Diablo III accounts are getting hacked and relieved of all items because of Real Money Auction House

 Pages 1 2 3 4 5 6 7 NEXT
 

http://www.examiner.com/article/accounts-on-diablo-3-hacked

After getting through the bevy of release date errors, Diablo 3 players are finding their accounts under attack. It's not clear whether it's an exploitable glitch within Diablo 3 or improperly secured accounts on the client side, but many accounts on Diablo 3 have been hacked on May 19 and 20. Those who have recent activity with an account named "leyiong", "Nevin", "SBJunkie", "luckllezz", "McLeast" or any other person you know you never played with are almost assuredly the victims of this hacking and will need to take steps to re-secure their account as well as get their items back.

Blizzard's answer to the mass of hacked Diablo 3 accounts, is, "Change your password and get an authenticator" - though many accounts with authenticators have also been among those hacked.

You can also submit a ticket to support and authorize an account roll back. This will take your character back some levels - how many will depend on when Blizzard staff can reset your account back to - and return some of your gold and items. Be aware that there are restrictions on the number of rollbacks available - it seems to be two based on answers to submitted tickets - and that being hacked more than once will cause your account to be banned permanently from using the soon-to-be-released real money auction house.

Most likely this group of hackers is preparing for the opening of the Diablo 3 real money auction house. This is just a taste of what's to come in the future when the auction house officially opens and hackers everywhere try to steal goods and gold to sell for real cash.

This reporter, after having her own account with authenticator hacked, firmly believes this is a serious security breach on Blizzard's side, though they either do not want to admit it, or are still unaware of the problem. Many who have had their account on Diablo 3 hacked were logged in at the time of the hack and support staff tells them there was no evidence of their account being hacked. That indicates there is an exploit in the system being taken advantage of.

So apparently the "Always Online"-DRM system was supposed to "protect" people from others trying to hack the game and duping items, they seem to be directly going for hacking accounts instead now.

Some more Journo Hacking victims:
EuroGamer: http://www.eurogamer.net/articles/2012-05-21-diablo-3-accounts-hacked-gold-and-items-stolen
PC Gamer: http://www.pcgamer.com/2012/05/22/diablo-3-accounts-hacked-items-stolen-real-money-auction-house-due-next-week/
Forbes: http://www.forbes.com/sites/insertcoin/2012/05/30/the-horror-of-being-hacked-in-diablo-3/
Ars Technica: http://arstechnica.com/gaming/2012/05/my-brief-life-as-a-diablo-iii-hacking-victim/
Examiner (again): http://www.examiner.com/article/diablo-iii-an-authenticator-still-gets-you-hacked

Well, isn't that just dandy.

I'm feeling vindicated in giving this game a pass.

Did they really expect this to stop pirates? When has DRM ever stopped hackers or pirates? Never, it only slows them down slightly. But an account highjacking scheme within a week of launch? That's pretty damn fast.

Yay! More proof DRM is the digital equivalent of trying to placate protestors by calling them fags and telling them to go home.

IE: It just makes things worse.

Well as I (and others) said before; Blizzard don't want to wipe out gold and item farming, they just want a cut of the profits.

Soviet Heavy:
Did they really expect this to stop pirates? When has DRM ever stopped hackers or pirates? Never, it only slows them down slightly. But an account highjacking scheme within a week of launch? That's pretty damn fast.

It's hardly surprising. A legal auction house where people can sell items to each other for real money, readily available to all. It's a farmers/hijackers dream. And Blizzard know it.

Soviet Heavy:
Did they really expect this to stop pirates? When has DRM ever stopped hackers or pirates? Never, it only slows them down slightly. But an account highjacking scheme within a week of launch? That's pretty damn fast.

Well, for the last years Blizz was actually quite successfull to slow pirates down with their serverstructure of WoW. SC2, no idea.

On topic: May I quote the Heavy: "Not big surprise".

So much I like to rag on the same idiots who complain about the DRM as if it were news, this one was also forseeable. WoW accs can't be held secure and from my time I knew that even the authenticator was not safe. If they now have the possibilities to get the keylogger for both when you have just ingame contact with them... well, this is the first major screw up in my eyes from Blizzards side.

Also, it's not really "that" fast. It seems that SC2, WoW and D3 both use the same login structures, they just had to come up with a scheme to get the stuff on the victims rig which can be really easy.

This sounds like the problem they had with Rift, where hackers could use your session identifier to control your account without needing to know your password (the authenticator won't help either). Same story, the devs kept blaming the players till it was demonstrated to be a security loophole.

This is somewhat surprising from Blizzard though. I mean their security in WoW was never that bad, and surely this is using mostly the same tech? Or so I'd have thought.

I feel bad for the people being hacked but hopefully this situation shows how faulty Blizzard's always online/real-life auction house really is.

This problem isn't new. It happens in MMOs all the time for very similar reasons.
The only difference is that it's Blizzard and not just some random gold-farmer website whose fencing the goods.

While I have nothing valuable in my game other than the time invested to it but none the less I am somewhat concern over my account. Also no I'm not going to give them more money just to buy an authenticator especially when that got compromise aswell.

Monetization, ladies and gents.

The problem is no one has actually proved that their account got hacked and there really was an authenticator attached to the account. There was a problem of this found in World of Warcraft almost a year ago, Blizzard commented and stopped it within two days.

Atmos Duality:
This problem isn't new. It happens in MMOs all the time for very similar reasons.
The only difference is that it's Blizzard and not just some random gold-farmer website whose fencing the goods.

It's worth noting that D3 accounts aren't just D3 accounts. People have been using battlenet to log into WoW for over a year now. Plenty of people playing D3 also play WoW. That battlenet accounts continue to get hacked after Diablo 3 is released should surprise no one. No one.

I'm also suspicious of a reporter who admits to being hacked, then goes on to say that she "firmly believes" that the fault is Blizzard's while admitting she has no clear proof. I thought reporters were supposed to report on facts, collect sources, etc.? Reporter sound biased as fuck.

Also, the RMAH has very little to do with it. People have been getting hacked in WoW, which doesn't have a RMAH, for years - almost a decade. Item duping was probably a major reason Diablo 2 accounts didn't get hacked.

So when this sort of thing happens in any other game it's the Users fault for clicking fake emails or being stupid enough to get scammed but when it happens to Diablo III it's Blizzards fault?

Good to know.

Dags90:
Also, the RMAH has very little to do with it. People have been getting hacked in WoW, which doesn't have a RMAH, for years - almost a decade. Item duping was probably a major reason Diablo 2 accounts didn't get hacked.

There's no need to hack a SinglePlayer game you know... and people also wouldn't lose all their money/stuff if it wasn't for the RMAH lol

They're grabbing em for selling.

First, I call bullshit on that accounts have actually been "hacked". It's a very dramatic term to use, but most, if not all, of the people claiming to have been hacked have simply either fallen for a phishing scam, which means they are clueless morons, or are using something akin to "Password" as their password, which incidentally also means they're clueless morons. In both cases, I regard losing their account as little more than an idiocy tax.

Second, I call bullshit on that this has anything whatsoever to do with the RMAH. Is there any evidence of this? Of course not. Hell, we're talking about a battle.net account that's shared between several different games, who's to say they didn't expose their account to fraud in another game and this has nothing to do with Diablo III in the first place?

Third, I call bullshit on anyone actually losing their account in spite of having an authenticator. They'd have to screw up pretty badly themselves for that to happen, and even then it doesn't even have to involve Blizzard.

defskyoen:
There's no need to hack a SinglePlayer game you know... and people also wouldn't lose all their money/stuff if it wasn't for the RMAH lol

They're grabbing em for selling.

Yes they would. If they weren't going to sell the items in the RMAH they'd do it on third party websites just like they did for Diablo 2.

How many of these people who are hacked do you think never used multiplayer?

I'm not going to debate the legitimacy of this claim but I'm hardly going to doubt it either...

Here's the thing with hackers. Give them a challenge and they'll gladly surpass it. DRM stands as a major challenge to them, and from what I've seen there isn't a single challenge a skilled hacker can't overcome.

Blizzard and Activision have put their own paying customers at risk. Just another way in which they are punishing well meaning people who give them money to play by the rules.

And they didn't see this coming either...

Given that they screwed up their launch by crashing their servers, I doubt they're prepared to safeguard against hackers trying to scam the auction house.

Elcarsh:
First, I call bullshit on that accounts have actually been "hacked". It's a very dramatic term to use, but most, if not all, of the people claiming to have been hacked have simply either fallen for a phishing scam, which means they are clueless morons, or are using something akin to "Password" as their password, which incidentally also means they're clueless morons. In both cases, I regard losing their account as little more than an idiocy tax.

Second, I call bullshit on that this has anything whatsoever to do with the RMAH. Is there any evidence of this? Of course not. Hell, we're talking about a battle.net account that's shared between several different games, who's to say they didn't expose their account to fraud in another game and this has nothing to do with Diablo III in the first place?

Third, I call bullshit on anyone actually losing their account in spite of having an authenticator. They'd have to screw up pretty badly themselves for that to happen, and even then it doesn't even have to involve Blizzard.

Apparently this is not only happening to people who just bought Diablo 3 and made their battle.net account, but also to people who have been playing games like WoW and Starcraft for years.

Someone who's been playing Blizzard games for 5 years and bothered to buy an authenticator falling for a www.totallylegitdiablo3gold.com.hr scam? I doubt it.

So how exactly does one get "hacked"? I genuinely want to know.

Or is it just another word for "fell for phishing scam/got a keylogger/had a crappy pw"?

I call bullshit. From my understanding, any 'real money' you gain from selling items can only be used to purchase blizzard products; there's no way to take the money out of the system.

Smertnik:
So how exactly does one get "hacked"? I genuinely want to know.

Or is it just another word for "fell for phishing scam/got a keylogger/had a crappy pw"?

Those are possibilites. Another risk is when you're using the same password for a fan site or your clan website and that server gets hacked for passwords.

veloper:

Smertnik:
So how exactly does one get "hacked"? I genuinely want to know.

Or is it just another word for "fell for phishing scam/got a keylogger/had a crappy pw"?

Those are possibilites. Another risk is when you're using the same password for a fan site or your clan website and that server gets hacked for passwords.

A lot of problems with WoW hacking came from websites selling or taking email address from the forums registers to hacker groups. It was stupid to require an email address for the battle.net system to begin with.(Blizzard's Fault) The hacker groups just used brute force hacking to get the password. That is why an authenticator is so important.

I do keep an authenticator on my account, but I have never used my email(just a free email account) for anything else than battle.net. I tell people to do the same.

From what I've been reading, the hackers seem to jump from account to account via the friends list, and they can only seem to target the last character you've used. People have reported lower level characters being hacked while they have a higher level character on the same account that wasn't touched. That's not indicative of password stealing.

If this was a simple case of bad password, scam or keylog, then with battle.net using the same credentials for all games we would be seeing simultaneous hacks in WoW, would we not? I've not heard of a big increase in WoW accounts being hacked. This is on a different scale.

Still, it's nice to see that fans are wading in to insult the victims before the details are known.

Dags90:
Yes they would. If they weren't going to sell the items in the RMAH they'd do it on third party websites just like they did for Diablo 2.

How many of these people who are hacked do you think never used multiplayer?

Again, there's no possibility or want to hack into a SinglePlayer game. Without Always-Online DRM noone would have these problems if they chose to play SinglePlayer.

Smertnik:
So how exactly does one get "hacked"? I genuinely want to know.

Or is it just another word for "fell for phishing scam/got a keylogger/had a crappy pw"?

Apparently they're able to grab the Session-ID from your last LogIn over the Friends list, so basically anyone playing Diablo 3 with other players can hijack your session, clear your character and stash of anything and move on.
Authenticators, changing Passwords or anything like that won't help since they are doing it On-the-fly.

WoW Killer:
Still, it's nice to see that fans are wading in to insult the victims before the details are known.

Yeah, it's fanboyism, corporate cronism together with a nice pinch of Stockholm Syndrome and victim blaming.
It's getting ridiculous, "Blizaaahd, my precious! Do no bad! Do no bad!"

WoW Killer:
From what I've been reading, the hackers seem to jump from account to account via the friends list, and they can only seem to target the last character you've used. People have reported lower level characters being hacked while they have a higher level character on the same account that wasn't touched. That's not indicative of password stealing.

If this was a simple case of bad password, scam or keylog, then with battle.net using the same credentials for all games we would be seeing simultaneous hacks in WoW, would we not? I've not heard of a big increase in WoW accounts being hacked. This is on a different scale.

Still, it's nice to see that fans are wading in to insult the victims before the details are known.

Is it better to grap torches and bloat up the hyperbole before the details are known?

People are really enjoying bashing this game at the slightest hint of something bad without waiting for more news. So far so good on my account.

EDIT: Some of these replies, man you guys are awful people. Hoping it gets worse because a company did something you didn't like and fuck over more users? Seriously, you people are fucking awful. Example below.

Adam Jensen:
I don't feel bad for people who's accounts have been hacked. That's their punishment for supporting always-on DRM. I hope it gets worse. I hope it spreads like wildfire and causes massive panic among Diablo 3 community, and I hope it never gets fixed. Perhaps that's what it takes for Blizzard to patch in an offline mode.

Also, gold spammers are apparently already present xD

image

WoW accounts have been constantly hacked for years now. Are people really surprised when those same WoW accounts are hacked, and the hackers also get into the victims Diablo accounts?

dagens24:
I call bullshit. From my understanding, any 'real money' you gain from selling items can only be used to purchase blizzard products; there's no way to take the money out of the system.

Yes, you can. Players will be able to take out money earned in the RMAH and put it into an actual bank account.

Given how common hacking/account theft is in WoW I expect it to be absolutely rampant in D3.

dagens24:
I call bullshit. From my understanding, any 'real money' you gain from selling items can only be used to purchase blizzard products; there's no way to take the money out of the system.

you can cashout to paypal.

the same way you cashin

but blizzard takes a cut there as well as on each individual sale.

dagens24:
I call bullshit. From my understanding, any 'real money' you gain from selling items can only be used to purchase blizzard products; there's no way to take the money out of the system.

Wrong. For an additional 10% you can transfer anything into a PayPal account.

Elcarsh:
First, I call bullshit on that accounts have actually been "hacked". It's a very dramatic term to use, but most, if not all, of the people claiming to have been hacked have simply either fallen for a phishing scam, which means they are clueless morons, or are using something akin to "Password" as their password, which incidentally also means they're clueless morons. In both cases, I regard losing their account as little more than an idiocy tax.

Second, I call bullshit on that this has anything whatsoever to do with the RMAH. Is there any evidence of this? Of course not. Hell, we're talking about a battle.net account that's shared between several different games, who's to say they didn't expose their account to fraud in another game and this has nothing to do with Diablo III in the first place?

Third, I call bullshit on anyone actually losing their account in spite of having an authenticator. They'd have to screw up pretty badly themselves for that to happen, and even then it doesn't even have to involve Blizzard.

Blaming the victims, doesn't get much more classy than that.

Zhukov:
Well, isn't that just dandy.

I'm feeling vindicated in giving this game a pass.

Second that. Another reason to buy Torchlight 2 despite not really liking the first. Besides the price and the fact that Blizzard took everyone's money and didn't give them an even-barely-functional game in return. At least Skyrim could actually be played at all on day one by everyone who bought it.

Wow. I didn't ever consider that.

It doesn't matter how good Blizzard is with security. There is RL money to be made from the auction house. People will hack. This isn't like a bank account, with a pin number, social security number, bank account number, birth date, authentication questions, and much more all acting as security. It's a username and password. And its darn difficult to prove what were legitimate trades and what were hacked trades. People will hack, and there's nothing Blizzard can do to stop it.

Honestly, I think at this point, they should remove the real money auction house feature, and offer a patch update so people can play offline.

EDIT: I don't think people will pay real life money on the auction house if they stand to lose it from hacking.
Also, when the auction house goes live, these items will have a value in RL currency. Does this mean there's a possibility to prosecute the hackers with robbery? Like stealing from somebody's house or something? Or have past cases shown that this isn't likely?

 Pages 1 2 3 4 5 6 7 NEXT

Reply to Thread

This thread is locked