My INACTIVE WoW account was hacked right before they did the account merging thing with BNet. I hadn't played in 3 years. It just so happens the same thing happened to thousands of players at that time. Sony has been hacked more times than anyone can count at this point.
Yeah, a lot of people don't have clean computers, don't use different passwords or have strong password complexity. But a lot of people do and a lot of companies suck at securing user information.
Yup.
In the end, it's going to happen. Over and over again. People will continue to say that the players that got hacked were morons with their accounts. Then someone that knows they are not a moron will get hacked and everyone will call him/her a moron.
A lot of people on Battle.net are going to be hacked or have their accounts stolen. And people are going to bravely defend Blizzard against all those lame people that don't know how to work the interwebz like a smart person.
Fortunately, it also likely means that "always online" recieves a black eye in the process.
You know the only person who has mentioned words like moron, lame or smart is you don't you? You seem to be your own worst enemy.
But you are right, it is like an ongoing boy who cried wolf sort of thing. But until we have proof that Blizzard got hacked then we will never know the truth of it. Like I said before, it could just have been some sort of internal error which would be a different issue altogether. Maybe no one has been on anyone elses account, we just don't know yet.
I don't suffer from insanity, I enjoy every minute of it.
Haters gonna hate and hackers are gonna hack......its the way of the web, virtually no system is hack proof, for two reason one its made and coded by man and two man is prone to error and someone will eventually find that error and find a way to exploit that error. It happens, just protect yourself the best you can is all you can do and hope you don't end up one of the random targets of an account hacker. Couple tips...
1. Don't open strange emails....(Anything that has your name in the subject or address is suspect, only exception are things you actually request.
2. Use an email account that is ONLY for that game and give it to no one else, that way you know if something that isn't game related its spam and you may need to rotate your passowrds.
3. Rotate passwords. Don't use the same username and pass for everything, the internet can be a creepy place and random people have made enemies who will defame you accross the web the best way to avoid that is to keep some measure of anonymity.
4. Don't be a pirate. We shouldn't pretend it doesn't exist and that people don't do it on a daily basis, don't download pirated software or products, that means everything from music to porn including games and books......you never know when an old file that you thought was harmless could have a program that allows them access to sensitive information.
5. COMMON SENSE! Don't be surfing sites like 4chan on the same PC you game on and expect it not to be hacked in some way, that like dangling your bloody toes in shark infested water expect them not to bite.
I am sure there are many other ways to avoid it but, these are just a few things
There are times when one must ask themselves is it my passion that truly frightens you? Or your own?
Haters gonna hate and hackers are gonna hack......its the way of the web, virtually no system is hack proof, for two reason one its made and coded by man and two man is prone to error and someone will eventually find that error and find a way to exploit that error. It happens, just protect yourself the best you can is all you can do and hope you don't end up one of the random targets of an account hacker. Couple tips...
1. Don't open strange emails....(Anything that has your name in the subject or address is suspect, only exception are things you actually request.
2. Use an email account that is ONLY for that game and give it to no one else, that way you know if something that isn't game related its spam and you may need to rotate your passowrds.
3. Rotate passwords. Don't use the same username and pass for everything, the internet can be a creepy place and random people have made enemies who will defame you accross the web the best way to avoid that is to keep some measure of anonymity.
4. Don't be a pirate. We shouldn't pretend it doesn't exist and that people don't do it on a daily basis, don't download pirated software or products, that means everything from music to porn including games and books......you never know when an old file that you thought was harmless could have a program that allows them access to sensitive information.
5. COMMON SENSE! Don't be surfing sites like 4chan on the same PC you game on and expect it not to be hacked in some way, that like dangling your bloody toes in shark infested water expect them not to bite.
I am sure there are many other ways to avoid it but, these are just a few things
Even besides the pirating shtiock watch if you stream. If it says you need to download something to watch whatever it is you're streaming stay the hell away from it. Plenty of other sites you can watch something without downloading anything. Seena few get burned on this one and end up with some nasty stuff on their pc.
...and don't click on those damn ads on sites like those. I can guarantee you there aren't five russian women in your area that want to meet you.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Have Blizzard commented on this stuff at all yet..?
If people are getting keylogged en masse or similar, then Blizz should really have put out a message for people to be more aware about this risk being high right now. It would probably make some people more careful.
Maybe they still arent sure whats causing this: if its a bug, hackers or hi-jacked accounts?
Haters gonna hate and hackers are gonna hack......its the way of the web, virtually no system is hack proof, for two reason one its made and coded by man and two man is prone to error and someone will eventually find that error and find a way to exploit that error. It happens, just protect yourself the best you can is all you can do and hope you don't end up one of the random targets of an account hacker. Couple tips...
1. Don't open strange emails....(Anything that has your name in the subject or address is suspect, only exception are things you actually request.
2. Use an email account that is ONLY for that game and give it to no one else, that way you know if something that isn't game related its spam and you may need to rotate your passowrds.
3. Rotate passwords. Don't use the same username and pass for everything, the internet can be a creepy place and random people have made enemies who will defame you accross the web the best way to avoid that is to keep some measure of anonymity.
4. Don't be a pirate. We shouldn't pretend it doesn't exist and that people don't do it on a daily basis, don't download pirated software or products, that means everything from music to porn including games and books......you never know when an old file that you thought was harmless could have a program that allows them access to sensitive information.
5. COMMON SENSE! Don't be surfing sites like 4chan on the same PC you game on and expect it not to be hacked in some way, that like dangling your bloody toes in shark infested water expect them not to bite.
I am sure there are many other ways to avoid it but, these are just a few things
Even besides the pirating shtiock watch if you stream. If it says you need to download something to watch whatever it is you're streaming stay the hell away from it. Plenty of other sites you can watch something without downloading anything. Seena few get burned on this one and end up with some nasty stuff on their pc.
...and don't click on those damn ads on sites like those. I can guarantee you there aren't five russian women in your area that want to meet you.
the red made me lol
There are times when one must ask themselves is it my passion that truly frightens you? Or your own?
I've yet to have any of my accounts for anything hacked/phished/stolen/keylogged etc etc. Then again I have my browser sessions in a sandbox on my home PC and I don't use stupid passwords for anything.
I know a few people who have had their stuff stolen and every single time it's been user error at some point or another. The most common one I've seen is a keylogger either on their own PC or a friends that they have used at some point.
Even besides the pirating shtiock watch if you stream. If it says you need to download something to watch whatever it is you're streaming stay the hell away from it. Plenty of other sites you can watch something without downloading anything. Seena few get burned on this one and end up with some nasty stuff on their pc.
...and don't click on those damn ads on sites like those. I can guarantee you there aren't five russian women in your area that want to meet you.
I agree. When I was hacked it was becasue of a streaming site. (Tv links, not sure if it is still going or not) Also be wary on streaming sights where you have to click multiple links through diferent pages to get to the video. Also, as an aside. About those ads, why are Russian women always after western men? What have we done to to them? They must be really pissed of with us.
I agree. When I was hacked it was becasue of a streaming site. (Tv links, not sure if it is still going or not) Also be wary on streaming sights where you have to click multiple links through diferent pages to get to the video. Also, as an aside. About those ads, why are Russian women always after western men? What have we done to to them? They must be really pissed of with us.
I seriously think a lot of people that are getting hacked are because of sites like these. I'm not gonna lie. I use them myself, but you have to be really careful.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
My INACTIVE WoW account was hacked right before they did the account merging thing with BNet. I hadn't played in 3 years. It just so happens the same thing happened to thousands of players at that time. Sony has been hacked more times than anyone can count at this point.
Yeah, a lot of people don't have clean computers, don't use different passwords or have strong password complexity. But a lot of people do and a lot of companies suck at securing user information.
QFT. Happened to my WoW account. I had been inactive for almost a year when my buddy texted me welcoming me back. I was like "What do you mean?" and he said I was on in SW. I called Blizz right away and it was resolved in no time.
Just because it was fixed promptly doesn't mean I gave them a pass on the incident. They sent me a nice email detailing the things I could do to avoid this such as PW changes and running malware to scan for keyloggers. lastly they said purchase an authenticator. Funny, when I asked how me doing any of those things (which I had changed PW and I have malware protection), was going to help when the account was inactive for 11 months. I got no response on this question. The authenticator should be added without the extra charge since it isn't always the persons fault that got hacked.
I agree. When I was hacked it was becasue of a streaming site. (Tv links, not sure if it is still going or not) Also be wary on streaming sights where you have to click multiple links through diferent pages to get to the video. Also, as an aside. About those ads, why are Russian women always after western men? What have we done to to them? They must be really pissed of with us.
I seriously think a lot of people that are getting hacked are because of sites like these. I'm not gonna lie. I use them myself, but you have to be really careful.
I don't use them, but my GF does when she's on my PC, still have never had an account hacked or anything like that, but man do I get pissed when I find her on them.
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
Don't understand why they don't also make an authentificator like I saw somewhere else, can't remember where. If someone tries to log from a different PC/IP, you have to enter a code that is sent to you by SMS. That is a thing people without smartphones could use also. Because of the popularity of their games blizz are targeted a lot more than other companies, so why not take extra precautions. Unfortunatly the physical authentificator doesn't get shipped to all countries where WoW is played.
Almost all hacked accounts for games are from hacked community sites, alot of people use the same username/password/e-mail there as in the game. Avoid doing that and it's very unlikely that you'll be hacked.
It's interesting to me that this is happening when there are free ways of dealing with it. Heck even the authenticators are cheap and free delivery. So why are people posting about this again? It's the users fault if they get hacked at this point due to the security that Blizz emplemented. It really is. I'm not a Blizz fan when it comes to the direction their company is going but i have to say they did the right thing when it comes to security for their players.
Blaming the clients right now may be completely wrong.
Right now the rumor is that there is a hole in Blizzards security. Without giving any details, the reports are that players with you in public games have enough info about your current login session to connect as you without the need of your username, pw or authenticator code. Doing so will disconnect you from the server while they try to hijack your stuff. Some have claimed they are being hit with a DDOS attack after the disconnect in order to prevent you from logging back in.
I wouldn't join any public games until they address this possible exploit.
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies! Only paid versions often check automatically, while free versions you need to run manually very regularly!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
It can be difficult to setup and get going for some people but it helps limit the list of possible ways people can get a hold of your details as it makes your browsing sessions a lot more secure. If you don't use the same password for anything else and keep your PC from being the source of the issue then I seriously doubt you will have any issues.
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
Cheers
Look up session hijacking. If Blizzard has a hole in their security the hacker wouldn't need to login. They just hijack your session from you and boot you from the server. At this point, given the descriptions people have given, it's best to wait for Blizzard to address this. They likely won't give details but the servers will have to go down in order to update the code.
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
Cheers
Look up session hijacking. If Blizzard has a hole in their security they wouldn't need to login. They just hijack your session from you and boot you from the server.
That is a whole different matter and would have nothing to do with Battle.net!
However it would be strange if Blizzard hasn't got this covered by their security messures! This is not easy to do!
Session hijacking often happens, when people use public computers like Internet cafes and are careless, by not clearing the browser cache before leaving and/or properly logging off, making sure their account info, etc isn't stored!
Session Hijacking via your home network is almost impossible, as they would need to know your IP address. Again they might get hold of this by hacking fansites that store IP addresses plain text in databases. But still most Providers have security messures in place to detect this.
But seriously tho... I have never heard about this happening in MMO's, especially not with people playing via their home network! Unless they have an open WiFi network with no password or even worse... have no firewall / NAT enabled on their internet router! You would seriously be suprised how many people don't know about this!
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
Cheers
Look up session hijacking. If Blizzard has a hole in their security the hacker wouldn't need to login. They just hijack your session from you and boot you from the server. At this point, given the descriptions people have given, it's best to wait for Blizzard to address this. They likely won't give details but the servers will have to go down in order to update the code.
Session Hijacking and Man in the Middle attacks can be very difficult to prevent depending on the situation.
If they are using either of those methods Blizzard should be able to resolve the issue but it would make me wonder how much money in this as this type of attack should be fairly successful against a lot of other targets as well.
My INACTIVE WoW account was hacked right before they did the account merging thing with BNet. I hadn't played in 3 years. It just so happens the same thing happened to thousands of players at that time. Sony has been hacked more times than anyone can count at this point.
Yeah, a lot of people don't have clean computers, don't use different passwords or have strong password complexity. But a lot of people do and a lot of companies suck at securing user information.
QFT. Happened to my WoW account. I had been inactive for almost a year when my buddy texted me welcoming me back. I was like "What do you mean?" and he said I was on in SW. I called Blizz right away and it was resolved in no time.
Just because it was fixed promptly doesn't mean I gave them a pass on the incident. They sent me a nice email detailing the things I could do to avoid this such as PW changes and running malware to scan for keyloggers. lastly they said purchase an authenticator. Funny, when I asked how me doing any of those things (which I had changed PW and I have malware protection), was going to help when the account was inactive for 11 months. I got no response on this question. The authenticator should be added without the extra charge since it isn't always the persons fault that got hacked.
Same thing happened to me, yes I believe it coresponded with the battle.net switch.
I hadn't played or been active in WoW for 6 months, when I recieved a ban for RMT. I LOL'd and forwarded the email and a screenshot of my inactive account to Blizz and explained that this was going on my list of reasons to not play thier games. In responce I got the same, "get an authenticator, blah blah". After thinking about it my paranoia led me to "believe" it was an attempt to sell me the authenticator and my acct had not been hacked and it was just Blizz.
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies! Only paid versions often check automatically, while free versions you need to run manually very regularly!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
Cheers
While this is in the most part true there are a few documented events of mmo companies databases being directly hacked and other examples of companies making cock-ups which look like hacking attempts.
It happened to Mythic before they were EA/Bioware for example. It's not widely known as DAoC wasn't a major subscriber game at the time but the EU community got a shock. This was the infamous Prydwen crash during which a significant amount of accounts and characters were stripped bare and/or were deleted, the exact reason for this was a bit vague and i forget the official reason but initially everyone cried "HACKED!" before GOA admitted a massive fubar on their part.
Expresso gave me a Hearthstone beta key.....I'm so happy
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
Cheers
Look up session hijacking. If Blizzard has a hole in their security they wouldn't need to login. They just hijack your session from you and boot you from the server.
That is a whole different matter and would have nothing to do with Battle.net!
However it would be strange if Blizzard hasn't got this covered by their security messures! This is not easy to do!
Session hijacking often happens, when people use public computers like Internet cafes and are careless, by not clearing the browser cache before leaving and/or properly logging off, making sure their account info, etc isn't stored!
Session Hijacking via your home network is almost impossible, as they would need to know your IP address. Again they might get hold of this by hacking fansites that store IP addresses plain text in databases. But still most Providers have security messures in place to detect this.
But seriously tho... I have never heard about this happening in MMO's, especially not with people playing via their home network! Unless they have an open WiFi network with no password or even worse... have no firewall / NAT enabled on their internet router! You would seriously be suprised how many people don't know about this!
I thought this was a thread about D3?
D3 is not an MMO, so if session hijacking is taking place, hearing about it happening in an MMO or not is irrelevant.
Personally, I am not surprised at all if it is happening.
A creative person is motivated by the desire to achieve, not the desire to beat others.
That is a whole different matter and would have nothing to do with Battle.net!
However it would be strange if Blizzard hasn't got this covered by their security messures! This is not easy to do!
Session hijacking often happens, when people use public computers like Internet cafes and are careless, by not clearing the browser cache before leaving and/or properly logging off, making sure their account info, etc isn't stored!
Session Hijacking via your home network is almost impossible, as they would need to know your IP address. Again they might get hold of this by hacking fansites that store IP addresses plain text in databases. But still most Providers have security messures in place to detect this.
But seriously tho... I have never heard about this happening in MMO's, especially not with people playing via their home network! Unless they have an open WiFi network with no password or even worse... have no firewall / NAT enabled on their internet router! You would seriously be suprised how many people don't know about this!
Session hijacking happened in Rift. You are confusing things. It's not just about websites and cookies or hijacking your machine. If it is a session hijack then it is 100% a battlenet and Blizzard issue.
My INACTIVE WoW account was hacked right before they did the account merging thing with BNet. I hadn't played in 3 years. It just so happens the same thing happened to thousands of players at that time. Sony has been hacked more times than anyone can count at this point.
Yeah, a lot of people don't have clean computers, don't use different passwords or have strong password complexity. But a lot of people do and a lot of companies suck at securing user information.
QFT. Happened to my WoW account. I had been inactive for almost a year when my buddy texted me welcoming me back. I was like "What do you mean?" and he said I was on in SW. I called Blizz right away and it was resolved in no time.
Just because it was fixed promptly doesn't mean I gave them a pass on the incident. They sent me a nice email detailing the things I could do to avoid this such as PW changes and running malware to scan for keyloggers. lastly they said purchase an authenticator. Funny, when I asked how me doing any of those things (which I had changed PW and I have malware protection), was going to help when the account was inactive for 11 months. I got no response on this question. The authenticator should be added without the extra charge since it isn't always the persons fault that got hacked.
Same thing happened to me, yes I believe it coresponded with the battle.net switch.
I hadn't played or been active in WoW for 6 months, when I recieved a ban for RMT. I LOL'd and forwarded the email and a screenshot of my inactive account to Blizz and explained that this was going on my list of reasons to not play thier games. In responce I got the same, "get an authenticator, blah blah". After thinking about it my paranoia led me to "believe" it was an attempt to sell me the authenticator and my acct had not been hacked and it was just Blizz.
The only difference with battle.net is that it uses your email address as login.
Getting someone's personal information, including email address is peanuts for them these days, due to people just plopping it in everywhere... fansites, social media like facebook, etc, etc.
So the only thing they hacker needs to obtain is your password!
Like I said before, tons of people use the same password EVERYWHERE! And/or use shitty passwords containing bits of your personal info, like birthdate and such.... too easy for hackers!
So again! Instead of immediately pointing the finger at Blizzard, have a look at yourself FIRST!
I have been playing online games for over 12 years now! Have accounts everywhere! I have NEVER had any of my accounts compromised!
My INACTIVE WoW account was hacked right before they did the account merging thing with BNet. I hadn't played in 3 years. It just so happens the same thing happened to thousands of players at that time. Sony has been hacked more times than anyone can count at this point.
Yeah, a lot of people don't have clean computers, don't use different passwords or have strong password complexity. But a lot of people do and a lot of companies suck at securing user information.
QFT. Happened to my WoW account. I had been inactive for almost a year when my buddy texted me welcoming me back. I was like "What do you mean?" and he said I was on in SW. I called Blizz right away and it was resolved in no time.
Just because it was fixed promptly doesn't mean I gave them a pass on the incident. They sent me a nice email detailing the things I could do to avoid this such as PW changes and running malware to scan for keyloggers. lastly they said purchase an authenticator. Funny, when I asked how me doing any of those things (which I had changed PW and I have malware protection), was going to help when the account was inactive for 11 months. I got no response on this question. The authenticator should be added without the extra charge since it isn't always the persons fault that got hacked.
Same thing happened to me, yes I believe it coresponded with the battle.net switch.
I hadn't played or been active in WoW for 6 months, when I recieved a ban for RMT. I LOL'd and forwarded the email and a screenshot of my inactive account to Blizz and explained that this was going on my list of reasons to not play thier games. In responce I got the same, "get an authenticator, blah blah". After thinking about it my paranoia led me to "believe" it was an attempt to sell me the authenticator and my acct had not been hacked and it was just Blizz.
The only difference with battle.net is that it uses your email address as login.
Getting someone's personal information, including email address is peanuts for them these days, due to people just plopping it in everywhere... fansites, social media like facebook, etc, etc.
So the only thing they hacker needs to obtain is your password!
Like I said before, tons of people use the same password EVERYWHERE! And/or use shitty passwords containing bits of your personal info, like birthdate and such.... too easy for hackers!
So again! Instead of immediately pointing the finger at Blizzard, have a look at yourself FIRST!
I have been playing online games for over 12 years now! Have accounts everywhere! I have NEVER had any of my accounts compromised!
you're lucky, that's it, obviously not every account is gonna be hacked but some of us that taken the same precautions as you have, have been hacked before.
and now what's being said on the forums as well as some sites, such as Massively.com, the authenicators are being bypassed entirely.
Comments
You know the only person who has mentioned words like moron, lame or smart is you don't you? You seem to be your own worst enemy.
But you are right, it is like an ongoing boy who cried wolf sort of thing. But until we have proof that Blizzard got hacked then we will never know the truth of it. Like I said before, it could just have been some sort of internal error which would be a different issue altogether. Maybe no one has been on anyone elses account, we just don't know yet.
Haters gonna hate and hackers are gonna hack......its the way of the web, virtually no system is hack proof, for two reason one its made and coded by man and two man is prone to error and someone will eventually find that error and find a way to exploit that error. It happens, just protect yourself the best you can is all you can do and hope you don't end up one of the random targets of an account hacker. Couple tips...
1. Don't open strange emails....(Anything that has your name in the subject or address is suspect, only exception are things you actually request.
2. Use an email account that is ONLY for that game and give it to no one else, that way you know if something that isn't game related its spam and you may need to rotate your passowrds.
3. Rotate passwords. Don't use the same username and pass for everything, the internet can be a creepy place and random people have made enemies who will defame you accross the web the best way to avoid that is to keep some measure of anonymity.
4. Don't be a pirate. We shouldn't pretend it doesn't exist and that people don't do it on a daily basis, don't download pirated software or products, that means everything from music to porn including games and books......you never know when an old file that you thought was harmless could have a program that allows them access to sensitive information.
5. COMMON SENSE! Don't be surfing sites like 4chan on the same PC you game on and expect it not to be hacked in some way, that like dangling your bloody toes in shark infested water expect them not to bite.
I am sure there are many other ways to avoid it but, these are just a few things
There are times when one must ask themselves is it my passion that truly frightens you? Or your own?
Even besides the pirating shtiock watch if you stream. If it says you need to download something to watch whatever it is you're streaming stay the hell away from it. Plenty of other sites you can watch something without downloading anything. Seena few get burned on this one and end up with some nasty stuff on their pc.
...and don't click on those damn ads on sites like those. I can guarantee you there aren't five russian women in your area that want to meet you.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Have Blizzard commented on this stuff at all yet..?
If people are getting keylogged en masse or similar, then Blizz should really have put out a message for people to be more aware about this risk being high right now. It would probably make some people more careful.
Maybe they still arent sure whats causing this: if its a bug, hackers or hi-jacked accounts?
the red made me lol
There are times when one must ask themselves is it my passion that truly frightens you? Or your own?
I've yet to have any of my accounts for anything hacked/phished/stolen/keylogged etc etc. Then again I have my browser sessions in a sandbox on my home PC and I don't use stupid passwords for anything.
I know a few people who have had their stuff stolen and every single time it's been user error at some point or another. The most common one I've seen is a keylogger either on their own PC or a friends that they have used at some point.
I agree. When I was hacked it was becasue of a streaming site. (Tv links, not sure if it is still going or not) Also be wary on streaming sights where you have to click multiple links through diferent pages to get to the video. Also, as an aside. About those ads, why are Russian women always after western men? What have we done to to them? They must be really pissed of with us.
I seriously think a lot of people that are getting hacked are because of sites like these. I'm not gonna lie. I use them myself, but you have to be really careful.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
QFT. Happened to my WoW account. I had been inactive for almost a year when my buddy texted me welcoming me back. I was like "What do you mean?" and he said I was on in SW. I called Blizz right away and it was resolved in no time.
Just because it was fixed promptly doesn't mean I gave them a pass on the incident. They sent me a nice email detailing the things I could do to avoid this such as PW changes and running malware to scan for keyloggers. lastly they said purchase an authenticator. Funny, when I asked how me doing any of those things (which I had changed PW and I have malware protection), was going to help when the account was inactive for 11 months. I got no response on this question. The authenticator should be added without the extra charge since it isn't always the persons fault that got hacked.
RIP Jimmy "The Rev" Sullivan and Paul Gray.
I don't use them, but my GF does when she's on my PC, still have never had an account hacked or anything like that, but man do I get pissed when I find her on them.
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
lol this is the only reason I haven't quit following MMORPGs or whatever tbh.
It's the industry that just keeps on giving.
Don't understand why they don't also make an authentificator like I saw somewhere else, can't remember where. If someone tries to log from a different PC/IP, you have to enter a code that is sent to you by SMS. That is a thing people without smartphones could use also. Because of the popularity of their games blizz are targeted a lot more than other companies, so why not take extra precautions. Unfortunatly the physical authentificator doesn't get shipped to all countries where WoW is played.
Almost all hacked accounts for games are from hacked community sites, alot of people use the same username/password/e-mail there as in the game. Avoid doing that and it's very unlikely that you'll be hacked.
Blaming the clients right now may be completely wrong.
Right now the rumor is that there is a hole in Blizzards security. Without giving any details, the reports are that players with you in public games have enough info about your current login session to connect as you without the need of your username, pw or authenticator code. Doing so will disconnect you from the server while they try to hijack your stuff. Some have claimed they are being hit with a DDOS attack after the disconnect in order to prevent you from logging back in.
I wouldn't join any public games until they address this possible exploit.
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies! Only paid versions often check automatically, while free versions you need to run manually very regularly!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
Cheers
I use this software for all my browser stuff and some other things I do on my PC.
http://www.sandboxie.com/
It can be difficult to setup and get going for some people but it helps limit the list of possible ways people can get a hold of your details as it makes your browsing sessions a lot more secure. If you don't use the same password for anything else and keep your PC from being the source of the issue then I seriously doubt you will have any issues.
Look up session hijacking. If Blizzard has a hole in their security the hacker wouldn't need to login. They just hijack your session from you and boot you from the server. At this point, given the descriptions people have given, it's best to wait for Blizzard to address this. They likely won't give details but the servers will have to go down in order to update the code.
That is a whole different matter and would have nothing to do with Battle.net!
However it would be strange if Blizzard hasn't got this covered by their security messures! This is not easy to do!
Session hijacking often happens, when people use public computers like Internet cafes and are careless, by not clearing the browser cache before leaving and/or properly logging off, making sure their account info, etc isn't stored!
Session Hijacking via your home network is almost impossible, as they would need to know your IP address. Again they might get hold of this by hacking fansites that store IP addresses plain text in databases. But still most Providers have security messures in place to detect this.
But seriously tho... I have never heard about this happening in MMO's, especially not with people playing via their home network! Unless they have an open WiFi network with no password or even worse... have no firewall / NAT enabled on their internet router! You would seriously be suprised how many people don't know about this!
Session Hijacking and Man in the Middle attacks can be very difficult to prevent depending on the situation.
If they are using either of those methods Blizzard should be able to resolve the issue but it would make me wonder how much money in this as this type of attack should be fairly successful against a lot of other targets as well.
Same thing happened to me, yes I believe it coresponded with the battle.net switch.
I hadn't played or been active in WoW for 6 months, when I recieved a ban for RMT. I LOL'd and forwarded the email and a screenshot of my inactive account to Blizz and explained that this was going on my list of reasons to not play thier games. In responce I got the same, "get an authenticator, blah blah". After thinking about it my paranoia led me to "believe" it was an attempt to sell me the authenticator and my acct had not been hacked and it was just Blizz.
While this is in the most part true there are a few documented events of mmo companies databases being directly hacked and other examples of companies making cock-ups which look like hacking attempts.
It happened to Mythic before they were EA/Bioware for example. It's not widely known as DAoC wasn't a major subscriber game at the time but the EU community got a shock. This was the infamous Prydwen crash during which a significant amount of accounts and characters were stripped bare and/or were deleted, the exact reason for this was a bit vague and i forget the official reason but initially everyone cried "HACKED!" before GOA admitted a massive fubar on their part.
Expresso gave me a Hearthstone beta key.....I'm so happy
I thought this was a thread about D3?
D3 is not an MMO, so if session hijacking is taking place, hearing about it happening in an MMO or not is irrelevant.
Personally, I am not surprised at all if it is happening.
A creative person is motivated by the desire to achieve, not the desire to beat others.
Session hijacking happened in Rift. You are confusing things. It's not just about websites and cookies or hijacking your machine. If it is a session hijack then it is 100% a battlenet and Blizzard issue.
The only difference with battle.net is that it uses your email address as login.
Getting someone's personal information, including email address is peanuts for them these days, due to people just plopping it in everywhere... fansites, social media like facebook, etc, etc.
So the only thing they hacker needs to obtain is your password!
Like I said before, tons of people use the same password EVERYWHERE! And/or use shitty passwords containing bits of your personal info, like birthdate and such.... too easy for hackers!
So again! Instead of immediately pointing the finger at Blizzard, have a look at yourself FIRST!
I have been playing online games for over 12 years now! Have accounts everywhere! I have NEVER had any of my accounts compromised!
you're lucky, that's it, obviously not every account is gonna be hacked but some of us that taken the same precautions as you have, have been hacked before.
and now what's being said on the forums as well as some sites, such as Massively.com, the authenicators are being bypassed entirely.
so this is now all on Blizzard