Or install NoScript. I DON’T have an authenticator, and I have NEVER been hacked. Played WOW from day one up until 6 months into Cata. My Diablo account is fine as well.

        • I run noscript. I’ve scrubbed my computer for keyloggers and other malicious software and found nothing. I have file extensions shown and don’t run random .exes. I’m pretty sure I didn’t visit any shady sites anyway, because I was too busy playing Diablo for 60 hours in the first 4 and a half days. The only Diablo related site I visited was this one. No, I didn’t have an authenticator on my account. 
          I didn’t believe the hack stories either until I logged in to find my account stripped clean.
          I don’t buy Blizzard’s story that they haven’t had that many reports of accounts being hacked. If that’s true, then why is it taking them so long to respond to my ticket and roll back my account?

          • Hmm Cuz d3 just launched and every employee is busy as hell ?

            However we paid 60+- bucks for this game… So Blizz should be responsible for providing safety and “shit”authenticators aint a fair solution

          • skotch, there is an other way to break into someone account, that is know the email address they sign up with and guess there password, easy to do if it someone you know well if they use a simple password, or if they use an old password that you already know.

            ^ As for the rollback and ticket response 1 question how long has it been? After all you need the guys to be at work to see it, IE give it 24 hrs before getting annoyed.
            That if your not just a Blizzard hater making stuff up <- like the trolls who came up with the account hack trick.

            • Personally I’m on the 2nd day now, but I’ve heard reports of it taking much longer from others. I’m not holding my breath. As far as the password goes, I’ve never given any of my passwords to anyone. No friends, roommates, parents, girlfriends, etc. I have yet to find a key logger or malicious software on my computer even though I spent 2 days searching for one and scanning my computer with everything I could find. I find it highly unlikely that I was “social engineered” into entering my information in a fake website.
              I’m not saying that I couldn’t have had my login info stolen the old fashioned way. I just find it highly unlikely.

    4. For sure, security is very tricky stuff in software development. Taking into account RMAH, some people will try  VERY hard to breach the security and if they do, they’ll keep quiet for as long as possible. Of course there are steps you can take to prevent and fix the issues, but if Blizzard’s security department does the same job as the QA department, then I see lots of complaints about high level items disappearing.

    5. In before people who have no technical background on the subject posting… oh wait…

      • Really?  You worked on real-currency/security issues for a pc game with a player base of over 6 million?

        • He just pointing out that most people here have no knowledge of the technical stuff in a joking way.

    6. “…we’ll have more information soon.”

      The only time in the last decade I genuinely did not care to interpret the meaning of soon. 

      For all I care they could have said “…we might have more info on this next year…or the one after that. Sowy.”

    7. One reason for the delayed RMAH is hacking as they said, another is probably all the bugs in the current AH. One thing is too loose a few in-game gold due to bugs, another is to loose real money due to same.

      • The only inevitable thing is hundreds of lawsuits on five continents in a dozen different currencies.
        It’s one thing to release a game that’s a broken mess because of a yes-man culture, another thing to stick real money from around the world into it.

    8. Hackers always try and ruin games for everyone, normally they just do it because they can but with the rmah they can turn there hackery into money. When the first hacker gets busted “and they will” Blizzard needs to take legal action and make an example out of the person/person’s.
      With the rmah they are not just the spoiling the game but commiting a crime of theft from the victims and people’s gear is worth money, any other example of this in the real world gets you sent to jail.

    9. Like I said: people simply LIE on the internet.

      7 million play the game and a few idiots get their password stolen and lie.

      Let me get this STRAIGHT : I want those freaking game hating idiots EXPOSED.

      If I were the CEO of Blizzard, I would publicly announce their names and real identity AND I would SUE them for millions of dollars.

      These guys have only one goal: destroy a fantastic game because of a sickening mentality against anything that is successful. I don’t have any pity with psychos. 


    10. Like I said: people simply LIE on the internet. 7 million play the game and a few idiots get their password stolen and lie. Let me get this STRAIGHT : I want those freaking game hating idiots EXPOSED. If I were the CEO of Blizzard, I would publicly announce their names and real identity AND I would SUE them for millions of dollars. These guys have only one goal: destroy a fantastic game because of a sickening mentality against anything that is successful. I don’t have any pity with psychos.   

    11. I bet the RMAH auction house comes in a month or more. The gold AH simply doesn’t work most of the time. Timeout errors, errors putting items up for Auctions.
      Imagine people buying somethinf or cash, getting a timeout error, losing that money and not getting the item for 10-12 hours. It’s a major headache.
      Despite of this, I hate the 10 item limit. It’s stupid.

    12. I’m wondering what exactly happened with the Achievement system.
      I was missing several Conversations in the Achievement window, but the game showed them as listened. So the data is out of sync and it seems that Blizzard has lost data there.
      Most likely Blizzard could have restored the data immediately (there are enough Database logs, etc. that the data is not really lost) but decided againt to do it because they would have had to shut down the game servers for quite some time for that.
      Some of the achievements like quests and boss kills are automatically gained at higher difficulties.
      Some can be aquired manually again like the conversations.
      But there are Achievements for listening to bestiary books where you don’t get the Achievements when listening to these books manually again. So theese Achievements are completely broken at the moment.
      I’m wondering if they will really restore all the Achievements.
      Giving the players Achievements back for Bosses, Quests, Conversations or Books, where the game data knows that the players have it, is an easy task.
      But for Achievements like unsocketing an item, which I have already gotten a second time, Blizzard would have to really restore and merge (so redating in this example) the data. That’s a very complex job.

      • The simple method IMO would be to make all the got X flags refresh there status once bug been squashed, that is for the bestiary etc where you cant recollect them.
        For stuff like unsocketing that are repeatable in game play you can just set the counter back to zero.

    13. So how is that secure online only environment working out ? It is only going to get worse when the RMAH releases.

      • Its working out pretty well if your not a moron and take some responsibility to make sure your own machine is secure.

    14. question about the authenticator:
      lf l set it up so that it is not requiered every time l log on, is it still requiered whenever l log on from a new location? Or does it need to be actively used all the time?

      • I believe it will ask for your authenticator code the first time you log in from the new location, but not subsequent logins from that location for a while.  Even if you only log in from a single location like I do it still occasionally asks for the authenticator… like once every 3-4 days.  You don’t have to set it up to ask you every time unless you’re doing something risky like logging in from an internet cafe or something… then I’d definitely have it ask every time.

    15. Blizzard rep shouldn’t talk if he doesn’t know what he’s talking about. Session theft is not “technically impossible;” if that is possible, Blizzard wouldn’t be the first one to figure it out. Use of 2 pairs of public/private keys does wonders, but if they aren’t using timestamps (and I hope to got they are) then session theft isn’t even hard. Even if they are using timestamps, there’s a short window of time where it provides no protection, such as if you just played with someone online.

      Now I don’t think the session theft has actually been occurring, and if you did get kicked off by someone in such a way, all you would need to do is change your password then log back on (though this might be too late); however, it’s ridiculous for Blizzard to say that such a thing is an impossibility. 

      • online sessions typically use ip addresses as part of the hash key calculation as well.   I would be willing to bet they do this.   I highly doubt session spoofing is occurring.   Time will tell.  I imagine it’s just a bunch of folks who got their passwords compromised and became enraged.  So they started lying through their teeth. 
        What I would like to see is the banning of the liars from their precious games.  That would teach everyone a lesson. 

    16. To be fair, the rep TYPED the words, but I highly doubt he was remarking off the cuff.  His technical folks probably informed him as such.

    17. A lot of larceny in the ‘real’ world is actually committed by employee’s. I’m not saying that Blizzard employee’s are stealing player items just because they know that they might me able to make $$$ off them eventually but the idea is plausible.

    18. I am pleased with what Blizzard has done! They show inetrest in players concerns.

      Even realistic elemental effects are back on weapons!! Not only that colored glow. It is now as it was shown in the 1st barb gameplay trailer…with real looking fire graphics rather then just a red glow.

      Also last night as well my game was moving perfectly – no lag no stutter…was good.
      Keep up the good work Blizz…

    19. Man, you really need to let the hate go. If you don’t like the game DONT FUCKING PLAY IT. PS: If blizzard fucks up on a grand scale there will need to be a class action to make any sort of dent in their security practices. Now, a one-on-one lawsuit against blizzard would be like punching an express train.

    Comments are closed.