Blizzard addresses Diablo III account thefts

Company says security compromises aren't on Battle.net's end, encourages all players to use authenticator programs for added protection.

While the Diablo III launch at times saw essentially all players unable to log in because Blizzard's servers couldn't handle the demand, there were also a number of players reporting that they couldn't log in because their accounts had been stolen. Blizzard today addressed these reports, saying that the security compromises that allowed the account theft in the first place weren't on its end.

Blizzard wants players to use its authenticator services to prevent account theft.

In a post on the official Diablo III forums, a Blizzard community manager said, "We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password."

Blizzard has released a separate statement encouraging all players to consider using the Battle.net Authenticator (a physical keyring that generates access codes) or the Mobile Authenticator app for iOS and Android devices. While the community manager acknowledged the authenticators aren't a guarantee against account theft, "we have yet to investigate a compromise report in which an authenticator was attached beforehand."

Got a news tip or want to contact us directly? Email news@gamespot.com

Did you enjoy this article?

Sign In to Upvote

504 comments
Timmy_Gwar
Timmy_Gwar

"we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password."

 

While lying isn't illegal in most cases, it is obvious.

 

After my account got hacked I got a rather personal email about how if I had used an authenticator, I would have been fine. The particular game master said "I have personally never seen an account get hacked with an authenticator"...seriously, I have the screenshot of the ticket.

 

I did get service within 3 days though, so at least its quick...

MegaMatt91
MegaMatt91

I wanted to buy a physical one, but the postage is $20!

 

SO I just got the mobile one. Its a pain having to always have my phone right next to me though, especially when it needs charging.

prince__vlad
prince__vlad

well...is anyone even surprised ? I didn't think so. Wasn't it better, like in the good times, with an offline singleplayer ? :D This is the solution  and charge a moderate price for the game. They charge higher and higher, add extra charges etc ...they don't care about YOU, they care about beeing billionaires in a few days and live forever in luxury. I spit on them!

RoadStar1602
RoadStar1602

If these authenticators are so necessary, why didn't I get one in my $60 Diablo 3 box?

RoadStar1602
RoadStar1602

The issue is, indeed, most likely on Blizzard's end. Here's my story quickly. I played WoW for a while, then quit. A few months later my PC died and I bought a Mac. The Mac never had WoW installed on it. A full nine months after I quit WoW (which was played on the old PC), I received an email from Blizzard about my account being hacked. It stated that my WoW items had been restored and I should run anti-virus software, etc. It was basically saying that it was my fault this happened, even though I hadn't even installed WoW or any other Blizzard product, or even logged into my Blizzard account on this computer, and hadn't logged in on any computer for nine months. 

 

So I went to Blizzard's site and jumped through the hoops needed to restore my account and create a new password and I figured that was the end of it. A couple of months later I got another notification that my account had been hacked yet again. Mind you, I still don't even have WoW installed on the computer and my Mac is clean of any sort of virus or keylogger. Additionally, my passwords are complex. I didn't even bother to restore my account after that since there was obviously a security leak at Blizzard's end that I can do nothing about.

 

I think it's very likely that the same security issue is plaguing Blizzard with Diablo 3. These account thieves in Asia are clever. Very clever. They work incredibly hard to steal money. I have to scratch my head and wonder why they don't just get a normal job if they have to work so hard to steal.

RedMachine72
RedMachine72

  To be quite frank, I don't go to websites other than actual companiy sites like this one and PC Gamer. I have a 11 char pass mix of upper/lower case letters, numbers and symbols, and an authenticator that has been in place for several years now and I have to input a number each login. If I get hacked I will know withouot a doubt it is on their end as I also run antimalware programs all the time and have 2 AV programs that run antimalware in them that run all the time and update daily. And yes I am paranoid of a anything that could get in and destroy my stuff.

  Never have, and never will buy gold or any other service offered by these companies that spam all the time in games cause tbh, it scares the hell outta me I could lose everything I have worked for not only to the hackers, but because I was banned for buying it. In fact never have even visited a site that does that sort of thing for fear of a virus from just going there.

Carreau13
Carreau13

The sheer fact they say it isn't their fault and that we have to download another stupid little program to ensure security is further proof how much it's their fault. I have a 16 digit password and still got hacked all for my super good lvl 23 gear and puny gold. Totally kills my desire to play this game at the thought of how crazy hacking will get once the real money auction house is up and the real money farming hackers arrive.

alixkid
alixkid

Same old Blizzard.. You would think they would have learned from WOW. Hey but blizz doesn't care it's more money in there pocket. and thats why i stopped supporting them.

nima_metal90
nima_metal90

so many network problems, so maaaannnnyyyy.....

Talavaj
Talavaj

sounds like an inside job to scare people and make them "consider using the Battle.net Authenticators" which translates as "consider buying the Battle.net Authenticators for 6.50$ off our store"

or I'm just paranoid, but considering the amount of greed Blizzard has shown lately I wouldn't be surprised

 

your single player games charging you extra for better than abysmal account security, gaming industry is not going down the toilet, it's at the bottom of the cesspit already

hassanem
hassanem

this is happening because Blizzard made a mistake. Online gaming should be a choice, not the only way. now i cant play D3 on my laptop when there's no electric power, when other member of the family is streaming video on other pc, when the server is crowded, when..... etc. `~~

cirugo
cirugo

gee, can't hack offline single player games...

-Unreal-
-Unreal-

Someone tried to get into my account but I have it locked with an authenticator.

 

MasterDZ0522
MasterDZ0522

I just got hacked. I'm 100% sure nobody had my password. How they got in, I have no clue. I'm just saying this is a serious issue. I wasn't so much hacked as had all of my items stolen off of my level 45 DH...

spoonybard-hahs
spoonybard-hahs

@Philly1Uper

 

On rare occasions, it has happened. But when it did, I never said to myself, "Gee, this sounds like a horrible investment that I might regret later. But I'm still going to buy it. Even if I am right, I'll just get super-mad about it and then pirate the game just to show the publisher my disdain for them. Even though I already gave them a sale."

 

If you seriously cannot fathom the logical fallacy that this is, the problem isn't the industry.

Tongy26
Tongy26

Simple way to avoid account theft: don't give out your password to anyone.

No one is going to help you advance your character's level

No one is going to give you free content

 

Follow that one simple rule and you'll be fine. Don't blame Blizzard!

 

superspeed04
superspeed04

well gg blizzard after i don't know 15 years of playing online this is the first time i've EVER had an account hacked so thanks 45+ hours of gameplay on my demon hunter is gone.... just awesome....

lindallison
lindallison

Strange days when you can have your credentials stolen for trying to play a single player game....and Blizzard's auction house idea encourages hackers to steal your virtual stuff.  Bizarre.

Ice-Cube
Ice-Cube

Keep away from shady sites, even the ones that may be offering advice on making money in Diablo 3. Stick to the forums/wiki, it's not hard to get a keylogger on your computer.

 

Also as PixelAddict said, it only takes a few minutes to setup an authenticator on your iPhone, iPod touch or other mobile devices. 

 

It's terrible this has happened and I hope Blizzard takes more security precautions and hopefully think of new "Free" ways of security enhancement features for it's customers. The SMS feature is great but I myself don't own a phone (don't need one). 

PixelAddict
PixelAddict

Just downloaded the free authenticator app.  Took 10 seconds and 2 minutes to set up.

 

I doubt Blizzard made millions off of this free transaction.

fredwv
fredwv

logged in last night.  Toon was naked with zero gold and an empty inventory.  Not happy...

TheGreatmars
TheGreatmars

i don't get it, battle.net mobile authenticator is free so why not use it.... and blizzard is asking everyone to use it because it will save them a lot of head ache not because they make a ton of money selling them.

illegalChronic
illegalChronic

Blizzard needs to kick  Activision in the teeth.... merge should never have happened. Blizzard wasnt such a company before Activision got involved. They were one of the best, now... they are just one of them...

leoansa2
leoansa2

...and this is supposed to be a game for having fun, remember? THANKS, BLIZZ!! you did again!

RedMachine72
RedMachine72

Funny that I posted a comment on the Diablo forums last night and in less than 30 min it had been taken down. Just because I bascally said that it was an exploit in the game code that hackers are using to "highjack" people and steal all their stuff. Wake up people, yes some are getting hacked from stupidity, but most have been in game when it happened playing, get booted out and can't relog. That is on Blizzards end and they won't admit it.

BladeStrike1234
BladeStrike1234

"We have yet to investigate a compromise report in which an authenticator was attached beforehand."

 

How convenient. People have already confirmed that their authenticated accounts got hacked too. Are they all liars? I think not. Blizzard are just covering their selfish asses.

Nilbogssa
Nilbogssa

So let me get this straight. Companies like Blizzard will go to extreme lengths, such as requiring a constant online connection to play a single-player game, to protect their own interests, but when it comes to customer security, they throw their hands up and say “oh well that's your job not ours.” Yep that sounds about right. If they already have your money they don't care the least bit about your issues. Up yours Blizzard.

I_ArCh0n_I
I_ArCh0n_I

Don't use firewalls, an anti virus or an authenticator and I have never had a problem. It's stupidity that causes these problems and so they half-deserve it.

GeorgeSyll
GeorgeSyll

What an excellent way to sell those authenticators.......Nice one Blizzard, that's why i'll never buy Diablo 3, you don't deserve my money. Scammers.

PDO_360
PDO_360

Everyone always tries to sound like an expert on the matter, when they really really aren't.

I'm inclined to believe most of these hacking cases were due to peoples ignorance and stupidity.But anyone who doesn't complain and cry about Blizzard at every turn gets you labled a 'fanboy' /rolleyes 

PadyEos
PadyEos

I love how 'journalists' have jumped at the occasion to kiss Blizzard's behind and start with titles like: " Blizzard addresses Diablo III account thefts". Addresses? How is it 'addressed'? They haven't done anything to actually stop it. People even today are reporting being hacked in the same way. It's more like they 'comment' on the hacks because God forbid they ever did anything in time if at all to keep people's accounts safe.

---Cipher---
---Cipher---

So what your saying is I SHOULDN'T go to random sites posting that my password is Bluesuedeshoes8 with my login name notarealaddress@yahoo.com? I had it wrong this whole time!

drivemuse
drivemuse

Just keeps getting worse for good ol' Diablo 3, huh.

nikifun
nikifun

It's their fault! They wouldn't have any of those problems if they made the singleplayer purely offline!

leeveeu
leeveeu

common sense. use it!

roleplayer2004
roleplayer2004

Nerds hacking Diablo III? NOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!!!

essam24
essam24

please w8 connection's lost ... ... ... ... ... ... ... ... zzzzzzzzzzzz till next morning ... ... ... ... ... ... ... ( like they are telling me something )... ... ... (close the game and dont play it) ... ... ... ... ... ... ... ... oh really so why i get it ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...  connection is back ternnn , sorry u cant play pleas re connect the game with internet to make sure u are real player (which means u are  not lair )   !!!

kami_amaya
kami_amaya

I just don't understand, use common sense, people!

Don't give out your passwords. Don't click links in suspicious e-mails. Don't download any hacks or programs claiming to be a hack. Don't use your battle.net password anywhere else. Pretty simple.

Most of the accounts were probably hacked due to the owners own stupidity.

RAHBRT
RAHBRT

Seriously, if you own a Battle.net account and you don't have the authenticator app you are an idiot. Now if you don't have a smartphone well, maybe it's time to upgrade.

Tangsta03
Tangsta03

With regards to the account thefts, I just think it's outrageous how Blizzard is passing the blame onto 'traditional means' of being robbed like it solves everything.

 

They assured us the online only experience would be more 'seamless' and 'safer' and so far it's been the complete opposite. At least with an offline mode, we would safe from the army of hackers and the worse that could happen were non-threatening game bugs, we could also back up our character saves on our own HDDs for emergencies.

Ar13ls
Ar13ls

The online community is just a bunch of whinners these days. It's just sad at some point.

 

After the first day, everything was fine on D3 "OMG millions of people are logging in at the same time, why isn't this working?". People say the servers should cope all that stress without any flaws? that's just impossible. It doesn't work like that, if they could they would. People talk without knowing how games/servers are done.

 

It's also very plausible that people get hacked without Blizzard's databases getting hacked (especially since that information is probably encrypted as hell like Steam when they got hacked). Other places get hacked, you opened the wrong e-mail, etc and you used the same password and bam people access your stuff and it wasn't Blizzard's fault. That's the internet in general.

 

I believe the people who are pissed are just mad because they like to hack games/have a distinctive unfair advantage over others, play for free and basically do what they want without consequence and they can't with this game... or they just want to hate what's cool like all the COD haters. Hell, most haters here claim they don't and won't even play the game.

 

Diablo 3 is not a perfect game and Blizzard is not the perfect company, but people just whine and complain before using their judgement sometimes.

Phil-teh-Pirate
Phil-teh-Pirate

I still think its funny that a group of tech guys got round a table and said;

 

"Right, this game, its been hyped for years now, and you know what? We're going to make it pure online, I mean not really but you have to authenticate it to play single player and its always online to play...So ladies and gents we need to make sure the systems can handle it, this is a serious serious decision so millions aren't disappointed on launch day...

 

so lets flick through this dell catalogue and see what we can get for around $500 and call it a day!"

bloody-hell
bloody-hell

Assume there's 1.000.000 players (number made up) that buy Diablo 3 only for the singleplayer experience - If Blizzard had offered a separate pure offline character creation with no way to ever go online OR offline / online characters that play in separate instances with no way to access the auction house or auction house instance players for unwanted trading, then nobody would have cared for a few launch day problems with online play.

 

Want to play offline and online without auction house - Create an offline character that can play online coop as well but not interact with the auction house or auction house players.

Want to play online with auction house - Create an online auction house enabled character that can't interact with non-auctionhouse (offline) characters.

Problem solved.

 

Somehow however Blizzard managed to make their problems their customers problems by forcing them to be online even for pure singleplayer, causing lags, disconnects and the inability to play at all.

When they want to use that "you have to be online to play" scheme they better make sure that their Servers can cope with it flawlessly anytime 24/7.

 

They can't, despite all their previous MMO experiences, yet small studios and even indie developers can (which makes you wonder).

I'd mass-return this game for refunds, that's how it works with broken products - It's not like it's the customers fault that Blizzards servers and bandwidth are not up to the task.

 

To keep it related to the news article - All these customers that only bought this game for the singleplayer experience now also have to deal with online account problems because of this forced online mode.

hemoleech
hemoleech

I took all the precautions for my WoW account with an authenticator yet it STILL got hacked. They hacked it when my sub ran out, but Blizzard caught on immediately and locked my account and returned my items. Those hackers are relentless.

Screwcificator
Screwcificator

Blizzard is the first company to sell something that is supposed to be a game, but it isn't. I miss the time when I enjoyed a single player game without being annoyed by internet connection or servers crash. Why did you take us the single player and transformed it in MMO shit? I'm so happy I didn't buy the game for that reason.

And there are a lot of people who would have bought it, but they didn't because they believe in the same rightful thing. Now you apologize for delays and crashes? I waited this game for 6 years and now it's just a big fart for me. I'm sorry for the guys whose passwords were stolen, but they are just another victims of your greed.

Keep up the "good work" and maybe one day people will understand what are you made of and boycott your games.

RedMachine72
RedMachine72

 All I know is that I have never been hacked(knocks on wooden desk) and hope I never do. I also have a seperate e-mail account that is used for nothing but Blizzard and password for nothing else as well. I also have used the authenticator for several years. I do get phishing mails in my regular account that of course are never opened and I just mark them as phishing scams.

 My main e-mail account was hacked about a year ago and when I tried to find out what happened MS of course stated not on our end. But, somehow there were literally hundreds of complaints about the same thing all on the same day, within a few hours of each other.. Changed my password in the recovery and had no problems since and as far as I know MS never admitted to being hacked. IMO Blizz was hacked and is not going to admit it and never will most likely.

nyran125
nyran125

no offline mode? no thx.

kelphole
kelphole

My WoW account was hacked months after I canceled the account. If someone hacked my account then they would have had to pay to log in. I cannot help but wonder if a Blizzard employ does this just to make people resubscribe to get their items out of the mailbox.