To those hacked on West :

[Quietus]

To those hacked on West :

It's clear that there's some kind of problem going on on West, we've had such a huge number of West accounts going down, that I am not sure that I count them all as being due to 3rd party programs and the like.


So, I'm wondering what it is that's going on. Is it someone using the password recovery tool, or is someone bruteforcing a number of accounts? I can't think of a way to test the first, but there IS a way to test the second - anyone who's had your account hacked recently (we'll say the last month?), please list all of your accounts that were hacked, and we'll see if any patterns start to show up.

 

[English Muffin]

It's clear that there's some kind of problem going on on West, we've had such a huge number of West accounts going down, that I am not sure that I count them all as being due to 3rd party programs and the like.


So, I'm wondering what it is that's going on. Is it someone using the password recovery tool, or is someone bruteforcing a number of accounts? I can't think of a way to test the first, but there IS a way to test the second - anyone who's had your account hacked recently (we'll say the last month?), please list all of your accounts that were hacked, and we'll see if any patterns start to show up.

And if you don't use your passwords for anything else, list the passwords for the accounts here too. But ONLY IF YOU HAVE ALREADY DELETED THEM. Common sense please. It may just be that people had really easily guessed passwords. Oh, and also mention who else knows your passwords.

 

[TurbulentTurtle]

Actually, when it started happening, people were afraid to post their accounts out in the open, because they think that it's somehow part of how their accounts were getting hacked into.

 

[Quietus]

And if you don't use your passwords for anything else, list the passwords for the accounts here too. But ONLY IF YOU HAVE ALREADY DELETED THEM. Common sense please. It may just be that people had really easily guessed passwords. Oh, and also mention who else knows your passwords.

No, there's a specific reason I didn't ask for passwords. With the prolific number of accounts hacked, I sincerely doubt that it has anything to do with which passwords were easy to crack and which weren't.

Actually, when it started happening, people were afraid to post their accounts out in the open, because they think that it's somehow part of how their accounts were getting hacked into.

Yes, but I'm not asking OTHER people for the names of their accounts. I want to know which ones have already been hit. Rykuss recently posted about his accounts being hit, and if every other account that's been hit came before his in alphabetical order, then we can safely assume it's a brute-force problem.

 

[GreyGhost]

Since several people have reported finding requests for new passwords in their trash bin, its safe to say the hacking is email-related.

The best safety measure is to keep a separate email and with a unique pw for D2 registration. Then use a different emails for forums, etc.

Ofc if its a specific hacking program or "brute force" method then they'll get in anyway.

 

[TurbulentTurtle]

There was a thread about this a while back in the USWest forum. I'll see if I can find it for you.

edit: Here we go, I found the two threads that got started up when the thing started taking place.
http://forums.diabloii.net/showthread.php?t=503565
http://forums.diabloii.net/showthread.php?t=503663

 

[Ax2Grind]

...and the forums still lock threads when people are trying to deal with the ultimate apex of cheating. Wow, must be someone they know.

Shame Blizzard is refusing to do anything about it and letting it go on. Someone want to prove me wrong by showing me a Battle.Net forums thread saying the opposite?

 

[Qbi]

Hmmm... If anyone has accounts on any other trading forums, I think they should post here about if there were any other west account hits as well.

See if it's not just Diabloii.net members being targeted, or single out the majority that is being hacked.
I haven't played the game in ages, so excuse me if this is an already known fact.

Just my 2¢
-Q

 

[calindor]

not sure if this applies as I'm referencing an EAST account, but its worth a shot, my sons account has mysteriously stopped letting him login, attempts to recover password have failed, and tech support offered absolutely no help what-so-ever, I STRONGLY suspect a brute force hack, I would hope, if someone in tech who monitors these forums would be willing to "bend the rules" a bit and send my son his pw, please contact him/me at [email protected] the account, if you hadn't already guessed: quinnlord (of course) he's had this account for over 2 years and is very fond of his characters.

 

[WhiteAlien]

First of all it cannot be bruteforce attack. Brute force attack is based on dictionary and if you saw Rykuss psw you will understand that there is no way to brake it that way. Also 3 wrong password guess leads to RD.

Typical mistakes using passw:

1. Same passw for emails, forums and D2 acc;
2. Account sharing (this is how I lost my acc some time ago :embarassed: );
3. Login into your D2 acc from internet caffes, other PC's etc;
4. 3rd party progs

And I think there is some glitch with pasw recovery. I'll try to do some tests and if I'll come up with something interesting I'll post results here.

 

[Cooked]

I am still investigating but I believe the attack may have come through Limewire. I had an alphanumeric password and lost gear only on the account I played between Limewire sessions. Mostly the blame is mine for sloppy internet use.

 

[Quietus]

First of all it cannot be bruteforce attack. Brute force attack is based on dictionary and if you saw Rykuss psw you will understand that there is no way to brake it that way. Also 3 wrong password guess leads to RD.

Typical mistakes using passw:

1. Same passw for emails, forums and D2 acc;
2. Account sharing (this is how I lost my acc some time ago );
3. Login into your D2 acc from internet caffes, other PC's etc;
4. 3rd party progs

And I think there is some glitch with pasw recovery. I'll try to do some tests and if I'll come up with something interesting I'll post results here.

I've already accepted that it's unlikely to be a brute force thing - though I wasn't aware that 3 wrong guesses would make it crap out on you. That's just more reason it wouldn't be bruteforce. Apparently, those who've been hacked (or some at least) have found password recovery emails they didn't request.

I am still investigating but I believe the attack may have come through Limewire. I had an alphanumeric password and lost gear only on the account I played between Limewire sessions. Mostly the blame is mine for sloppy internet use.

I doubt that it's a Limewire thing, or we'd have reports from all realms, not just West. Items on East sell for just as much as they do on West, and people don't do mass hacking things just to round out their own chars. If mass hacking is going on, someone is looking for profit.

 

[themachine]

I dont think this is limited to USWest as East has been hacked significantly as well.

 

[Quietus]

I dont think this is limited to USWest as East has been hacked significantly as well.

Has it? I haven't seen any indication of that in threads here.

 

[Dawnmaster]

Well, if it's only on West, and now also on East, it's clear that it's someone in America doing it

Haven't seen any reports of Europe anywhere.

Having said that, why would bruteforce not work? You could easily write a program that would
- log on the internet
- start diablo
- log on to battlenet try 1
- log on to battlenet try 2
- log on to battlenet try 3
- close diablo
- log off from the internet
- change ip
- rinse repeat until you can access the account

This might take a long while, but it is possible.

 

[Zarniwoop]

If you had an account at rpgtraders, and if (like me) you used the same password/account name there - that's your answer most likely.

Those are not secure forums last I heard.

After I got hacked, I recalled that many many months ago I joined rpgtraders for about the 15 minutes I took to realize it wasn't my cup of tea. Being foolish, thinking "It's just D2 stuff, who would steal something like that?" - I just used the same PW.

Lesson learned.

I'd be interested to know how many that got "hacked" had rpgtraders accounts. And of those, honestly, how many used the same name and pw as in D2 like I did.

 

[Gorny]

not sure if this applies as I'm referencing an EAST account, but its worth a shot, my sons account has mysteriously stopped letting him login, attempts to recover password have failed, and tech support offered absolutely no help what-so-ever, I STRONGLY suspect a brute force hack, I would hope, if someone in tech who monitors these forums would be willing to "bend the rules" a bit and send my son his pw, please contact him/me at [email protected] the account, if you hadn't already guessed: quinnlord (of course) he's had this account for over 2 years and is very fond of his characters.

Not possible as this site is a seperate entity from Blizzard.

The only thing that can be done here is resetting the password to these forums.

Elly or any admin can reset a user's password for these forums, but the admins and we mods do not ave access to the actual passwords, they are encrypted.

All they can do is trigger the database so that it sends an email to your registered address, starting the password resetting thing.

But that's kind of pointless since individual users do have the abiliy to reset their password if they forget it or get locked out.

 

[Cooked]

I am not on the rpgtraders, never have been.

 

[Claudio_G]

Just a thought: It can be a brute-force dictionary attempt. Meaning that not every possible combination, starting at aaaa is used but certain words like: Dragon, Paladin and so on (you would be amazed how silly many users are, just work for a week as a system admininstrator in a bank).


Yes you get RD after 3 wrong guesses but I am sure there are ways around that. I do not cheat, do not use hacks and when I was still hunting d-clone it took me forever to find the right game because there were people sitting in the very same IRC channcel and running bots and d2 loader I guess (having multiple cd-keys). So those people had 40 D-clone games in a matter of a few minutes. I don't doubt that one could bypass the "wrong password RD" that way too. Cheaters suck.


Claudio

 

[Leohappy]

Yes you get RD after 3 wrong guesses but I am sure there are ways around that.

iirc, if you use the change password form you will not get a realm down if you fail 3 times but i haven't checked recently
so very likely they abuse the change password form to break in :starry:

i still think many users have been hacked via password recovery form though, looks like an easy loophole to abuse, especially if your mail account is used by others - here, again, they can use the change email address form to break in :scratch:
email addresses also tend to have bad passwords

so how do they know your email address? my guess is forums

in any case, it's hard to assess the problem without useful input from people who have been hacked