Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Account logged in at another location
I had removed my authenticator since I was confident my PC was clean - this is the only even slightly diablo related website I visit on my computer, everything else is on my phone. I only use firefox with noscript, have not downloaded anything other than the latest nvidia drivers, and visited no odd websites.
However, right after I logged in just a few minutes ago, someone else logged into my account, kicking me off. I quickly went to battle net and reattached my authenticator, while it turned out they were on battle net changing my password. Fortunately the email notifying me of the password change had a link to recover my account in it and reset the password. Also fortunately all of the email to that address is sent to a different email address, so I did not have to worry about the email being compromised.
Point of this?
Watch out, keep your authenticator attached, and I am not feeling too confident in blizzard's account security.
Comments
Point of this: Use an authenticator. If you have one and turn it off you are asking for trouble.
Usually when someone gets hacked it is because a "friend" acquired their login info, they use the same name / password on multiple sites, or they got fished.
I do not believe anyone bypassed Blizzard's security to gain access to your account.
You should contact Blizzard's support to get your account back. Now that you know your computer's been compromised it's also a good idea to do a complete format. Antivirus software rarely find all the crap. Make sure you upgrade all your software fully after reinstalling them so there's as few security holes as possible for them to exploit again.
And definitely consider getting an authenticator. There's nothing worse than the paranoia of knowing people can gain access to your computer regardless of the precautions you take. But the gold sellers will go directly for your WoW/Diablo 3, so those are the ones you really need to protect. And the authenticator does that job real good.
Mind boggling.
Btw, there are other things that are possible besides "I got a virus" or "Blizzard got hacked" that could expose your password or compromise your account.
I would name them but I spent far too much time doing that in the 200+ security thread that already exists.
And seriously, no offense, but you shouldn't be judging anyone else's security practices when your own are so obviously terrible.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
I have never shared my account info. My gaming friends I play with on diablo have their own accounts and I have not met them. My real life friends are people that do not play pc games like this to hopefully balance me out into some semblance of normalcy.
I not only did not get any odd emails, I rarely read my emails. I have found that the email titles tell me everything I need to know 99% of the time.
I have used that password on another site. Ages ago. Waaaay long ago. It would have taken some incredible guessing, and absolutely insanely unbelievably lucky timing for someone to try using that right after I logged into the account.
Edit: And it was associated with a different email address.
Terrible is removing an authenticator? I assure you this pc is clean as a whistle. The last thing anybody would want to steal on here is a diablo account. My origin account (ugh) and steam accounts are far more valuable but untouched. Same for my hirez, Eve, and ncsoft accounts.
Edit: Hopefully removing some more of your concerns is that this is on a wired connection.
The timing on this made me suspect a man in the middle attack, but if that were the case he would have been able to log in with the authenticator codes I had to enter.
I obviously agree that removing the authenticator was a mistake, but it really is ridiculous that I should need it to protect me from issues on their end.
As an example of how this can go wrong; pretend you used the same name / password for XGameSiteX. XGameSiteX site runs on a cheap host and uses a free bulletin board with minimal customization. XGameSiteX doesn't update their forum software because it's not used for anything serious, just game banter. Unfortunately for you XGameSiteX's outdated forum software has a known flaw that allows people to steal account information... so any skript kiddie who follows security bulletins can use a known exploit to lift account info and then try those names and passwords on popular games (perhaps even games that you spoke about in the forum).
Another way this could go bad for you is if an employee or volunteer of XGameSiteX has access to user account information. No exploit required.
Yes those are all very good examples. This is not the case with this password though, it was used for an itunes account for awhile. On forum websites I use a throwaway password.
Edit: But if anyone sees a clear flaw where there is something I should be aware of, I would still like it to be pointed out. I am assuming the error is on blizzard's end due to the high volume of people with similar experiences and due to what I had considered due diligence on my part. The steps I took to avoid having issues like this are:
Putting my game account on an email address with a different password than the game
That email address sends all email to another email with another password without leaving it in the inbox to be viewed
Only run firefox with noscript on
Don't visit odd sites, or sites related to the games
Don't open odd emails (which is honestly more of a lazy thing, I also don't open completely normal emails)
Use a wired connection
There are so many possibilities it's hard to know where to start.
Less than a month ago Adobe Flash had an exploit that would allow an attacker to take over your computer. Updating Flash will protect you from this exploit but who's to say that there isn't another.
It's worth running a virus scanner and anti-malware program like SpyBot, MalwareBytes, and ClamWin to make sure any known threats are not installed on your computer as well as making sure that your computer programs are all up to date (OS, Flash, Browser).
NoScript is a great addon but its protection drops off once you begin to allow sites to run scripts.
Sites that fish or attempt to hijack and redirect you aren't necessarily game related and the attacks can even come from ads displayed on reputable sites.
Given that your account was accessed immediately after you removed your authenticator I'd assume that you've either got a keylogger or redirector.
Yes. Removing the authenticator is terrible.
Why do you think origin and steam are more valuable than D3? They aren't. The gold sellers are the ones doing the hacking. They don't give a flying shit about your steam or your origin account. And I'm sorry, but Eve, Hirez, and NCsoft accounts are NOT nearly as valuable as anything Blizzard. There is a much bigger market for their gold selling ways in WoW and even D3 already.
Hell, they're going to be able to sell this stuff legally in game in D3!
Here's the deal, and I realize that you aren't educated in the field of security so I will try to keep it simple for you.
There are other possiblities besides having a virus and something on their end.
There are vulnerabilities in flash, windows, java, web browsers (IE, firefox, chrome, safari), email clients and servers, p2p applications, pdf reader, javascript, web pages, office (excel, word, access, etc), Apple's OS X, android and ios, and many many many other services that ALL make your computer vulnerable WITHOUT having known malware on your computer.
The people hacking Blizzard accounts are gold sellers. Period. They are very skilled at what they do and they are very very aggressive. The gold sellers have hackers employed that are extremely proficient at what they do.
It's not just keyloggers and rootkits you have to worry about. It's everything you use. Every piece of software you use is potentially a back door. Every website you visit could be compromised.
Anyone in the security field will tell you that you can NEVER be 100% sure that your machine cannot be compromised. NEVER. There are vulnerabilities in everything.
Flash is one of the most popular vectors for attack because it is incredibly insecure. An attacker can use flash as a means to gain access to your computer and run malicious code that is very unique and NOT in any virus databases. Just because your virus software says you are clean, doesn't mean it is true. Flash still has vulnerabilities right this very second.
If an attacker is determined enough, they WILL gain access to your machine. These people use every method available to them to accomplish their goal (and there are plenty of methods out there).
The reason your blizzard account was hacked and not your steam account is because the people doing this are specifically targetting blizzard accounts, and for a very good reason - MONEY. They make more money of WoW than any other game no doubt.
Each and every blizzard account out there has a huge target on its back. This is a fact. The gold sellers don't give a crap about your steam account. They want your gold.
I don't mean to be rude by saying this but I'm going to be blunt, removing an authenticator (or not using one) from a Blizzard account is about the most insecure thing you can do to that account. No matter what, if they have you in their sights, they will gain access to your machine. The fact that they hit you right after you removed it goes to show exactly how you were already compromised.
You can blame blizzard all you want, but you should accept responsibility for your own actions. Their servers are NOT compromised. The game is NOT compromised. You were. Fact.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
Everybody who's account information was hijacked is confident that their computer is clean. It's easy to accuse Blizzard of account security problems (in the heat of the moment, I have done this as well a couple years ago when my account was compromised).
Account information is stolen typically in one of three ways:
1) a Keylogger on the user's computer.
2) Answering a phishing email sometime in the past (didn't even have to be recently. They'll sit on that info for a while).
3) Using the same password for a fansite or guild website.
The third is by far the most common way.
Authenticators are essential to protect our accounts from our own security mistakes.
(by the way, the reason Blizzard accounts are attacked more often is because they are the most valuable accounts in the world due to their popularity. Other accounts are attacked less often because they aren't worth the time or trouble)
Again, it's frustrating when things like this happen, I've been there. Well, not since I got an authenticator :P
In any of the above situations, the person would have been actively recieving what I was entering in my computer.
In which case, since he was accessing my account at the same time I was putting the authenticator in, he would have had the codes to log in.
Which he did not.
My diablo 3 account is definitely worth far less than any of my others, it only has a couple low level characters on it.
I am aware that if somebody was determined specifically to access my machine they could do it easier than gaining access to a vulnerability on blizzards end - however the amount of profit per time invested would be terrible.
They did not hit me immediately after removing my authenticator, I had that left on my account from when I had played wow and I disabled it immediately when D3 came out.
Like I said above, in any scenario where it was compromised on my end, they would have had continued access to the account. They would have been able to access my emails, delete the link required to activate the authenticator, etc. None of this happened. They got my password to my blizzard account and nothing else.
Which makes no sense if my computer is where the problem was.
Edit: I do not find it rude, I appreciate it but I really think that if the issue were on my end the mess I am in would have been more than just "add authenticator continue as normal."
I never used an authenticator and never got hacked. I played WoW for about 4 years on and off. Every time I returned to the game nothing was missing or changed. Also I never downloaded 3rd-party plug-ins. I have played all the expansions. I guess the authenticator is good for people that trust their buddys too much.
I also never got hacked while playing wow (that I can remember, it was a long time ago to say the least). I got the authenticator after awhile all the same.
What's mind boggling is the need for an authenticator in the first place. Not even my bank requires that, yet I've been interacting with it online for ten year without incident. But in order to ensure that your account is safe in Blizzard's hands, you need to use an external authenticating key. They sell those, by the way, if you need the physical version.
Seriously, a service that doesn't even bother with the most rudimentary step of making their passwords case-sensitve is a service deserving of scorn -- much like those who stubbornly defend it.
Your post shows how little you understand of the subject of security, your removal of the authenticator further shows your lack of understanding.
I'm not posting here to talk trash or mock you. I'm trying to help you. If you refuse to listen, that's fine go on ignoring reality and ignoring the facts.
You are only making yourself MORE insecure by refusing to believe that anything happened to your system or network.
The fact is, that is exactly what happened. Again, blizzard was not hacked. Their database was not stolen (and if it was it just proves that your password was not complex enough and that removing the authenticator was a big mistake).
Look, I tried to offer you my expertise to explain the facts behind security, but you would rather continue to be part of the problem.
Your blanket denial is ridiculous. No machine is impenetrable.
If I had a small amount of information about you, I could own your box in a very short time. I would never do that but I have the knowledge necessary.
I don't have time to try basic security principles. I had to pay for my knowledge and I simply don't have time to school you when you refuse to acknowledge the truth.
For crying out loud, though, put your authenticator back on. Geez.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
Anything is possible but it is extremely unlikely that Blizzards server were hacked this soon.
As you said;: have a unque password for the game, never tell anyone or write it anywhere except when you log in the game and ignore all e-mails that say otherwise.
Also for the truly paranoid: Change password a few times a year.
The authenticator is back on as I wrote in my first post. I do not think that my computer is impenetrable but if I had to decide between the likelihood that someone went out of their way to target me individually or any method to get passwords that does not require error on my part, I am going to bet on the second. I do not feel that I fall under any of the "blanket" attempts to gain access to people's computers that gold sellers have tried in the past, all of which rely on the user interacting with something unsafe. I am very confident that I avoid that by doing my games related browsing on my phone (which I do not log into anything from).
Blizzard support is lacking to say the least.
I submitted a trouble ticket 5 days ago and it is yet to be addressed. I called their support number and it is so overburden with people calling I was told it i was a 65 minute wait time.
IF you're just trying to help there's absolutely no reason for the tone of this post none, second at least read what the guy says, this post shows you haven't read anything he has written. No where did he say his computer is invulnerable, he has said the exact opposite in every post. ANd he already put the authenticator back on if you read you wold know that.
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
Guild sites are actually quite notorious for having virtually no security at all--But your average message board package isn't exactly high security.
At the same time, William of Occam tells us whose testimony is the most doubtful, in this particular case. The end user is always the weakest link in any security question, and the best suspect.
Self-pity imprisons us in the walls of our own self-absorption. The whole world shrinks down to the size of our problem, and the more we dwell on it, the smaller we are and the larger the problem seems to grow.
This is so obviously a troll thread.
1st, look at the OP name...
2nd, why would you remove the authenticator when you know there have been hacking reports/claims?
3rd, the "my computer is the most secure computer everz" is the same exact thing every single person who is ever hacked claims.
This is the problem the majority of people have when it comes to compromised accounts. They're too stubborn to realize that they don't know enough about the topic to understand that they are vulnerable, even when you may have as much expertise as a security expert.
The problem isn't that you're vulnerable, but that you think you're so invulnerable because you think you know enough to avoid issues. Realize that you may not know as much as you think you do and you'll get a lot further than simply trying to stubbornly say you're not dumb enough to get hacked and blame it on the company instead.
Not a troll, this is my gaming name. I removed the authenticator because the thing was grimy and dirty from having been in a corner in a closet with my terrible living habits, and though I knew it made my account more vulnerable with only a few level 20s I was not concerned about it at this time. I figured I would just get the phone authenticator and attach it at some point in the future. As for the third, nowhere did I say that. I said I took precautions to try to avoid falling under the blanket attempts to access people's accounts that gold sellers used in the past.
I lysol'd the shit out of this thing since I reattached it.
Edit: While I appreciate people telling me where I went wrong (removing the authenticator), and while I extra appreciate people being very upset that I am "not feeling too confident in blizzard's account security" I think the amount of cynicism in here is a tad over the top.
Right in the first post it is rather clear that I was warning people to use an authenticator due to my experience with this. It was not a "omg hater BLIZZ FANS UNITE" topic.
I did not say blizzard was hacked, I did not speculate as to how it happened. I did write about how I think it didn't happen, and still welcome people telling me other things to be careful about. Never did I say my computer is ridiculously secure, I know better.
Why remove the authenticator?
was the thought process something like this - " hey I am really worried about blizzard security so lets go ahead and remove the one thing that may can prevent a compromise" ?!?!
I personally think this whole thread is BS.