Not gonna lie this massive i mean massive fuck up... has really made me change my opinion of blizzard im not even shitting you : / usually i feel people getting hacked is down to their own clumsyness but this is beyond retarded.
"Let me explain this in layman's terms. Blizzard didn't put in a basic security measure that stops people from simply typing in random numbers and letters until they get your password. Something simple, bruteforce hacking can accomplish. Something they did with World of Warcraft. And, most importantly, something they *didn't* do with a game that's going to have a Real Money Auction House."
Smertnik: So how exactly does one get "hacked"? I genuinely want to know.
Or is it just another word for "fell for phishing scam/got a keylogger/had a crappy pw"?
Does the greatness of the password somehow determine whether it was hacked or not? I don't think so. Somebody how was not the owner, somehow got got passed the password without permission ... isn't that a definition of hacking?
Whether the password was "password" or a long word that was a mix of 4 different languages and every other letter was a special character doesn't matter.
Fell for phishing, only true morons fall for them scams. Even if I think it's an honest e mail I always open up a new tab and go to the site, I NEVER click a link in an email.
Key logger, I doubt many people go searching for people to log them. Like there is a site set up, so you can have people key log you ...
WoW Killer: If this was a simple case of bad password, scam or keylog, then with battle.net using the same credentials for all games we would be seeing simultaneous hacks in WoW, would we not? I've not heard of a big increase in WoW accounts being hacked. This is on a different scale.
Diablo 3 just launched, which means it went from 0 to 10. WoW, which has been around for quite some time, was already at 10. When you're at 10, and you stay at 10, it's not reported as a 'marked increase' - but when you go from 0 to 10, it is.
So, yeah. Perspective is key.
Edit: The thing to consider is also this: If these people who are being hacked have been hacked previously on WoW, then it's really a no brainer to see how they got hacked. The same way they did last time.
WoW Killer: If this was a simple case of bad password, scam or keylog, then with battle.net using the same credentials for all games we would be seeing simultaneous hacks in WoW, would we not? I've not heard of a big increase in WoW accounts being hacked. This is on a different scale.
Diablo 3 just launched, which means it went from 0 to 10. WoW, which has been around for quite some time, was already at 10. When you're at 10, and you stay at 10, it's not reported as a 'marked increase' - but when you go from 0 to 10, it is.
So, yeah. Perspective is key.
Edit: The thing to consider is also this: If these people who are being hacked have been hacked previously on WoW, then it's really a no brainer to see how they got hacked. The same way they did last time.
Actually in this instance they got the emails from as far as i can tell the forums, check my post for more details but...
1:email obtain from forums.
2:no authenticator on hacked accounts
3:passwords are not case sensitive (may only be for diablo 3 launcher).
4:you can dictionary attack diablo 3 usernames, e.g. spam password guesses and never get locked out(may only be for diablo 3 launcher).
Normally i would be in full agreement with you guys, generally only muppets end up getting hacked. But in this instance loads of people are getting hacked a guy in work has been hacked last night and he's a right techy bugger.
I'm not trying to say whether or not people who are being hacked were taking precautions, my thing is - Yes, it's bad, but the rate of hacking is being blown out of perspective. "This is on a different scale" - It's not. It's the same scale, momentum just carried over from the years of hacking on WoW to the week or so Diablo 3 has been out.
Sethran: I'm not trying to say whether or not people who are being hacked were taking precautions, my thing is - Yes, it's bad, but the rate of hacking is being blown out of perspective. "This is on a different scale" - It's not. It's the same scale, momentum just carried over from the years of hacking on WoW to the week or so Diablo 3 has been out.
This is the thing though, wow has better security than diablo 3 even though in theory they are using the same platform which is alot of a joke :(
ElectroJosh: Yep, just happened to me. Logged on today all my items, gold and stash gone. Never played a public game, never even signed up any friends. How anyone knew my details I will never know.
I apologize if this has been quoted already, but you kinda shoot yourself in the foot here. You state that nobody playing singleplayer would get hacked if there weren't always on DRM, then state that this hack only works with other people in the game. If people played singleplayer only they couldn't get hacked, which means the DRM has no bearing on this whatsoever. DRM is not at fault.
The hackers should be the only ones under fire here. Not Blizzard, certainly not the customers. Anyone saying the customer is at fault will also agree that intruders in one's home have a right to sue if they get injured by the inhabitants. Anyone saying Blizzard is at fault will also agree that intruders in one's home have a right to sue the government if they get injured by the inhabitants. Clearly this is a silly notion, yet that is a decent representation for the situation at hand.
Firstly I played single-player only and still got hacked. Your analogy sounds good except for these issues:
1) Blizzard instituted the "always online" policy - even for single player. 2) They also created the RMAH.
In other words they provided both the environment and the incentive for this hacking to occur. If there was no need to login to Battlenet for single-player? No way my account could have been hacked.
If there was no RMAH? Probably still some blackmarket item selling ring - but not nearly as extensive.
I agree that that hackers should be under fire as well (being the ones who, you know, hacked the accounts). Thats why I blame thieves for theft. But bear in mind that what blizzard have done is similar to a government insisting that houses are no longer permitted to have door locks (so various govt. inspectors can check up on the citizens from time to time; to help them if they have have problems obviously) and then acting surprised that this increases the amount of theives walking into houses and stealing the owner's possessions.
Le
It would actually be more like the government requires use of its own set of locks for all homes, locks which notify the government whenever anybody comes or goes. The locks exist, but the way around the locks is all contained within some database somewhere, or by just watching people open their lock.
I think the accounts would be hacked with or without the RMAH. This is nothing new, just people trying to get a game for free in a far more malicious way than pirating (instead of the company being out a small amount of profit, the user loses their game and the company keeps the cash). Which is why I blame the hackers completely. There is very little chance of any company achieving perfect security, and the small number of hacks leaves me believing that Blizzard has done about as well as they could with it.
Not saying the RMAH hasn't exacerbated the issue some, just that hackers would hack anyways. Sad outlook, yes, but true.
Elcarsh: First, I call bullshit on that accounts have actually been "hacked". It's a very dramatic term to use, but most, if not all, of the people claiming to have been hacked have simply either fallen for a phishing scam, which means they are clueless morons, or are using something akin to "Password" as their password, which incidentally also means they're clueless morons. In both cases, I regard losing their account as little more than an idiocy tax.
Second, I call bullshit on that this has anything whatsoever to do with the RMAH. Is there any evidence of this? Of course not. Hell, we're talking about a battle.net account that's shared between several different games, who's to say they didn't expose their account to fraud in another game and this has nothing to do with Diablo III in the first place?
Third, I call bullshit on anyone actually losing their account in spite of having an authenticator. They'd have to screw up pretty badly themselves for that to happen, and even then it doesn't even have to involve Blizzard.
This post makes me furious, as I needed to actually register so I can post on here and correct what you are saying.
It is not bullshit that these accounts could possibly have been hacked. Yes, "hacked," is a term that calls for serious action and problems. But pay no attention to what this one's opinion is, because I am a person too that is a victim.
Just like many gamers, I have been playing these games for ages. I have played much of diablo 2, starcraft, warcraft, and other mmos. It is a problem of course for many of these games that have acquired the ability to use a 3rd party program for hacking or exploit (such as maphacking) on these games. I have been hacked before on diablo 2, but the difference here in d2 and d3 is that, I knew I was getting hacked in diablo 2. They had programs which make your mouse click everywhere on your screen and drop your items. Yes I am to be blamed on this one occasion. I left the game and part of my items were still secure.
On diablo 3 however; this is also a new game. I have played it since the release date. However, from transitioning from last night sleeping until today, I woke up and opened my account.. and my lvl 40 barb gear and stash/gold has all been taken without notice. I do not actually know if this is a hacking of some sort or a bug within the game which has caused me to lose my items. I have ticketed battle.net and posted screenshots of my character and how much gold I have accumulated to show that none of this makes sense at all. Suddenly I lose everything, and I have to start over again? Don't get me wrong, its not the end of the world, but its really piss off to just start over again.
I'm sure if something was taken from you, you would want it back. No? Or am I getting this wrong. Don't make false judgements please or opinions on your own just because you have never experienced this. I too, felt that way as well, until this happened to me. It's just not tolerable.
i don't care how they hack or for what reason, all i want is my game back!
I got hacked while i was playing and was beat by the hacker at changing my password. :( Getting my account back was easy, but bliz suspended my account for suspicious activity so i gotta wait 24-48 hours to get the suspension lifted.
While I still heavily criticize the always-online DRM. It's pointless, and only serves to annoy the legitimate customers. I have doubts that authenticator protected accounts are being compromised.
As the report here states none of those claims have been confirmed. Frankly, if they haven't been confirmed yet, then they didn't happen.
MysticToast: Good to know my authenticator will do little to no good...
I doubt this is factual. Authenticator fobs operate with proprietary algorithms and timestamps, it's literally a miniaturization of the kind of technology they used to secure nuclear launch codes in submarines. To hack it somebody would have to literally hold the key or defeat the security measures on Blizzard's validation server, which is a serious fucking crime and punishable by huge fines and prison time. Hardly worth a couple hundred bucks.
MysticToast: Good to know my authenticator will do little to no good...
I doubt this is factual. Authenticator fobs operate with proprietary algorithms and timestamps, it's literally a miniaturization of the kind of technology they used to secure nuclear launch codes in submarines. To hack it somebody would have to literally hold the key or defeat the security measures on Blizzard's validation server, which is a serious fucking crime and punishable by huge fines and prison time. Hardly worth a couple hundred bucks.
Well I figured as much when I got mine, but this article made it seem like accounts with authenticators were getting hacked as well.
EDIT: But I've also heard these reports of hackings were all exaggerated so.....
MysticToast: Good to know my authenticator will do little to no good...
I doubt this is factual. Authenticator fobs operate with proprietary algorithms and timestamps, it's literally a miniaturization of the kind of technology they used to secure nuclear launch codes in submarines. To hack it somebody would have to literally hold the key or defeat the security measures on Blizzard's validation server, which is a serious fucking crime and punishable by huge fines and prison time. Hardly worth a couple hundred bucks.
Well I figured as much when I got mine, but this article made it seem like accounts with authenticators were getting hacked as well.
EDIT: But I've also heard these reports of hackings were all exaggerated so.....
I can assure you 100% that I was hacked or whatever it is they're doing and I'm not exaggerating. They didn't change my password but I lost all my items & gold on my main character. The virtual items don't mean a thing to me, especially since I've already asked for a refund...It's the fact that Blizzards security is compromised and all they are doing is telling people it's their fault. It's good to hear that other people are getting hacked so I'm not alone and maybe Blizzard will fix their broken game.
I doubt this is factual. Authenticator fobs operate with proprietary algorithms and timestamps, it's literally a miniaturization of the kind of technology they used to secure nuclear launch codes in submarines. To hack it somebody would have to literally hold the key or defeat the security measures on Blizzard's validation server, which is a serious fucking crime and punishable by huge fines and prison time. Hardly worth a couple hundred bucks.
Well I figured as much when I got mine, but this article made it seem like accounts with authenticators were getting hacked as well.
EDIT: But I've also heard these reports of hackings were all exaggerated so.....
I can assure you 100% that I was hacked or whatever it is they're doing and I'm not exaggerating. They didn't change my password but I lost all my items & gold on my main character. The virtual items don't mean a thing to me, especially since I've already asked for a refund...It's the fact that Blizzards security is compromised and all they are doing is telling people it's their fault. It's good to hear that other people are getting hacked so I'm not alone and maybe Blizzard will fix their broken game.
I said they were exaggerated, not that hackings haven't happened.
Also, when did Blizzard tell people it's their fault for getting hacked?
Lol at the game-boyz.com link. Whoever wrote that is an idiot. Preventing a IP from logging in after X amount of attempts does nothing to improve security. No one is trying to brute force battle.net accounts. Simply isnt worth their time. Phishing scams and man in the middle attacks are much more likely, simpler to implement and most important off all, pay off in a reasonable amount of time.
Regarding the lack of https when browsing and posting on the battle.net forums. Grow up, you are posting to a public forum. What you are about to write will be public once the request is complete anyway so what does it matter? All the login pages are https so unless extraordinary circumstances occur, IE your roommate wants to try and replicate the SSL MITM (http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html is a good intro) attack, you are probably safe.
Blizzard will be requiring all battle.net accounts that wish to partake in the RMAH to have authenticators attached to them, either a physical one or the app. So people getting hacked for their RMAH monies will almost never happen.
Bottom line is get an authenticator. The app is free and the 6 dollars for a physical one is more then fair, especially since blizzard sells them at no profit. My bank had the balls to charge me 35 euros for a authenticator, which is insane since it protects them not me. My money is insured, they are the ones that lose if my account is compromised. Not relevant but I feel it puts things into perspective.
Regarding all the stories flying around about people getting hacked with authenticators. Thats total bullshit. If someone had the ability to defeat external device authentication systems they would be going after something more lucrative then battle.net accounts. Whats more likely is that the people that make money off hacking accounts are simply using the spotlight generated by the recent reports to try to make it appear as if authenticators dont work so people dont use them. I think it is very telling of "game journalism" to repeat things that are easy to verify as false.
Sorry for the bad structure but its late and I am getting annoyed by this issue.
TL;DR Authenticators work. People getting hacked had their accounts compromised by either falling victim to a phishing scam or running a program that wasnt safe without having a autenticator attached to their account.
OUTgunned: Lol at the game-boyz.com link. Whoever wrote that is an idiot. Preventing a IP from logging in after X amount of attempts does nothing to improve security. No one is trying to brute force battle.net accounts. Simply isnt worth their time. Phishing scams and man in the middle attacks are much more likely, simpler to implement and most important off all, pay off in a reasonable amount of time.
Regarding the lack of https when browsing and posting on the battle.net forums. Grow up, you are posting to a public forum. What you are about to write will be public once the request is complete anyway so what does it matter? All the login pages are https so unless extraordinary circumstances occur, IE your roommate wants to try and replicate the SSL MITM (http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html is a good intro) attack, you are probably safe.
Blizzard will be requiring all battle.net accounts that wish to partake in the RMAH to have authenticators attached to them, either a physical one or the app. So people getting hacked for their RMAH monies will almost never happen.
Bottom line is get an authenticator. The app is free and the 6 dollars for a physical one is more then fair, especially since blizzard sells them at no profit. My bank had the balls to charge me 35 euros for a authenticator, which is insane since it protects them not me. My money is insured, they are the ones that lose if my account is compromised. Not relevant but I feel it puts things into perspective.
Regarding all the stories flying around about people getting hacked with authenticators. Thats total bullshit. If someone had the ability to defeat external device authentication systems they would be going after something more lucrative then battle.net accounts. Whats more likely is that the people that make money off hacking accounts are simply using the spotlight generated by the recent reports to try to make it appear as if authenticators dont work so people dont use them. I think it is very telling of "game journalism" to repeat things that are easy to verify as false.
Sorry for the bad structure but its late and I am getting annoyed by this issue.
TL;DR Authenticators work. People getting hacked had their accounts compromised by either falling victim to a phishing scam or running a program that wasnt safe without having a autenticator attached to their account.
And here we have a shining example, so to say a proto-Blizzard fanboy, defending their cause with all that he can, all the while discounting any claims by Journalists (like the one in the first post that said she was using an Authenticator) as well as users as crazy talk and shrugging off any and all security concerns till they will come to bite him in the ass.
OUTgunned: Lol at the game-boyz.com link. Whoever wrote that is an idiot. Preventing a IP from logging in after X amount of attempts does nothing to improve security. No one is trying to brute force battle.net accounts. Simply isnt worth their time. Phishing scams and man in the middle attacks are much more likely, simpler to implement and most important off all, pay off in a reasonable amount of time.
Regarding the lack of https when browsing and posting on the battle.net forums. Grow up, you are posting to a public forum. What you are about to write will be public once the request is complete anyway so what does it matter? All the login pages are https so unless extraordinary circumstances occur, IE your roommate wants to try and replicate the SSL MITM (http://www.schneier.com/blog/archives/2010/04/man-in-the-midd_2.html is a good intro) attack, you are probably safe.
Blizzard will be requiring all battle.net accounts that wish to partake in the RMAH to have authenticators attached to them, either a physical one or the app. So people getting hacked for their RMAH monies will almost never happen.
Bottom line is get an authenticator. The app is free and the 6 dollars for a physical one is more then fair, especially since blizzard sells them at no profit. My bank had the balls to charge me 35 euros for a authenticator, which is insane since it protects them not me. My money is insured, they are the ones that lose if my account is compromised. Not relevant but I feel it puts things into perspective.
Regarding all the stories flying around about people getting hacked with authenticators. Thats total bullshit. If someone had the ability to defeat external device authentication systems they would be going after something more lucrative then battle.net accounts. Whats more likely is that the people that make money off hacking accounts are simply using the spotlight generated by the recent reports to try to make it appear as if authenticators dont work so people dont use them. I think it is very telling of "game journalism" to repeat things that are easy to verify as false.
Sorry for the bad structure but its late and I am getting annoyed by this issue.
TL;DR Authenticators work. People getting hacked had their accounts compromised by either falling victim to a phishing scam or running a program that wasnt safe without having a autenticator attached to their account.
And here we have a shining example, so to say a proto-Blizzard fanboy, defending their cause with all that he can, all the while discounting any claims by Journalists (like the one in the first post that said she was using an Authenticator) as well as users as crazy talk and shrugging off any and all security concerns till they will come to bite him in the ass.
The authenticators themselves are a valid method, though. They use the same technology for access to high level areas of military bases. If your account got hacked and you had an authenticator, then you royally screwed something up. Note that I said account, as I have heard of a method where they got in to your characters without your account, but I don't care enough to read up on it. I just know that if the authenticators were faulty, WoW would have found out by now. There is far more money to be made there than in D3.
Sean951: The authenticators themselves are a valid method, though. They use the same technology for access to high level areas of military bases. If your account got hacked and you had an authenticator, then you royally screwed something up. Note that I said account, as I have heard of a method where they got in to your characters without your account, but I don't care enough to read up on it. I just know that if the authenticators were faulty, WoW would have found out by now. There is far more money to be made there than in D3.
Yeah, security tokens are usually pretty safe, since there is no way of knowing the hardwareside secret key of any one device.
The only better method (also a lot more used for high security stuff) are hardware/USB tokens, where you have to physically input a device, usually via USB to check against key.
That doesn't mean that Blizzard DIDN'T royally screw up in some way though, and let's be honest... if they were that serious about "Account security" they would have included a hardware authenticator in every new copy of the game, they literally cost cents to produce nowadays and the game already costs 60$/60€ (75$).
"Because Blizzard says so" isn't a valid reason to discount what everyone else (including a lot of users and journalists) say or experience and even less for victim blaming them because Blizzard screwed up their security precautions.
Nor does it exonerate them from creating this toxic environment in the first place. I can only reiterate again, NOONE would or could be hacked playing Single Player and without the promise of a Real Money Auction House (and a lot more potential revenue and "customers" than previously, after all Blizzard is doing nothing short of legitimizing their business practice, potentially making the practice "mainstream" and causing a lot more acceptance with people which could even swap over to other games "I can buy items in Diablo 3, why not in X?") with only a certain part of people using 3rd party vendors and it being expressively forbidden and prone to scams there would be considerably less incentive and push by hackers and gold farmers. Basically, don't defend Blizzard, they don't deserve it in any way or form as they are mostly responsible for what is happening and had this literally coming.
If I was a hacker and I hacked a guys wow account, Id probably give typing the password into Diablo a go. Since your Wow account and your Diablo account are usually the same.
Fieldy409: If I was a hacker and I hacked a guys wow account, Id probably give typing the password into Diablo a go. Since your Wow account and your Diablo account are usually the same.
They are the same broham, you authenticate with your battlenet log in ;) same for sc2 as well.
Heh. It just came to me that the whole situation wouldn't have got so much out of hand, if Blizzard had simply skipped the whole auction house and instead sold all their virtual gear directly.
Who cares whether their money goes to some account hacker or another unknown player, instead of Blizzard? Same worthless virtual sword. Same dollars burned. Actually this alternative would potentially make all the virtual stuff cheaper, since Blizzard can copy their crap in infinite supplies. Block all other trade.
Blizzard win: 100% profit everytime, instead of a mere cut. Players win: fewer account hacks. Stupid players win: cheaper gear.
Erugh they do this with wow and there is no AH at all, it's the battle.net accounts that are getting hacked if they get on there and oh look wow and d3 probably gonna go for d3 as it's new and far easier to make cash of it or just d3 take the stuff anyway
Adam Jensen: I don't feel bad for people who's accounts have been hacked. That's their punishment for supporting always-on DRM. I hope it gets worse. I hope it spreads like wildfire and causes massive panic among Diablo 3 community, and I hope it never gets fixed. Perhaps that's what it takes for Blizzard to patch in an offline mode.
So because they like something that you don't they deserve to have their money stolen?
Thats just so gobsmackingly selfish, the worst statement i have come across in months, and in these months i watched this.
Adam Jensen: I don't feel bad for people who's accounts have been hacked. That's their punishment for supporting always-on DRM. I hope it gets worse. I hope it spreads like wildfire and causes massive panic among Diablo 3 community, and I hope it never gets fixed. Perhaps that's what it takes for Blizzard to patch in an offline mode.
Although I do feel bad for these people. Some waited years for this game and hate the DRM as much as anyone, I kinda have to agree with this. They didn't ask for this, (I swear to God that connection is unintentional) they just want to play a game. But at the same time if this is what it takes to get rid of DRM then so be it.
So because its somebody else thats losing out and not you, its fine because it helps your little boowoo that you don't like being connected to the internet.
So because its somebody else thats losing out and not you, its fine because it helps your little boowoo that you don't like being connected to the internet.
Grow up.
"I don't like having to do X" =/= "I don't like doing X"
I had hoped your average human being would be able to tell the difference.
Dendio: On top of all this the gold auction house is broken. People are reporting losing hundreds of thousands of gold and items through the AH.
Yeah I've had a few bugs with it. You can try to buy out an item and get an error message, but your gold still disappears. If you search for the same item again it'll show up as sold, as if someone else had bought it. When then happened to me is my gold reappeared in my completed items box a minute later. When then happened was that a day later the original item appeared in my box, and I've no idea whether I was charged for it or not.
The usual story I'm hearing is that people get this error message, think the item has been bought up by someone else, and then go to buy a similar item as a replacement. Soon enough they realise they've bought both (and appear to have been charged for both). I've only ever bought super cheap items, so it's hard to keep track of what I've been charged for. Now imagine these sorts of cock ups with real money involved ;)
MysticToast: Well I figured as much when I got mine, but this article made it seem like accounts with authenticators were getting hacked as well.
EDIT: But I've also heard these reports of hackings were all exaggerated so.....
There was actually a blue post that suggested a small number of accounts had been compromised while having authenticators (it wasn't clear whether he was talking just D3 accounts, or all Battle.net accounts including WoW). The blue also said the same accounts had scary amounts of malware on their systems, so take from that what you will.
So because its somebody else thats losing out and not you, its fine because it helps your little boowoo that you don't like being connected to the internet.
Grow up.
"I don't like having to do X" =/= "I don't like doing X"
I had hoped your average human being would be able to tell the difference.
That doesn't make your little complaint anymore valid, and it certainly doesn't give you the right to sacrifice others in the name of your pointless cause.
Constant connection is the endgoal here, its going to happen across the board, no matter how many people have their little paddies over it.
So because its somebody else thats losing out and not you, its fine because it helps your little boowoo that you don't like being connected to the internet.
Grow up.
"I don't like having to do X" =/= "I don't like doing X"
I had hoped your average human being would be able to tell the difference.
That doesn't make your little complaint anymore valid, and it certainly doesn't give you the right to sacrifice others in the name of your pointless cause.
Constant connection is the endgoal here, its going to happen across the board, no matter how many people have their little paddies over it.
My little complaint? My pointless cause? I didn't even buy the game, really, so I'm spared the always-online nonsense to begin with.
But, really, regardless of that, I'm not one of the people who just lie back and think of England when they're being screwed.
H-H-H-HOLY SHIT.
Not gonna lie this massive i mean massive fuck up... has really made me change my opinion of blizzard im not even shitting you : / usually i feel people getting hacked is down to their own clumsyness but this is beyond retarded.
"Let me explain this in layman's terms. Blizzard didn't put in a basic security measure that stops people from simply typing in random numbers and letters until they get your password. Something simple, bruteforce hacking can accomplish. Something they did with World of Warcraft. And, most importantly, something they *didn't* do with a game that's going to have a Real Money Auction House."
-Quoted from:http://www.game-boyz.com/content/node/18678