Blizzard Says Diablo 3 Hacking Isn't Unusual - UPDATED

 Pages 1 2 3 4 NEXT
 

Blizzard Says Diablo 3 Hacking Isn't Unusual - UPDATED

image

Diablo 3 security compromises are pretty much in line with what's seen during World of Warcraft expansion launches.

The inability to connect to a Diablo 3 server when you want to play the game, particularly in the hours and days immediately following its release, is no doubt a frustrating experience. But worse than that is making the connection and then discovering that some jerk got there first and swiped all your stuff. The way some people are talking about it, nearly every Diablo 3 player on the planet either has been, or is on the verge of being, hacked.

But that's not actually the case, according to Blizzard (and also the dictates of common sense), which put up a message earlier this morning stating that while it takes security issues seriously, the rate of complaints isn't actually any worse than that of its other online game.

"Historically, the release of a new game -- such as a World of Warcraft expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo 3," the studio said. "We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well."

Responding to claims that even accounts using authenticators are being hacked, Blizzard added that "the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises." The studio encouraged all Battle.net users to use authenticators, and also made mention of the new "Battle.net SMS Protect" system, which allows users to monitor and maintain their accounts via text message.

The post provides a few other tidbits about the Battle.net security features and links to more information about the authenticator and SMS Protect, but what it doesn't touch on is Blizzard's policies regarding those who've been hacked. That, unsurprisingly, has led to 83 pages [and counting] of back-and-forth between players who want more information and/or an immediate resolution to their individual account breach, and those who claim that there are no hacks and that people who claim their authenticated accounts were hacked are flat-out lying.

Either way, and regardless of whether you think the company is being a bit too cavalier about the whole thing, it's not unreasonable to suggest that the release of a game of this magnitude is bound to attract an increased number of lowlifes who enjoy exploiting systems and taking things that don't belong to them. What really matters is what happens after the fact; if Blizzard can plug the leaks and take care of its affected customers in a timely and generous fashion, then all will be well in relatively short order. If not, 83-plus pages of forum anger will probably be a common sight for a long time to come.

UPDATE: In two separate posts, Diablo 3 Community Manager Micah "Bashiok" Whipple reiterated Blizzard's position that Battle.net hasn't been hacked.

"We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said in the first post. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."

About an hour later, he posted a second message saying that compromised Diablo 3 owners may have been victimized by an "orchestrated" attack intended to take advantage of a large number of people before they could react.

"It seems to me like it's the most logical way to go about it," he wrote. "Build up a list of accounts and passwords, and then hit them in a rapid succession before word can spread and people can change their passwords, add an authenticator, etc."

Users with hacked Diablo 3 accounts may seek further assistance through the "Help! I've Been Hacked!" tool at http://us.battle.net/en/security/help.

Permalink

I've been using the authenticator since my wow account got hacked around the time cataclysm came out, I've had no further problems yet. If it isn't giving me full protection then at least it'll maybe act as a deterrent, so that the lowlife scum don't think its worth it (its really not, i'm only lvl 9 on D3).

Wasn't this the very thing that the DRM was supposed to protect us from? Oh right, its supposed to protect Blizzard's bottom line, and the customers can go fuck themselves.

Seriously fuck you Blizzard.

matrix3509:
Wasn't this the very thing that the DRM was supposed to protect us from? Oh right, its supposed to protect Blizzard's bottom line, and the customers can go fuck themselves.

Seriously fuck you Blizzard.

It wouldn't protect against account theft at all. Different kind of hacking.

But...sadly, no I don't think how they handle this will change anything. Diablo 3 will be remembered as the worst video game launch of all time. ...Sharing the title with some other games i'm sure, like every WoW expansion...Every game that crashes when the planets align..You know, the usual stuff.

From the, lets call them reports, I've heard from the more seedy parts of the inter webs, most of the hacking is being done via a server exploit using a packet sniffer during public games to obtain individual user info. Also currently it's by and large the lvl 50+ crowd that are being targeted.

matrix3509:
Wasn't this the very thing that the DRM was supposed to protect us from? Oh right, its supposed to protect Blizzard's bottom line, and the customers can go fuck themselves.

Seriously fuck you Blizzard.

Well thats unneccessary. They're not being mean, they're trying to find the best way to do things. I may not agree with DRM or even like Blizzard that much, but I definitly can tell when people are trying to do their jobs.

At least they warned us before hand that it may have problems being released in the same fashion as the Halo: Reach beta was. Too many people jump in at once and fry their servers so hot that your could cook breakfast on it.

lol. Blizzard. I don't even know why anyone likes your games. Off to put my penis in an ice box.

If it's in line with the affliction it's WOW expansions had, then Blizzard hasn't really done much to mitigate it have they?

newwiseman:
From the, lets call them reports, I've heard from the more seedy parts of the inter webs, most of the hacking is being done via a server exploit using a packet sniffer during public games to obtain individual user info. Also currently it's by and large the lvl 50+ crowd that are being targeted.

I've heard the same, and if true, it's a big screwup on Blizzard's part. Saying "It's not unusual" isn't helpful, nor is it especially true - for a game of this caliber, this really shouldn't be happening.

Soviet Heavy:
If it's in line with the affliction it's WOW expansions had, then Blizzard hasn't really done much to mitigate it have they?

No, why would they? That would just cost money, and require thinking. They'll just wait until the lawsuits start rolling in before they bother to notice anything outside of morning coffee and pastries. Then they can squash all of those because everyone signed EULA's preventing them from suing for anything.

newwiseman:
From the, lets call them reports, I've heard from the more seedy parts of the inter webs, most of the hacking is being done via a server exploit using a packet sniffer during public games to obtain individual user info. Also currently it's by and large the lvl 50+ crowd that are being targeted.

The higher the level, the higher the chance at having better loot for the real money auction house.

IT is mainly a single player game! This should not have been an issue in the first place!

I mean, imagine this kind of shit with your Mario games.

I hear Blizzards blaming the victims for this. Even the ones that had and used authenticators.

oplinger:

matrix3509:
Wasn't this the very thing that the DRM was supposed to protect us from? Oh right, its supposed to protect Blizzard's bottom line, and the customers can go fuck themselves.

Seriously fuck you Blizzard.

It wouldn't protect against account theft at all. Different kind of hacking.

But...sadly, no I don't think how they handle this will change anything. Diablo 3 will be remembered as the worst video game launch of all time. ...Sharing the title with some other games i'm sure, like every WoW expansion...Every game that crashes when the planets align..You know, the usual stuff.

Currently two games are about on par for 'worst launch of all time".

Anarchy Online, had game play crippling bugs, server issues, players items becoming de-synced and thus disappearing, oh, and the Agent class specialty which is to grow smaller to give a bonus to conceal and aimed shot would cause them to fall down through grating's in the game, making them stuck until a GM could move them.

Then there is Darkfall. Only selling a handful of accounts every week after launch because "lol, wut is beta test?" and "lol, wut is server stress test?", monsters would become de-synced so you would end up being gang rapped by invisible mobs, you would die and immediatly get spawn ganked because "lol, wut is load time? qq moar carebear!"

oh, and if you as much as complained about anything in the forums you were called a non-playing troll and banned from posting.... by the fucking developer.

So while D3 is having some serious issues [some of which wouldn't be an issue if there was offline single player], it isn't as bad as it could be.

It's like they don't even want paying customers playing this game.

And yet the WoW expansion hack outbreaks never got half the hate/whining the Diablo III one has...

Another thing the always on DRM was intended to address but doesn't.

So why was an offline single-player campaign option a bad thing again, Blizzard?

Aeshi:
And yet the WoW expansion hack outbreaks never got half the hate/whining the Diablo III one has...

That shouldn't really be surprising. After the craptastic launch, the game was bound to be under (deserved) harsh scrutiny.

OT: If there was an OFFLINE Single-Player mode, the damage here could have been mitigated.

Aeshi:
And yet the WoW expansion hack outbreaks never got half the hate/whining the Diablo III one has...

Read this:

newwiseman:
From the, lets call them reports, I've heard from the more seedy parts of the inter webs, most of the hacking is being done via a server exploit using a packet sniffer during public games to obtain individual user info. Also currently it's by and large the lvl 50+ crowd that are being targeted.

Thank you!

Now...

BRING OUT THE TAR, TORCHES AND PITCHFORKS!

Captcha: Start from scratch. HEAR THAT BLIZZ, I THINK THE CAPTCHA IS TRYING TO TELL YOU SOMETHING!

matrix3509:
Wasn't this the very thing that the DRM was supposed to protect us from? Oh right, its supposed to protect Blizzard's bottom line, and the customers can go fuck themselves.

Seriously fuck you Blizzard.

No actually DRM has absolutely fuck all to do with this.

Antari:

Soviet Heavy:
If it's in line with the affliction it's WOW expansions had, then Blizzard hasn't really done much to mitigate it have they?

No, why would they? That would just cost money, and require thinking. They'll just wait until the lawsuits start rolling in before they bother to notice anything outside of morning coffee and pastries. Then they can squash all of those because everyone signed EULA's preventing them from suing for anything.

The thing is you cant really do anything about this. People get their accounts hacked in everything. Steam, XBOX, PSN, every mmo in existance, etc. Unless you want the same level of security on your battle.net account as they have at banks (which will never happen) you cant avoid this.

People are really fucking stupid and nomatter how many safeguards you put in place they will still fall for the same stupid scams and get their accounts hacked.

Soviet Heavy:
If it's in line with the affliction it's WOW expansions had, then Blizzard hasn't really done much to mitigate it have they?

Its extremely hard to mitigate the problem when the problem is people falling for phishing scams and downloading keyloggers.

I'd offer to lend Blizzard a shovel with which to dig their own grave, but they make enough money to buy a shovel made of titanium alloy for each of their employees.

quick, I'd better go and check to make sure that all my items in other single player games aren't being stolen... OH WAIT - that's not a thing. Nice one, Blizz - bringing MMO issues to what is essentially single-player hack and slash with online market.

I'd love to just go and play some SC2 skirmishes now to relax, but I can't cos my internet's acting up AND I NEED TO BE ONLINE TO PLAY BY MY SELF.
/still confused why this was ever considered to be a good idea.

Wicky_42:

I'd love to just go and play some SC2 skirmishes now to relax, but I can't cos my internet's acting up AND I NEED TO BE ONLINE TO PLAY BY MY SELF.
/still confused why this was ever considered to be a good idea.

Except SC2 has an off-line mode. I get everyone hates Blizz, but do try not to complain about non-existing problems.

Haha, I love that attitude. "Well this isn't working for some people so clearly it's not working at all."

And welcome to the growing pains of a new technological era, kids. You all thought it was pretty awesome being able to do everything online; shopping, mail, movies, tv shows. Hell Penny Arcade keeps saying the new wave of internet would completely replace brick and mortar. Well kids, say hello to the drawbacks of an always-online era. If you don't like it, invent a time machine and go back to 2000.

Just because it isn't unusual doesn't make it acceptable. In fact, it makes it even more unacceptable that they still don't know how to deal with this issue.

Andy Chalk:
But that's not actually the case, according to Blizzard (and also the dictates of common sense), which put up a message earlier this morning stating that while it takes security issues seriously, the rate of complaints isn't actually any worse than than of its other online game.

(facepalm)

Okay, I'll bite with the obvious question- how does it compare with the rate of complaints on the non-online games, like Diablo 3 could have been if it hadn't been created with this new paradigm in mind?

This is kind of like saying "We find the rate of theft in your home to be very similar to the rate of theft in other homes in which we've installed maintenance/utility doors against the homeowner's desires."

Callate:

(facepalm)

Okay, I'll bite with the obvious question- how does it compare with the rate of complaints on the non-online games, like Diablo 3 could have been if it hadn't been created with this new paradigm in mind?

This is kind of like saying "We find the rate of theft in your home to be very similar to the rate of theft in other homes in which we've installed maintenance/utility doors against the homeowner's desires."

Because we all know how hack-free the oh-so-sacredly-singleplayer Diablo II was right?

It's not unusual, but it's still happening in similar, if not higher, numbers to that of WoW expansion hackings? Can Blizzard at least pretend that they've learned from their past releases? Oh, I guess that is what this article is about. Never mind then, carry on.

Captcha: little bird told me

Indeed, a little bird did tell me.

Well they could do the thing valve did with steam and only let you log in from authorized computers. Admittedly there are ways around that as well but it would at least help a bit.

This is like sony coming out and saying:

"Ye,we are sorry that your credit card numbers got compromised and most likely it is your fault in the most part. Oh ye,did we mentiong that if you pay us 5 bucks (free if you have an iphone,which is an absolutely cheap thing to get) we will make sure that your credit card gets a withdrawal limit so that it ensures that it is safer"

This is absolute crap. The user is obliged to have his pc clean of keyloggers and yes,obviously, some of them wouldn't be able to keep their end of the bargain. Anything else after that is their responsibility though and the amount of hacked people is way too big to believe that "oh,it's your fault guys, should we remind you of our authenticator that you can buy?". Trying to put the blame to the user is really insulting.

Aeshi:

Callate:

(facepalm)

Okay, I'll bite with the obvious question- how does it compare with the rate of complaints on the non-online games, like Diablo 3 could have been if it hadn't been created with this new paradigm in mind?

This is kind of like saying "We find the rate of theft in your home to be very similar to the rate of theft in other homes in which we've installed maintenance/utility doors against the homeowner's desires."

Because we all know how hack-free the oh-so-sacredly-singleplayer Diablo II was right?

Of course it wasn't. But Diablo II was also possible to play both multi-player and single-player without having to log into Battle.net. Battle.net accounts having become both inseparable from the game and far more valuable than they were in the era of DII, it would seem to behoove Blizzard to have put more effort into securing the now compulsory service.

matrix3509:
Wasn't this the very thing that the DRM was supposed to protect us from? Oh right, its supposed to protect Blizzard's bottom line, and the customers can go fuck themselves.

Seriously fuck you Blizzard.

Packet sniffing and DRM are two completely different things. DRM is an attempt to keep the software pirates from playing the game without paying for it. What this is here is basically spoofing and packet sniffing. This allows hackers to discover account authorization information from the data stream in order to gain access to a person's account. Blizzard needs to improve their data encryption to keep hackers from getting the account information from the data packets.

Why is it that the first thin I though of when reading the title of the article was Blizzard saying:

"Our other games get hacked just as much. True our Authenticator don't always work, but this rampant hacking is a staple among Blizzard games. Like it or shut up."

Andy Chalk:

Responding to claims that even accounts using authenticators are being hacked, Blizzard added that "the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises." The studio encouraged all Battle.net users to use authenticators, and also made mention of the new "Battle.net SMS Protect" system, which allows users to monitor and maintain their accounts via text message.

You say they are effective but you haven't said that accounts can't get hacked with the Authenticators, but you instead say they are "effective measures"? That leads me to believe that Blizzard knew that the accounts, even WITH the Authenticators, would still have the probability of getting attacked. Even if they say the chance is less it's still not a concrete system and can be bypassed with the same persistence as when bypassing DRM... I guess.

Update Edit:

Andy Chalk:

"We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said in the first post. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."

Ok, NOW they admit it. I guess that's a step forward... in a way. I would still like to have an Authenticator, but all this shit is still on Blizz's head.

God damnit. I wanna play this game with my brother so bad. Run through dungeons and stuff. Now I have to worry more about my stuff than I do for the actual Inferno difficulty. Why did Blizzard make their problems mine ? Do they not want my money ? I actually bought Diablo II and SCII.

I gave real money to buy those 2 titles. I still haven't finished DII but it's one of the finest games I have ever come across. I haven't played SCII cause my PC can't handle it yet. Hear that, Blizzard ? I bought a game I cannot even play! Its' special edition, no less! I put up with the DRM because it was only once every 30 days!

What the crap would make you think that going online only is a good idea ? You just destroyed a whole community, there are people whose entire 2 weeks of work are gone because of something you should have been prepared for, given that the game took 10 years to make.

When are you going to get it ? The people that pirate your games are far far less than the ones that actually show up in a store and buy it. How else do you explain beating your own records with every release you make ?

There are people who waited the better part of a decade for this and when they finally got it, they lost it again. I love the franchise and I love the game I am gonna play but FU, Diablo III. If a cracked offline version gets released, I am downloading that. If I am paying upwards 60 euro to play a game (which for a PC game is quite a lot), I expect no lagging and safety. Since you can't provide neither of these 2, I am not giving you my money.

 Pages 1 2 3 4 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here