Blizzard addresses Diablo III account thefts

Company says security compromises aren't on Battle.net's end, encourages all players to use authenticator programs for added protection.

by

While the Diablo III launch at times saw essentially all players unable to log in because Blizzard's servers couldn't handle the demand, there were also a number of players reporting that they couldn't log in because their accounts had been stolen. Blizzard today addressed these reports, saying that the security compromises that allowed the account theft in the first place weren't on its end.

Blizzard wants players to use its authenticator services to prevent account theft.

In a post on the official Diablo III forums, a Blizzard community manager said, "We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password."

Blizzard has released a separate statement encouraging all players to consider using the Battle.net Authenticator (a physical keyring that generates access codes) or the Mobile Authenticator app for iOS and Android devices. While the community manager acknowledged the authenticators aren't a guarantee against account theft, "we have yet to investigate a compromise report in which an authenticator was attached beforehand."

Discussion

505 comments
Timmy_Gwar
Timmy_Gwar

"we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password."

 

While lying isn't illegal in most cases, it is obvious.

 

After my account got hacked I got a rather personal email about how if I had used an authenticator, I would have been fine. The particular game master said "I have personally never seen an account get hacked with an authenticator"...seriously, I have the screenshot of the ticket.

 

I did get service within 3 days though, so at least its quick...

MegaMatt91
MegaMatt91

I wanted to buy a physical one, but the postage is $20!

 

SO I just got the mobile one. Its a pain having to always have my phone right next to me though, especially when it needs charging.

prince__vlad
prince__vlad

well...is anyone even surprised ? I didn't think so. Wasn't it better, like in the good times, with an offline singleplayer ? :D This is the solution  and charge a moderate price for the game. They charge higher and higher, add extra charges etc ...they don't care about YOU, they care about beeing billionaires in a few days and live forever in luxury. I spit on them!

RoadStar1602
RoadStar1602

If these authenticators are so necessary, why didn't I get one in my $60 Diablo 3 box?

RoadStar1602
RoadStar1602

The issue is, indeed, most likely on Blizzard's end. Here's my story quickly. I played WoW for a while, then quit. A few months later my PC died and I bought a Mac. The Mac never had WoW installed on it. A full nine months after I quit WoW (which was played on the old PC), I received an email from Blizzard about my account being hacked. It stated that my WoW items had been restored and I should run anti-virus software, etc. It was basically saying that it was my fault this happened, even though I hadn't even installed WoW or any other Blizzard product, or even logged into my Blizzard account on this computer, and hadn't logged in on any computer for nine months. 

 

So I went to Blizzard's site and jumped through the hoops needed to restore my account and create a new password and I figured that was the end of it. A couple of months later I got another notification that my account had been hacked yet again. Mind you, I still don't even have WoW installed on the computer and my Mac is clean of any sort of virus or keylogger. Additionally, my passwords are complex. I didn't even bother to restore my account after that since there was obviously a security leak at Blizzard's end that I can do nothing about.

 

I think it's very likely that the same security issue is plaguing Blizzard with Diablo 3. These account thieves in Asia are clever. Very clever. They work incredibly hard to steal money. I have to scratch my head and wonder why they don't just get a normal job if they have to work so hard to steal.

RedMachine72
RedMachine72

  To be quite frank, I don't go to websites other than actual companiy sites like this one and PC Gamer. I have a 11 char pass mix of upper/lower case letters, numbers and symbols, and an authenticator that has been in place for several years now and I have to input a number each login. If I get hacked I will know withouot a doubt it is on their end as I also run antimalware programs all the time and have 2 AV programs that run antimalware in them that run all the time and update daily. And yes I am paranoid of a anything that could get in and destroy my stuff.

  Never have, and never will buy gold or any other service offered by these companies that spam all the time in games cause tbh, it scares the hell outta me I could lose everything I have worked for not only to the hackers, but because I was banned for buying it. In fact never have even visited a site that does that sort of thing for fear of a virus from just going there.

Carreau13
Carreau13

The sheer fact they say it isn't their fault and that we have to download another stupid little program to ensure security is further proof how much it's their fault. I have a 16 digit password and still got hacked all for my super good lvl 23 gear and puny gold. Totally kills my desire to play this game at the thought of how crazy hacking will get once the real money auction house is up and the real money farming hackers arrive.

alixkid
alixkid

Same old Blizzard.. You would think they would have learned from WOW. Hey but blizz doesn't care it's more money in there pocket. and thats why i stopped supporting them.

nima_metal90
nima_metal90

so many network problems, so maaaannnnyyyy.....

Talavaj
Talavaj

sounds like an inside job to scare people and make them "consider using the Battle.net Authenticators" which translates as "consider buying the Battle.net Authenticators for 6.50$ off our store"

or I'm just paranoid, but considering the amount of greed Blizzard has shown lately I wouldn't be surprised

 

your single player games charging you extra for better than abysmal account security, gaming industry is not going down the toilet, it's at the bottom of the cesspit already

hassanem
hassanem

this is happening because Blizzard made a mistake. Online gaming should be a choice, not the only way. now i cant play D3 on my laptop when there's no electric power, when other member of the family is streaming video on other pc, when the server is crowded, when..... etc. `~~

cirugo
cirugo

gee, can't hack offline single player games...

-Unreal-
-Unreal-

Someone tried to get into my account but I have it locked with an authenticator.

 

MasterDZ0522
MasterDZ0522

I just got hacked. I'm 100% sure nobody had my password. How they got in, I have no clue. I'm just saying this is a serious issue. I wasn't so much hacked as had all of my items stolen off of my level 45 DH...

spoonybard-hahs
spoonybard-hahs

@Philly1Uper

 

On rare occasions, it has happened. But when it did, I never said to myself, "Gee, this sounds like a horrible investment that I might regret later. But I'm still going to buy it. Even if I am right, I'll just get super-mad about it and then pirate the game just to show the publisher my disdain for them. Even though I already gave them a sale."

 

If you seriously cannot fathom the logical fallacy that this is, the problem isn't the industry.

Tongy26
Tongy26

Simple way to avoid account theft: don't give out your password to anyone.

No one is going to help you advance your character's level

No one is going to give you free content

 

Follow that one simple rule and you'll be fine. Don't blame Blizzard!

 

superspeed04
superspeed04

well gg blizzard after i don't know 15 years of playing online this is the first time i've EVER had an account hacked so thanks 45+ hours of gameplay on my demon hunter is gone.... just awesome....

lindallison
lindallison

Strange days when you can have your credentials stolen for trying to play a single player game....and Blizzard's auction house idea encourages hackers to steal your virtual stuff.  Bizarre.

Ice-Cube
Ice-Cube

Keep away from shady sites, even the ones that may be offering advice on making money in Diablo 3. Stick to the forums/wiki, it's not hard to get a keylogger on your computer.

 

Also as PixelAddict said, it only takes a few minutes to setup an authenticator on your iPhone, iPod touch or other mobile devices. 

 

It's terrible this has happened and I hope Blizzard takes more security precautions and hopefully think of new "Free" ways of security enhancement features for it's customers. The SMS feature is great but I myself don't own a phone (don't need one). 

PixelAddict
PixelAddict

Just downloaded the free authenticator app.  Took 10 seconds and 2 minutes to set up.

 

I doubt Blizzard made millions off of this free transaction.

fredwv
fredwv

logged in last night.  Toon was naked with zero gold and an empty inventory.  Not happy...

TheGreatmars
TheGreatmars

i don't get it, battle.net mobile authenticator is free so why not use it.... and blizzard is asking everyone to use it because it will save them a lot of head ache not because they make a ton of money selling them.

RoadStar1602
RoadStar1602

Oh, by the way. When I visited the Blizzard site to restore my account, I did not click the link in the email. I typed in the address manually, as I always do because phishing email can look very legit.

RedMachine72
RedMachine72

 @Carreau13People have been hacked and all their stuff gone at magazines like PC Gamer and Euro Gamer and you know they had all the bells and whistles for account security. Why Blizz will not just man up and say "Sorry, we screwed up" is beyond me, but I don't have millions of dollars at stake though. Simply put they need to get it fixed BEFORE rmah goes online or they will have class action and individual lawsuits against them if people start losing real money over their crap, EULA or not. When it comes to real money, they are gonna have to step up and get it done cause courts will want to know why they left it up to us to protect stuff on their servers.

 

jhonnybush
jhonnybush

 @Talavaj sad but probably true. I just got an email last week that my wow account was banned for suspicious 'gold selling' activity. Given the fact that i have not paid for an active wow account for over 18 months they either have serious flaws in their security systems or something even worse like you are suggesting

sdsman
sdsman

 @cirugo I can't even buy this game because it requires an always on internet connection.

shadowhunter0
shadowhunter0

 @Tongy26 but yet there are people accounts that still getting hack and they don't hand out their password even some of them have that stupid useless authenticator

cirugo
cirugo

 @Tongy26

 or don't buy games that require you to have an account and be online to play them...

Cru3lGam3r
Cru3lGam3r

 @Tongy26 Seriously dude do you actually know what the Internet is here is one rule everything on the Internet is Hackable.

PadyEos
PadyEos

 @Tongy26 No, if any hacker worth his salt will ever go after you you won't stand a chance. You guys have no idea what is out there.

PadyEos
PadyEos

 @superspeed04 Don't worry, the demon hunter has been nerfed to near uselessness anyway :P

shadowhunter0
shadowhunter0

 @fredwv you got hacked

 

did you give away your account info or use the same passwords on other sites

PadyEos
PadyEos

 @TheGreatmars Because it doesn't work. Simple as that. The authenticator will prevent you from being hacked using a keylogger, against any other type of attack it is virtually useless. Even Blizzard abstains from saying ANYWHERE that the authenticator is unbeatable security.

superspeed04
superspeed04

 @PadyEos nerfing or whatever its just 45 to 50 hours of invested time that in no shape of form is gone because of me, some one or group has gotten my info and i have absolutely no idea and blizzard is just like spend money to get this even tho people still get hacked with it or try to call and their que is full so they basically say fu** off

PadyEos
PadyEos

 @shadowhunter0 you don't say? I love it how the fanboys figure everyone who got hacked went round screaming they account details over the internet and that they are the only ones that know basic stuff like passwords and authenticators.

 

NEWSFLASH: There are so many ways to bypass the authenticators and the passwords you couldn't believe. Well you wouldn't believe it anyway since apparently you believe a measely authenticator will guarantee 100% account security. FACEPALM.

foufoufun0
foufoufun0

 @PadyEos keyloggers and phishing websites are probably the most frequent cause of hacked accounts. I bought the key ring authenticator when it came out because I had no cell phone back then. I wonder if it's saffer since it doesn't have any kind of connections to other devices. The cell phone authenticator algorithm could be known (in fact it's nothing very complicated) and all that is left to discovert is the authenticator key which "is" saved on the phone.

method115
method115

 @szafto haha yea like the "amazon order was canceled" emails. I havent ordered anything from amazon in months.

shadowhunter0
shadowhunter0

@lonewolf1044 I know some pc nerds that has the best computer security and they also were using the authenticator  and their accounts still got hacked so actually blizzard needs to address their security but they don't care their customers all they care about is money and they don't want to spend it to improve their security so the blame the users when if fact it is actually blizzard's fault

lonewolf1044
lonewolf1044

 @PadyEos As long there is code, it can be hacked but keep in mind it better to have something in place, then nothing at all. If your system is not protected with the proper software or hardware, one has nobody to blame but them selves. However if someone was able to hack the authenticator, then Blizzard needs to address that issue that issue. Some people may not have too much knowledge about computer security and  one should use a program that is going to protect the whole system.

 

PadyEos
PadyEos

 @superspeed04 and still the fanboys don't believe anything. They are convinced a measly authenticator will guarantee them 100% protection when there are so many ways around them.

shadowhunter0
shadowhunter0

 @lonewolf1044 I know pc nerds that got their account hacked and their computer wasn't infected hell one of them help me with the security on my computer so it is on blizzard side but they just don't care all they care about is money and in order for them to fix it it would cost them more money so they just blame the users

shadowhunter0
shadowhunter0

 @PadyEos I know I was hoping that he would say no to prove that it is blizzards fault and what they are saying is a load of bull

lonewolf1044
lonewolf1044

 @PadyEos

Hackers do not necessarily need to access Diablo directly, if you have a infected computer from the start or a computerbot  meaning your computer was infected even before Diablo was released hackers have almost total control of your computer and all that time you thought your computer was safe.

PadyEos
PadyEos

 @mnoi The game is susceptible to middleman attacks on the connection after you have logged in with you pass and aunthenticator so by basically duplicating the identification info of you computer and with the session ID from the game you are currently playing they can bypass the log-in process and jump straight into your game kicking you out. Authenticator made useless like a BOSS.

mnoi
mnoi

 @xenomessiah  @PadyEos someone steals your phone, uses the authenticator to log into battlenet and then steal ur stuff. Bit of a longshot though.