Diablo® III

In the case that you have mentioned Shade, I would send the ticket back explaining exactly that. Demand reasons on how they think it is his fault.

If the person has done everything in their power to stop hacking, like your friend, then to be told that it is their fault is rather insulting.

We have done this, but they are still dismissing it as a local issue. Apparently they have years of experience (duh) and it can't possibly be a problem on their end (insert sarcasm here).

It is easy to blame them, because it is their fault. How can you possibly know this isn't true. I know one person who was only playing for 4 days yet, and he has the authenticator. He also has one of the largest passwords I have ever seen (he asked me to check it with him, because they said the same thing to him, it was his own fault apparently). He has never used any kind of third-party service ever.

His account got hacked the moment he used the AH for the first time. Now can you please explain to me how this was his fault? If it's that easy that hijack someones session using packet sniffers, how is that the customers fault? Blizzard is the company responsible for how packet data is sent and received in the game, if their encryption is found wanting, I WILL blame them for this.

[EDIT] And as a follow-up, it's not "just a few people". Counting all the forum posts here and on the NA forum, it's literally hundreds of people. So ALL these people got local keyloggers etc. at the same time, withing the space of hours? Really? Does that sound logical to you? [/EDIT]

1) Why would blizzard use sessions when the game maintains a constant connection?
2) Even if they are using sessions why would they send others peoples session IDs to the clients ? There should be nothing to "packet sniff" they arn't morons.

One guy came out with this session hacking rumour and he supplied no technical details as to how it was supposedly accomplished despite this everyones lapped it up without a shred of evidence because its easier to blame blizzard than face their own mistakes.

1) AH uses sessions.
2) I didn't design it, it's beyond me why they do some things. What I do see is what and how it happened. I have plenty of technical knowledge on that area and it really isn't that hard to do it.

Although your reasoning may sound true, that still doesn't explain how this many people have this problem at the same time. Logic still dictates this to be a server-side problem instead of a local keylogger, to which they are blaming it now.

Can you PLEASE ADDRESS THE 3006 ERROR? It seems like many players are having trouble logging in after the client got stuck on a loading screen.

Pretty sure my PC isn't compromised, never got any issue with hackers even tho i've played online games for several years now. It is hilarious however that the solution is to buy some bull!@#$ that if it is indeed the ultimate defense against hackers should be included with the %^-*ing games.
I get a CE with something as irrelevant as a diablo skull with a D2 game key that i don't need for anything, why couldn't they put an authenticator in there instead of it in the 1st place?
I'll say, the amount of !@# kissing for blizzard even tho they don't keep your $%^- safe and who's only solution is to spend more money on something that apparently isn't at all that safe seeing how people with authenticators get hacked aswell is rather hilarious.

And how about this one? I just got 503 atempts from someone to login into my BNET account. I placed a ticked at around 16h30 22.05.2012 GMT and 1 hour later when I log to check on it, I got this:

http://postimage.org/image/n15xhju71/

So Blizz, might just be a coincidence, but although I was completely fine and nothing happened to me in particular, just make sure that there's nothing wrong from your behalf! For everyrone's sake!

What i find really interesting about this post is not what is said, but what is not said. At no point does Veneras deny that an attack had taken place or that he could categorically deny that authenticated accounts were not compromised. If this wasn't the SQL injection attack, or some other form of organised attack that was widely reported i would have thought Blizzard would have been very very quick to refute the stories.

I read the blue post as a very wishy-washy and generalized "how to protect your account" type post we have seen before.

While i appreciate that certain details about the outage and the attack shouldn't be released, details of what was compromised and what steps Blizzard are taking (in a general sense at least) to prevent a re-occurrence should be given.

From a business point of view this is a disaster for Blizzard, with real-money AH on its way, customer confidence in the security of their systems is of paramount important. For me it it is a catastrophe that Blizzard's security has been found wanting.

In my opinion the only way to restore some confidence is to take it on the chin and come clean with customers about the details of the attack, the extent of the intrusion, an idea of what was compromised and how they are preventing this from happening in the future.

It seems to me that a large number of users have affected by this, which for me suggests that no key loggers, brute force or man in the middle attack could have been used due to simple logistics.

I would not be surprised if records show that no one using the Authenticator has been 'hacked' even if people claim otherwise.

I do however feel that the mostly like scenario is that Blizzard have had their user database compromised to some extend and that it has contained clear text username and passwords.

22/05/2012 12:45Posted by Canklestab

The people who's accounts were compromised should have already been using these tools. If they weren't, its their own fault they didn't take the extra precaution to do so. These aren't new at all.

That's the same logic as saying a girl that was dressed whory deserved to get raped because she was asking for it.

It's not theirs, or Blizzard's fault, that hackers exist. All the blame is to be put on the hackers themselves. It's their doing, you can't blame people for not being "careful" enough to avoid their actions. I don't get why people are lashing out at Blizzard for not having the security power of the Pentagon. Hackers hack, it's what they do. Blizzard will be fighting them forever, and hackers will find new ways every time. It's an eternal conflict, good vs evil.

I'm one of the people who got "hacked" because of the exploit which blizzard left in that allowed others to acces my account without my actual password will I get my stuff back or am I (and the 100's of others) just left in the cold?

2) I didn't design it, it's beyond me why they do some things. What I do see is what and how it happened. I have plenty of technical knowledge on that area and it really isn't that hard to do it.

I think any explanation you have as to how it happened is going to work on the assumption that blizzard is broadcasting everyones sessions ids for the world to use. Which I don't believe is happening and I doubt you can provide evidence for.

I think this is all just speculation and abit of scaremongering by the anti-blizz group.

So, when will we be able to join public games again without the chance of losing everything?!?!

Change your battlenet password to one you've never used anywhere.

Make a new email address that you use for battlenet and absolutely nothing else.

Use an authenticator.

Particularly don't use the same password for any game sites. I would *guess* that a lot of the people who have been hacked are people who signed into sites offering beta keys, D3 competitions etc which would be handing account details to hackers on a plate if battlenet logins were used. They then use them all almost simultaneously to prevent detection.

Logic dictates that if many people haven't been hacked there must be something connecting those that have been. Rather than believing & spreading wild rumours, it would be better if hacked players try to work out what they have in common.

22/05/2012 18:51Posted by Gill

it would be better if hacked players try to work out what they have in common.

To echo an earlier post, my account was fine until I logged onto the AH this morning before work, didn't even load into the world. Went to work, came back and all was gone. I have a unique password for battle.net.

Logic dictates that if many people haven't been hacked there must be something connecting those that have been. Rather than believing & spreading wild rumours, it would be better if hacked players try to work out what they have in common.

True, however the most logic conclusion would be that Battlenet is what they have in common. The number of those affected might be a result of the manual process in the exploitation and not a result of only a limited username/passwords available to the hackers.

I find it most likely that hackers have found access to unencrypted username/passwords at some part of the Battlenet backend just like we saw in Sony case.

For those who haven't seen yet,

http://www.examiner.com/article/accounts-on-diablo-3-hacked ,it 's an article about the exploit that blizzard had in their system which allowed certain people to get acces to your account. (In my case i Had "nevin" in my recently played list.

http://www.youtube.com/watch?v=hcEhuSyMhPU (Shows the situation and explains it)

http://www.youtube.com/watch?v=A97mnS3D9a8&feature=plcp (follow up from the person who made the previous video)

I suggest watching those video's.

Created my hero yesterday (in Europe zone), found it today in Americas. Does it mean it was hacked (and possibly restored), or is it completely unrelated?

Tpolaris

Well, this is a genuine slap in the face for those that were expecting "real" action to be taken. Can't wait for the people that were compromised to see this.

Here is one of those people. A day has passed since I've submitted my ticket, no response as of yet and now this announcement saying basically nothing. From what I've heard the only thing you are offering people is one of their two rollbacks. In some cases you can't even tell how far back this roll back will be. How come it's not possible for you guys to roll our accounts back to the point right before we got hacked? We all have a new level 1 recent player in our list or a new level 1 friend in our list and since you demand everything to be online and saved on your servers, you should be able to trace back the exact point in time when people were hacked and restore their accounts in an acceptable manner. I've seen people reporting that they were offered a roll back of FIVE days. The game has only been out for one week! What kind of service is that?

So is this really all you can come up with? Saying you know how it feels to have your account compromised, so please tell me. Did you also buy Diablo III and got hacked after about a week of playing already and not being able to play again until someone responds to your ticket and then rolls your account back since everything you would do in between would be lost?

So get this.. after a 2 hour "chat" with the support team and even after telling them that i had a strange "friend" appearing on my friends list, they still say they can't find a "third party" and the logs show that my account was not compromised lol ^^^ So im left with a naked 60 wizard which is pretty much useless now and i changed my password hoping i wont get hacked again... real nice real nice

today I got a message when I was in game. (another PC login with your account bla bla bla)

This is impossible, really impossible and after this I cant login again... I play online games like 15 years and seriously first time I guess I got hacked...I never lost any account, I can swear an oath, none know my account informations...I will be crazy at this really

http://news.softpedia.com/news/Diablo-3-Accounts-Get-Hacked-Blizzard-Says-It-s-Investigating-Every-Case-270949.shtml

please guys dont say this is your fault, really ... I can find 1 million links about this... all world game sites talking about this, please Blizz dont say "its your fault!" cuz really ITS YOUR FAULT and fix it!