If it's true that has to be the stupidist thing they could do security wise. It means a 12 character password hash that would take weeks to crack normally could be broken in minutes. At that point you might as well store the passwords in clear text.
Of course that assumes they can get the password hash somehow.
Yep...makes no sense but unfortunately that is the case. Sad really that a company that knows it has this many people getting hacked won't even incoporate something like that.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Yea I am sorry, but I don't buy this for a second. And the fact that you were immature enough to send a ticket like that to them as if its their entire company that is the problem assuming you really did not get hacked through no fault of your own (which, as before mentioned, is HIGHLY suspect) does not give me much faith that you are being completely honest.
I'm sorry but I must be missing something somewhere? I thought the authenticator was free? At least the one on my iphone is.
Not everyone has an iPhone.
Exactly, i got "hacked" last night (it's not hacking really, but it amounts to the same irritation), account stripped (although they left my vault intact for some reason) and i don't have an iphone or similar. Never had an account hacked before on any game (not even WoW), im careful and don't make the silly mistakes some people made.
If the security is this bad that an authenticator is essential then they should ship a free authenticator with every purchase, RMAH is only going to see this get worse.
Thankfully they didn't delete my chars, so im back up and running, but i won't be buying anything on the RMAH because it'll probably just get stolen back.
Ah yeah then that's bad, should be free for everyone. Though I just linked the authenticator today and didn't have problems before that, I understand the frustration of having an authenticator as a requirement.
Remember... all I'm offering is the truth. Nothing more.
I got hacked also, only had a noob character that had just finished act 1, so it wasnt a big deal as far as gear or items went but the security is the worst I've seen.
And as far as the RMAH goes I wouldnt touch it with a ten foot pole. So much for people arguing about it combating the gold farmers lol what a joke. Nothing but the usual spam bullshit.
It hasn't gone live yet so...yeah...
Ya it hasnt even gone live yet and there is nothing but spam to buy gold and character leveling. Worse then anything I have seen to date.
Why?
Simple the RMAH
so.... yeah....
Your point?
It hasn't gone live yet. So how the fuck could you make a determination one way or the other in relation to what effect the RMAH will have? Try thinking a bit. Does wonders...
My point is that puting an RMAH into a game is a disgrace. It's pretty obvious that all the hacking is to do with real money, bunch of low life loser's preparing for the RMAH to go live, so they can sell all there stolen pixel loot.
Try thinking a bit? It's pretty obvious what introducing real money into any game will do. Some people dont give a crap some do.
This may be a bit TL;DR, but I want to try to address as much here as possible...
We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.
Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.
For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.
There have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.
We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.
While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.
It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.
I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our restoration policy for Diablo III and contact customer support as soon as possible.
That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.
Sharing login information: Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Phishing scams: Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.
While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.
You can learn more about how to identify these kinds of scams here.
Keyloggers: You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.
To best protect your account against this kind of malware, you'll want to:
Install antivirus and anti-spyware software. If you're unsure of what software might be best for you, check out our support site for a list of recommendations. Please make sure that you regularly update any antivirus or anti-spyware programs you're using, so that they're able to identify the latest malware threats
Keep your browser up to date. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter.
Keep your browser plug-ins up to date. Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. While most plug-ins will prompt you automatically when updates are available, it's a good idea to check the distributor wesite periodically to make sure you're running the latest versions.
Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the browser's Tools menu.
For more information on account security in Diablo III, be sure to check out the following resources:
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
Try thinking a bit? It's pretty obvious what introducing real money into any game will do. Some people dont give a crap some do.
Why dont you try thinking a bit...
Pretty obvious eh? You remark on what an RMAH is doing to a game when it isn't even in the game yet. The fact you can't grasp this is really astounding. Doesn't matter what you think it will do and that isn't even what you said initially. I'm not a fan of it either for a couple reasons but saying it is or isn't affecting gold spammers/farmers when it isn't in the game yet is simply stupid.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Yes, they magically picked you out of thin air and hacked you. In like twelve hours of purchasing the game no less. Sorry, while I certainly am not 100% certain that Blizzard's infrastructure for this game is completely secure seems to me the compromise came on your end.
I keep my password fairly secure. Nothing is 100% of course but I have never been hacked in any other game that I've played online.
I've got a pretty new e-mail that I recently started using for gaming so most past information on old e-mails shouldn't really be a factor. I've been playing Starcraft 2 for the longest before Diablo 3 and ofc there's nothing to steal in Starcraft 2....
My account was hacked and they took about 150k off me also. I've changed my password since. I don't have an authenticator, thinking about one but with the way their Password system works with not having case sensative it's kind of wtf.. I'm not going to spend more money (or go through the hassel right now to have even more chains) because they are slacking in the security department.
I really don't know if my account was comprimised but honestly I'm just not getting the vibe that it actually was. I'm wondering more about this session hacking I keep hearing about. I always get really suspicious of random players that join my game and basically do nothing the entire time or the ones that trail behind and just watch you kill everything. (Some of those might be laggers? lol), but when I get these types I keep an eye on their activity. If I get a bad feel I just leave the game, probably far too late by then.
IDK, they need to get to the bottom of this though. I'll see if my account gets comprimised again. Then my suspicions will pretty much be confirmed as to this not being an user password account issue and more something on the backend through the actual game.
PM before you report at least or you could just block.
Yes, they magically picked you out of thin air and hacked you. In like twelve hours of purchasing the game no less. Sorry, while I certainly am not 100% certain that Blizzard's infrastructure for this game is completely secure seems to me the compromise came on your end.
I keep my password fairly secure. Nothing is 100% of course but I have never been hacked in any other game that I've played online.
I've got a pretty new e-mail that I recently started using for gaming so most past information on old e-mails shouldn't really be a factor. I've beene playing Starcraft 2 for the longest before Diablo 3 and ofc there's nothing to steal in Starcraft 2....
My account was hacked and they took about 150k off me also. I've changed my password since. I don't have an authenticator, thinking about one but with the way their Password system works with not having case sensative it's kind of wtf.. I'm not going to spend more money (or go through the hassel right now to have even more chains) because they are slacking in the security department.
I really don't know if my account was comprimised but honestly I'm just not getting the vibe that it actually was. I'm wondering more about this session hacking I keep hearing about. I always get really suspicious of random players that join my game and basically do nothing the entire time or the ones that trail behind and just watch you kill everything. (Some of those might be laggers? lol), but when I get these types I keep an eye on their activity. If I get a bad feel I just leave the game, probably far too late by then.
IDK, they need to get to the bottom of this though. I'll see if my account gets comprimised again. Then my suspicions will pretty much be confirmed as to this not being an user password account issue and more something on the backend through the actual game.
I'm not saying it can't happen or that it is always the user's fault. What I mean is considering the OP's story and time frame I don't believe it could have happened with him is all.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Actually have a seperate account..
PM before you report at least or you could just block.
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Actually have a seperate account..
Follow that up with phishing/key loggers.
Although it's possible that Blizzard has been compromosed, it's far more likely that it's just simply user error in one form or another.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Actually have a seperate account..
Follow that up with phishing/key loggers.
Although it's possible that Blizzard has been compromosed, it's far more likely that it's just simply user error in one form or another.
I understand where you are coming from. I don't write e-mails and I definately don't fill out surveys to give out personal information like that for phishing. Keyloggers is a little harder for me to avoid, but I don't register to every forum I go to either, but my anti-virus (Avast! /shrug) is always running and up to date.
It seems like putting it on user error is just a bit too simple and passive here for Blizzard. I guess I'll have to take the wait and see approach. It's very possible my account was comprimised by my own fault; I'm aware though and I'll be keeping a close eye on further activity with my account.
PM before you report at least or you could just block.
Try thinking a bit? It's pretty obvious what introducing real money into any game will do. Some people dont give a crap some do.
Why dont you try thinking a bit...
Pretty obvious eh? You remark on what an RMAH is doing to a game when it isn't even in the game yet. The fact you can't grasp this is really astounding. Doesn't matter what you think it will do and that isn't even what you said initially. I'm not a fan of it either for a couple reasons but saying it is or isn't affecting gold spammers/farmers when it isn't in the game yet is simply stupid.
Trying to say that all the hacking and theft and farming has nothing to do with the RMAH because it isnt live yet is stupid. I'm sure these assholes will have plenty to sell the minute it does go live.
Oh wait... they will only start stealing after it goes live... you know it's the honest thing to do.
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Actually have a seperate account..
Follow that up with phishing/key loggers.
Although it's possible that Blizzard has been compromosed, it's far more likely that it's just simply user error in one form or another.
I understand where you are coming from. I don't write e-mails and I definately don't fill out surveys to give out personal information like that for phishing. Keyloggers is a little harder for me to avoid, but I don't register to every forum I go to either, but my anti-virus (Avast! /shrug) is always running and up to date.
It seems like putting it on user error is just a bit too simple and passive here for Blizzard. I guess I'll have to take the wait and see approach. It's very possible my account was comprimised by my own fault; I'm aware though and I'll be keeping a close eye on further activity with my account.
There was a link to a YouTube video on the official forums the other day of a hacker who disclosed how they were doing it. He said they were hacking off-sites such as forums etc. and gaining emails/passwords there. Gamers are/have been using the exact same email/password combination for different sites which is a huge security risk.
Now, on top of that people are falling for fake email phishing and visiting/downloading from key-logging sites. I'm sure there are other ways they're getting this information but blaming Blizzard seems a bit silly to me.
If anyone can PROVE that they have indeed been compromised, then fine. But until then, I'm going to say it's user error because there's simply no proof otherwise.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
Trying to say that all the hacking and theft and farming has nothing to do with the RMAH because it isnt live yet is stupid. I'm sure these assholes will have plenty to sell the minute it does go live.
Oh wait... they will only start stealing after it goes live... you know it's the honest thing to do.
hopeless argument.
You have no idea how much difference there would be if there wasn't an rmah. You think if there wasn't an rmah there wouldn't be hacking and farming going on? Really?
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Trying to say that all the hacking and theft and farming has nothing to do with the RMAH because it isnt live yet is stupid. I'm sure these assholes will have plenty to sell the minute it does go live.
Oh wait... they will only start stealing after it goes live... you know it's the honest thing to do.
hopeless argument.
You have no idea how much difference there would be if there wasn't an rmah. You think if there wasn't an rmah there wouldn't be hacking and farming going on? Really?
Did I say that? No...
Blizzard has increased the market for stolen pixel's a thousand fold. They just cant sell until it goes live.
This may be a bit TL;DR, but I want to try to address as much here as possible...
We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.
Additionally, as we mentioned before:
Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.
For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.
06/04/2012 05:55 AMPosted by VadoffThere have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.
We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated thus far, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.
While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.
It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.
06/04/2012 12:37 AMPosted by ibchrisjust happened to me..bunch of bs..
I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our restoration policy for Diablo III and contact customer support as soon as possible.
That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.
Sharing login information: Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Phishing scams: Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.
While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.
You can learn more about how to identify these kinds of scams here.
Keyloggers: You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.
To best protect your account against this kind of malware, you'll want to: Install antivirus and anti-spyware software. If you're unsure of what software might be best for you, check out our support site for a list of recommendations. Please make sure that you regularly update any antivirus or anti-spyware programs you're using, so that they're able to identify the latest malware threatsKeep your browser up to date. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter.Keep your browser plug-ins up to date. Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. While most plug-ins will prompt you automatically when updates are available, it's a good idea to check the distributor wesite periodically to make sure you're running the latest versions.Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the browser's Tools menu.
For more information on account security in Diablo III, be sure to check out the following resources:
Diablo III Launch Update Battle.net and Account Security Account Security Homepage
You know what's fun? Having the AuthenticatorAND being Hacked. While the OP's story is one of many like it. The stories of the accounts with security on them having the same terrible fate is just staggering.
Hey TSW Players http://www.unfair.co/ for Mission guides, Lore Locations and stuff....
Once again, it is apparent that if you are playing D3 and dont have an authenticator, you WILL get hacked.
Blizzard really need to sort their shit out.
What other game do you know of that you HAVE to have an authenticator to play otherwise you WILL get hacked, its just rediculous.
It's a function of Blizzard tying your master Blizzard account (RealID) to your email address.
Ever since they adopted email addresses as login IDs, hacking & phishing emails have gone through the roof. Hell, they've developed an automated account recovery tool/process because it was tieing up too much GM time restoring accounts.
I get the thought around creating a master ID for Blizzards BNet ecosystem....but they could have used something other than people's email address.
Lol they are evidence everywhere, people are posting videos showing guys striping characters over and over every 10 or 20 sec to the nearest vendor and proceeding in the same fashion over and over again, which is also very clearly described by the hacked people, so you van clearly see both description concord pretty well. As if you see that hacking method all over? Let be honest here its pretty unique to Diablo 3 isn't it, in no other online game or mmo have you ever saw this method being used is it? they clearly found a security hole and are exploiting it to no end in the face of Blizzard, which is denying all responsibility? That's pretty damn funny i like the show, let me grab some more popcorn here. This D3 is a real drama queen like we never had...
I knew it would have been a mess but man its amazing, please ignore my comment and keep it on guys.
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Yep, and this is why account theft increased after the switch to battle.net and the need to link your email to the account.
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Yep, and this is why account theft increased after the switch to battle.net and the need to link your email to the account.
Offcourse, by using email adresses as account, they give away half the security
Best MMO experiences : EQ(PvE), DAoC(PvP), WoW(total package) LOTRO (worldfeel) GW2 (Artstyle and animations and worlddesign) SWTOR (Story immersion) TSW (story) ESO (character advancement)
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Yep, and this is why account theft increased after the switch to battle.net and the need to link your email to the account.
Horrible move on Blizzard's part, no doubt. Hackers loved that ridiculous move, let the forum/website hacking commence!
However, people still need to take responsibility for their own security but I suppose it's just easier to place the blame elsewhere. I'd love to get the numbers for those with keyloggers and those who use the same password for everything lol.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
Originally posted by Nickraider Think there is a saying along the lines of .. "Don't **** where you eat" WHY in the world would you ask them for assistance and then start berating them for having horrible service... Seriously.. Good luck with that. If I was a customer service rep and saw your ticket.. I would have just said to myself "tough luck" *delete ticket*
And that's why, Gods be good, you will never BECOME a customer service rep.
It's THAT kind of attitude that perpetrates hostility between game companies and their playerbase. The guy has studied network security and got hacked within the first week or two of launch through password ineptitude, in one of the most anticipated games of the last decade. He has every right to rage at Blizzard: they are SUPPOSED to be more professional than him.
Unfortunately, their authenticator easy-fix has limited availability and does not adequately address the fact that their fundamental security measures are fail.
I'm really sick of the whole "There's a massive fanbase for X", or "Y would be a WoW-killer if it just had a chance".
There is no massive conspiracy waiting in the MMO playerbase.
There are no "sleeper-agent fans" waiting to convert once the X or Y is unleashed on the world.
I believe that this is what people who get hacked are failing at the most:
Email and password security: Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Yep, and this is why account theft increased after the switch to battle.net and the need to link your email to the account.
Offcourse, by using email adresses as account, they give away half the security
Right....and to keep people from skimming gaming forums (and the internet in general) for email addresses, they recommend creating a completely seperate & special email account for your blizzard account?
While that might be practicle, it's something that no other game has required for account security. EVEN if there was a business case for Blizzard to have your email address tied to your BNet account, they could have alteast allowed people to create their own unique IDs and linked the email address behind the scenes to that.
To the point of the OP....its a bit amaturish for such a large company that, for all other intensive purposes, has it together.
Comments
Yep...makes no sense but unfortunately that is the case. Sad really that a company that knows it has this many people getting hacked won't even incoporate something like that.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Yea I am sorry, but I don't buy this for a second. And the fact that you were immature enough to send a ticket like that to them as if its their entire company that is the problem assuming you really did not get hacked through no fault of your own (which, as before mentioned, is HIGHLY suspect) does not give me much faith that you are being completely honest.
Ah yeah then that's bad, should be free for everyone. Though I just linked the authenticator today and didn't have problems before that, I understand the frustration of having an authenticator as a requirement.
Remember... all I'm offering is the truth. Nothing more.
My point is that puting an RMAH into a game is a disgrace. It's pretty obvious that all the hacking is to do with real money, bunch of low life loser's preparing for the RMAH to go live, so they can sell all there stolen pixel loot.
Try thinking a bit? It's pretty obvious what introducing real money into any game will do. Some people dont give a crap some do.
Why dont you try thinking a bit...
"Be water my friend" - Bruce Lee
Most recent dev response:
This may be a bit TL;DR, but I want to try to address as much here as possible...
We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.
Additionally, as we mentioned before:
For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.
We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.
While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.
It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.
I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our restoration policy for Diablo III and contact customer support as soon as possible.
That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.
Sharing login information:
Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.
Email and password security:
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Phishing scams:
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.
While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.
You can learn more about how to identify these kinds of scams here.
Keyloggers:
You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.
To best protect your account against this kind of malware, you'll want to:
For more information on account security in Diablo III, be sure to check out the following resources:
Diablo III Launch Update
Battle.net and Account Security
Account Security Homepage
link
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
I believe that this is what people who get hacked are failing at the most:
Email and password security:
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
Pretty obvious eh? You remark on what an RMAH is doing to a game when it isn't even in the game yet. The fact you can't grasp this is really astounding. Doesn't matter what you think it will do and that isn't even what you said initially. I'm not a fan of it either for a couple reasons but saying it is or isn't affecting gold spammers/farmers when it isn't in the game yet is simply stupid.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
I keep my password fairly secure. Nothing is 100% of course but I have never been hacked in any other game that I've played online.
I've got a pretty new e-mail that I recently started using for gaming so most past information on old e-mails shouldn't really be a factor. I've been playing Starcraft 2 for the longest before Diablo 3 and ofc there's nothing to steal in Starcraft 2....
My account was hacked and they took about 150k off me also. I've changed my password since. I don't have an authenticator, thinking about one but with the way their Password system works with not having case sensative it's kind of wtf.. I'm not going to spend more money (or go through the hassel right now to have even more chains) because they are slacking in the security department.
I really don't know if my account was comprimised but honestly I'm just not getting the vibe that it actually was. I'm wondering more about this session hacking I keep hearing about. I always get really suspicious of random players that join my game and basically do nothing the entire time or the ones that trail behind and just watch you kill everything. (Some of those might be laggers? lol), but when I get these types I keep an eye on their activity. If I get a bad feel I just leave the game, probably far too late by then.
IDK, they need to get to the bottom of this though. I'll see if my account gets comprimised again. Then my suspicions will pretty much be confirmed as to this not being an user password account issue and more something on the backend through the actual game.
PM before you report at least or you could just block.
I'm not saying it can't happen or that it is always the user's fault. What I mean is considering the OP's story and time frame I don't believe it could have happened with him is all.
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Actually have a seperate account..
PM before you report at least or you could just block.
Follow that up with phishing/key loggers.
Although it's possible that Blizzard has been compromosed, it's far more likely that it's just simply user error in one form or another.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
I understand where you are coming from. I don't write e-mails and I definately don't fill out surveys to give out personal information like that for phishing. Keyloggers is a little harder for me to avoid, but I don't register to every forum I go to either, but my anti-virus (Avast! /shrug) is always running and up to date.
It seems like putting it on user error is just a bit too simple and passive here for Blizzard. I guess I'll have to take the wait and see approach. It's very possible my account was comprimised by my own fault; I'm aware though and I'll be keeping a close eye on further activity with my account.
PM before you report at least or you could just block.
Trying to say that all the hacking and theft and farming has nothing to do with the RMAH because it isnt live yet is stupid. I'm sure these assholes will have plenty to sell the minute it does go live.
Oh wait... they will only start stealing after it goes live... you know it's the honest thing to do.
hopeless argument.
"Be water my friend" - Bruce Lee
There was a link to a YouTube video on the official forums the other day of a hacker who disclosed how they were doing it. He said they were hacking off-sites such as forums etc. and gaining emails/passwords there. Gamers are/have been using the exact same email/password combination for different sites which is a huge security risk.
Now, on top of that people are falling for fake email phishing and visiting/downloading from key-logging sites. I'm sure there are other ways they're getting this information but blaming Blizzard seems a bit silly to me.
If anyone can PROVE that they have indeed been compromised, then fine. But until then, I'm going to say it's user error because there's simply no proof otherwise.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
You have no idea how much difference there would be if there wasn't an rmah. You think if there wasn't an rmah there wouldn't be hacking and farming going on? Really?
1. For god's sake mmo gamers, enough with the analogies. They're unnecessary and your comparisons are terrible, dissimilar, and illogical.
2. To posters feeling the need to state how f2p really isn't f2p: Players understand the concept. You aren't privy to some secret the rest are missing. You're embarrassing yourself.
3. Yes, Cpt. Obvious, we're not industry experts. Now run along and let the big people use the forums for their purpose.
Did I say that? No...
Blizzard has increased the market for stolen pixel's a thousand fold. They just cant sell until it goes live.
"Be water my friend" - Bruce Lee
From Blizzard, thought it was relevant:
This may be a bit TL;DR, but I want to try to address as much here as possible...
We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.
Additionally, as we mentioned before:
Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.
For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.
06/04/2012 05:55 AMPosted by VadoffThere have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.
We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated thus far, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.
While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.
It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.
06/04/2012 12:37 AMPosted by ibchrisjust happened to me..bunch of bs..
I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our restoration policy for Diablo III and contact customer support as soon as possible.
That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.
Sharing login information:
Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.
Email and password security:
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.
Phishing scams:
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.
While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.
You can learn more about how to identify these kinds of scams here.
Keyloggers:
You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.
To best protect your account against this kind of malware, you'll want to:
Install antivirus and anti-spyware software. If you're unsure of what software might be best for you, check out our support site for a list of recommendations. Please make sure that you regularly update any antivirus or anti-spyware programs you're using, so that they're able to identify the latest malware threatsKeep your browser up to date. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter.Keep your browser plug-ins up to date. Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. While most plug-ins will prompt you automatically when updates are available, it's a good idea to check the distributor wesite periodically to make sure you're running the latest versions.Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the browser's Tools menu.
For more information on account security in Diablo III, be sure to check out the following resources:
Diablo III Launch Update
Battle.net and Account Security
Account Security Homepage
You know what's fun? Having the Authenticator AND being Hacked. While the OP's story is one of many like it. The stories of the accounts with security on them having the same terrible fate is just staggering.
Hey TSW Players http://www.unfair.co/ for Mission guides, Lore Locations and stuff....
It's a function of Blizzard tying your master Blizzard account (RealID) to your email address.
Ever since they adopted email addresses as login IDs, hacking & phishing emails have gone through the roof. Hell, they've developed an automated account recovery tool/process because it was tieing up too much GM time restoring accounts.
I get the thought around creating a master ID for Blizzards BNet ecosystem....but they could have used something other than people's email address.
Lol they are evidence everywhere, people are posting videos showing guys striping characters over and over every 10 or 20 sec to the nearest vendor and proceeding in the same fashion over and over again, which is also very clearly described by the hacked people, so you van clearly see both description concord pretty well. As if you see that hacking method all over? Let be honest here its pretty unique to Diablo 3 isn't it, in no other online game or mmo have you ever saw this method being used is it? they clearly found a security hole and are exploiting it to no end in the face of Blizzard, which is denying all responsibility? That's pretty damn funny i like the show, let me grab some more popcorn here. This D3 is a real drama queen like we never had...
I knew it would have been a mess but man its amazing, please ignore my comment and keep it on guys.
Yep, and this is why account theft increased after the switch to battle.net and the need to link your email to the account.
Offcourse, by using email adresses as account, they give away half the security
Best MMO experiences : EQ(PvE), DAoC(PvP), WoW(total package) LOTRO (worldfeel) GW2 (Artstyle and animations and worlddesign) SWTOR (Story immersion) TSW (story) ESO (character advancement)
Horrible move on Blizzard's part, no doubt. Hackers loved that ridiculous move, let the forum/website hacking commence!
However, people still need to take responsibility for their own security but I suppose it's just easier to place the blame elsewhere. I'd love to get the numbers for those with keyloggers and those who use the same password for everything lol.
"Censorship is never over for those who have experienced it. It is a brand on the imagination that affects the individual who has suffered it, forever." - Noam Chomsky
And that's why, Gods be good, you will never BECOME a customer service rep.
It's THAT kind of attitude that perpetrates hostility between game companies and their playerbase. The guy has studied network security and got hacked within the first week or two of launch through password ineptitude, in one of the most anticipated games of the last decade. He has every right to rage at Blizzard: they are SUPPOSED to be more professional than him.
Unfortunately, their authenticator easy-fix has limited availability and does not adequately address the fact that their fundamental security measures are fail.
I'm really sick of the whole "There's a massive fanbase for X", or "Y would be a WoW-killer if it just had a chance".
There is no massive conspiracy waiting in the MMO playerbase.
There are no "sleeper-agent fans" waiting to convert once the X or Y is unleashed on the world.
Right....and to keep people from skimming gaming forums (and the internet in general) for email addresses, they recommend creating a completely seperate & special email account for your blizzard account?
While that might be practicle, it's something that no other game has required for account security. EVEN if there was a business case for Blizzard to have your email address tied to your BNet account, they could have alteast allowed people to create their own unique IDs and linked the email address behind the scenes to that.
To the point of the OP....its a bit amaturish for such a large company that, for all other intensive purposes, has it together.