Diablo III servers not hacked - Blizzard

Dev says number of reported potential account compromises "extremely small," real money auction house delayed again; working "around the clock" to address issues.

by

The Diablo III servers have not been hacked, Blizzard said today in an update to the game's official forums at Battle.net. Addressing security concerns, among other things, Blizzard also said the number of players who have contacted the company about potential account compromises is "extremely small."

Diablo III servers: not hacked, says Blizzard

The company said it is aware of suggestions that account compromises are occurring in ways outside of "traditional" methods, calling out "session spoofing" as an example. Blizzard has examined this possibility and found no reason to believe accounts are being hacked in this way and even said such an exploit is "technically impossible."

The Diablo III launch continues to be problematic for Blizzard, as the company said it is "working around the clock" to address issues as they arise.

This is the second time this week Blizzard has addressed Diablo III security issues. On Tuesday, the developer said reported security compromises were not on Battle.net's end, and encouraged players to use authenticator programs to step up their level of protection.

Elsewhere in the update, Blizzard revealed it has made several hotfixes to address gameplay issues in Diablo III since the game launched. A collection of these changes are available at the game's website. Additionally, the company said further server maintenance will be required, and a patch that will apply bug fixes and address client issues will roll out next week.

On top of this, Blizzard said it continues to investigate how best to go about reapplying achievements some Diablo III gamers lost at launch. The company said no firm details are available at present, but more information will be shared "in the weeks ahead."

Lastly, Blizzard addressed the already delayed release of the Diablo III real-money auction house. This service has now been delayed indefinitely out of May. The company said it needs "a bit more time to iron out the existing general stability and gameplay issues" ahead of the auction house's release.

Upon release, Diablo III faced a string of issues, including a bug that made the game unplayable for some. Blizzard was quick to apologize for the game's rocky launch, saying last week that it did not do enough to ensure a smooth debut.

Diablo III sold 3.5 million units at launch. For more on Diablo III, check out GameSpot's review.

Discussion

403 comments
floridadragon67
floridadragon67

I have a friend I work with who said he has an authenticator and people on his friends list got them after they got hacked and have had no problems. I'm gonna try it myself.

 

But on my list of players, I have only added 1 friend, but above that friends list, their is a player listed as on my social list as recent players and I don't know who that person is. His name showed up after I got hacked and then had Blizzard reset my password, and then I chose another password. When I logged back on, their was this name on the list. A sound would play whenever he got on so I sent Blizzard a message attached to that players name saying he was a threat and I think he was the one who hacked my account. He was on 3 straight days and only had a level 1 Barbarian. What does that tell u??? Since I sent the message in about him, he has not logged on since. Hope that is the end of it, but we shall see.

 

Love the game, just not some of the bad decisions that were made.

highlanderjim
highlanderjim

yeh right of course not. Seems very iffy to me, so many ppl being hacked, servers go down for long periods just after these hacks and blizzard 100% blames EVERY player thats been hacked. Yeh 90% of them prolly are ppl with keyloggers, old compromised accounts from wow days, but its very weird that ppl WITH authenticaros have been hacked as well and a majority of these posts on the ifficial forums are locked/deleted.

 

They all seem to have the same reply from blizzard too. "we find no evidence of unauthorised activity on this account" when the poor players character is stripped naked and has zero gold.Yeh the guys with authenticators are deliberatly going to drop all their gear and cash then make up being hacked?

 

The session ID dupe thing seems to be the way its being done, which pretty much means "they" can get into your last character from public games from someind of trade window bug (kicking u out in the process) this is why its only 1 character that gets stripped of gear.

 

Dont mix up the conventional methods of hacking with this session id dupeing thing thats going on!

 

and blizzard are not gonna admit they got hacked or have big security flaws now are they.

 

Ive got an auth and a clean pc and im just waiting till i log in one day with zero gold

 

 

floridadragon67
floridadragon67

Thye need to get rid of the always on-line crap. Just got hacked and all my gold is gone and my level 55 Barbarian had all his gear stolen. Will take forever to get this back again.

 

Right now, my interest is gone in this game. Loved when I first played it. But now, with this crap, will just be wasting my time.

 

Thye have a thing on their site about your account being hacked, but pretty much blames you. All my stuff is up to date, and never had a problem before until now.

 

Need off-line and need it now.

Eraldus
Eraldus

Just look at all this hassle going on, which could've been avoided, if this game didn't had this aways online bull****...

mtait01
mtait01

Blizzard: no they were not hacked... we just sold you a broken product XD

Squigibow
Squigibow

Easy way to remedy the challenge.  Use an authenticator(they are free for smart phones).  Problem solved.. Nuff said!

AstroVampyr
AstroVampyr

Hmmm.... hacked account... vanishing items... hacker sells on RMAH... desperate player buys from RMAH... rinse and repeat... Blizzard still wins... Best damn strategy, better than pay to win cash shops... Good job Blizzard, you know what you're doing... I salute you... (conspiracy theory, made an account just for this... Really didn't mean to troll but this is a possibility).

Cruisemissile
Cruisemissile

Ive said it before and ill say it again: If they state, "its not hacked!" , its hacked! 

 

How many companies say their security has not been breached but then later after a month or so, finally admit they have been breached e.g. "SONY"

 

The only company to openly admit they may have been hacked straight away was Valve (Steam) and that was when they where only suspecting something was wrong.

 

Anyways Its the same story here with Blizzard, I think they should of implemented the auction house because that's the main motive to all the hackers they want to get as many items and gold as possible so when the AH opens they can sell it for real money.

y0jimbo
y0jimbo

It seems like every other post in every d3 forum is people either claiming to be hacked or trolling. either way this game is a flop and needs serious work before I play it. I thought bf3 was rough around the edges when it was released but I expect shit from dice not blizzard.

fa11en1134
fa11en1134

friends account got hacked yesterday...  they rolled him back.  he lost a ton of his progress and stuff anyway.  seems like if u get hacked ur almost better just not rolling back and taking the loss because the roll back system isnt very helpful.  he's worked in IT type jobs his whole life, very aware of how mal/spyware, hacks, etc work...  this isnt on the user end like fanboys are saying...  i feel like battle.net is not secure... IMO...  and while im enjoying the game with my friends, i dont think its THAT amazing... if i was to grind to inferno with a ton of amazing gear just to get hacked and rolled back to nightmare with all my high-end gear lost...  not sure i would wanna keep playing...

x-TwilighT-x
x-TwilighT-x

I'm not afraid to say, Everyone was right, and I was wrong. The simple fact is, the online only really pisses me off right now... I was one of the people going, eh? It wont bother me. It doesn't if it's working.

 

In time I am sure they will get it right, and I do actually enjoy being able to jump in my friends game and say whats up and kill a few demons with buddies. However it's been so off and on that it's just a huge pain.

 

Not that I'm going to stop playing it though.... lol

RapidFirE53211
RapidFirE53211

My account got hacked so they rolled my account back 5 levels and won't give me my items back. Then they say I'm using 1 of my 2 rollbacks and they can't guarantee that they can fix my account again if it gets hacked a third time. Blizzard support is a joke...it's like they want to punish the victims instead of improving their security. I really regret paying $60 for this game

VampireLord123
VampireLord123

For people still complaining about DRM, this game was not meant to be single player from the beginning. The features that offers the game are meant for a MMO game, people have to realize that. The only mistake from Blizzard that i see, is that it should have stated that the game is a MMO. Anther point to adress, is the hacked accounts, it is not blizzards fault, i mean seriously, people have no idea of some many ways that your acccount can be hacked, could be through a virus, a disguise file, through a hidden network or they have acces to you computer in so many other ways. Besides, think about it, is not easier to hack a personal computer, than trying to breach a security system like blizzard's? Why go to the hard choice when there is millions of people  playing the game in their vulnerable computers.

kawaiiflonne
kawaiiflonne

I just got affected by a stupid bug, that i read many have encountered. Holding onto the staff of herding when switching between acts can make it disappear completely or so people guess about the bug.

Turkish_Swag
Turkish_Swag

Diablo is still Diablo. These are very minor problems for this amazing game. In a few weeks everything will be working well. The reason why this shouldn't bother anyone is because Diablo 3 is a game that is going to be played for a LONG time. I was still playing Diablo 2: Lord of Destruction religiously in 2008. Everyone should just give Blizzard a break.

pcgamerpro
pcgamerpro

Great post i'll bookmark it on pcgamerpro.com

 

bunbun343
bunbun343

I dunno, I got online a few days ago and ALL of my stuff was gone including my gold.  Then on my friends list it said I played with a person I've never heard of in my life, and their account was a level 1 throw away character with no gear.

Elem3nt
Elem3nt

Wow who cares about the RMAH for the hundredth time. Who is ACTUALLY going to spend real money on gear so they can do I dunno what......repeatedly grind the same 4 acts over and over again? Get to work implementing some type of world pvp already. It's been two weeks and I cant be bothered to log in, where's the incentive?

eriktkire
eriktkire

This is a lie !!!

 

I had a unique email account I used for nothing other than Blizzard and Steam when I set both up a couple years ago (wanted to register my Warcraft 3 keys from the old days).

 

Nobody else knew those emails, no newsletter... nothing.

 

Yet, around 3 months in after registering it on Battle.Net, I started, and have ever since, been receiving the occasional spam email claiming my World of Warcraft account has been breached, go to "this" bogus link to change your email... or this or that security breach.. and sometimes even the bogus "free mount" or whatever other crap Blizzard micro-transacts for the WoW crowd.

 

Last few I got were Diablo 3 based... join the beta, just go "here" to log into your account, and so on.

 

Believe me when I say my system is secured... there are holes in Blizzard's system that other's have gained access too.. not just account emails, but personal details like the "real" name you've listed in that account too (whether that's really REAL or not).

 

Blizzard have reached the point where they're like any major supermarket chain. Daily breaches in their security where people's credit/debit/eftpos cards are being accessed and stolen (it's a massive series of wireless holes with them)... but they'll never admit it happens because:

  1) they have no legal obligation to inform the public, their customers, or even their shareholders there are holes.

  2) it's bad PR... why should they willingly admit to something that WILL damage their client reputation when so much revenue is at stake?

 

 

Steam makes a pretty penny and if anyone remembers, I think it was earlier this year or before the new year?  They put up a notice when you loaded your client that they "thought" account info may have been accessed, so change your password and monitor your bank statements.

 

That was just when they thought it was a possibility... they let us know.  Then they admitted it really happened and they were keen to hear from anyone that may have been effected.... that's how you deal with a security threat, honestly and openly.  Steam didn't lose anyone's respect by doing that.

Link3301
Link3301

 @nord1c Accounts keep getting hacked because most people are idiots, not because blizzard security sucks. Lots of people give away there account information to shady emails and websites on a daily basis, and many players refuse to use authenticators.

GamerOuTLaWz
GamerOuTLaWz

 @floridadragon67  just like Im feeling,got hacked a week n a half ago,dont feel like every logging on again. even with their rollback trash etc.

Timmy_Gwar
Timmy_Gwar

Of course it is. Isn't Torchlight developed by the original developers of Diablo? Big-logo companies: stop firing creative directors and project managers. They cost more money for a reason.

Timmy_Gwar
Timmy_Gwar

 @Squigibow My account got hacked regardless...

 

I had re-installed windows a month prior, not downloaded a single torrent and used the authenticator. I was only level 32 at the time with only 60,000 gold.

AstroVampyr
AstroVampyr

To add to that, ya know the "gossip" about anti-malware companies creating malware so that they can sell their software... That is what I feel is going on... 

 

Cruisemissile
Cruisemissile

Id like to make a correction i meant at the last paragraph, that "they should not have implemented the auction house". 

CylonRaider01
CylonRaider01

 @y0jimbo  agreed.It was striped from quite some features wich they where quite essential.

soulej
soulej

 @RapidFirE53211 

You should really look into getting either the authenticator from Blizzard (it's $6.50 or so, but the Diablo 3 one looks awesome!!) or use the free Mobile authenticator which is free. I have a WoW authenticator. It's pretty cool cause I got a WoW pet for it. Not too bad of a price, I guess.....

Szeiden
Szeiden

 @RapidFirE53211 Yea, my friend got hacked within a day of purchase. I had given him a ton of items to help him out but the rollback goes to before I gave him the stuff. So in other words he can't get it back. It's easy for people to defend Blizzard and say, "oh it's not that bad" when they haven't been hacked of have had a friend get hacked... People need to open their eyes and recognize the number of accounts being compromised and not simply listen to everything Blizzard says. What a joke. 1 day after purchase? Seriously?

 

The guy who hacked his account apparently has hacked 3 or 4 other accounts recently too but he's still not banned. Blizzard get your act together. If anyone wants to help report him, "Luisina2910#2253"

eriktkire
eriktkire

 @VampireLord123 people have a right to complain about poorly implemented DRM.

 

Valve manage to get it right and it's not like Blizzard hasn't had enough experience with Battle.net and WoW itself.

 

And while it's true virii and other silly things people do can lead to their accounts getting hacked, it's alot easier to hack security mainframes nowadays than most people would think.

 

Anyone that works in, or knows someone that works in the IT side of the security industry (not vice versa, not the security side of IT) will have heard at least a smidgen of the stories of how horrifically easy it is for a determined yet only barely skilled person to hack and steal from high profile company databases (including major national banks around the world)... and how frequently it happens.  Gone are the days when hardcore hack tools had to be engineered from scratch by the hacker themselves.

 

Hell, if you know how to follow your way from google through but 1 or 2 forums you can easily track down the latest build of a hack specific linux that the FBI use to not only track a variety of hack tools, but to proactively seek holes and infilitrate security systems... wardriving enabled too for any common 'built in modem' laptop/netbook.

 

Blizzard have a hole in Diablo 3 that they had no idea what or where it was when they released the above statements... until incidents of the current hacking end, everyone should assume Blizzard are still trying to figure out where the hole is.

Shanks_D_Chop
Shanks_D_Chop

 @Turkish_Swag "This is how I feel! My feelings are stated as fact! Everyone needs to get on board with how I feel!"

 

That's basically what you said.

Szeiden
Szeiden

 @Elem3nt Lol, you must be new to the internet. There are millions of mindless people willing to throw money at companies like Zynga and Nexon. You really think RMAH with Blizzard will be any different? Nope. Tons of people will surely use it, unfortunately. Even with the -- dare I say it? -- 15% transaction fee. F-I-F-T-E-E-N %...

rhollingsworth
rhollingsworth

 @eriktkire

 Ummm your complaint is baseless.  These phishing emails you will get with ANY game, site, bank, credit card or any oither form of online entity where you have to use an ID and PW to log in.  These are people trying to simply get stupid people to respond.

 

This is NOT Blizzards fault or any other developer.  It is just the nature of phishing.   THese are NOT breaches of security unless you are ignorant to fall for these phishing emails.

 

That is on the consumer, not on the publisher or distributor.

 

Link3301
Link3301

 @Timmy_Gwar The guys at Blizzard North weren't fired, they resigned after Vivendi canceled one of there projects.

Squigibow
Squigibow

 @Timmy_Gwar

 I call BS.  How did they login from another ip without having to enter the authenticator #.  You either didn't set it up right or you are not telling the whole story.  Please explain how ones account can get hacked with an authenticator.  I orignally played WOW without the authenticator and my account was hacked.  Blizzard gracefully restored my account and I the added an authenticator.  2 years have gone by with active battlenet usage for WOW, Starcraft, and now Diablo 3.  No attempts at hacking my account as there is no way thbrough the "locked door" that is the battlenet authenticator.

Timmy_Gwar
Timmy_Gwar

 @cjburnfist Isn't the authenticator free on cell phones?  If thats the case then I don't think authenticator sales would necessarily drive this theory. Though Blizzard IS owned by activision now...

 

Seriously guys, the only way this would happen is if blizzard, the number one panderer of recurring game sales and game time cards had an interest in money.

 

Why isn;t this game on Steam?

AstroVampyr
AstroVampyr

 @cjburnfist Yeah... and with their always online requirement, the more I think it wasn't for protection but for revenue... I really had respect for Blizzard, but now they're just another company more focused on games for money, not games for gamers.... I know that gaming is an industry but still... There's a reason that Ferrari's an exotic whilst a toyota is meh. It's the quality vs quantity conundrum. The only developer I really hold high regards for now  is CDProkektRed but sadly, everything gets corrupt nowadays because of $$$$$$.... Bioware is going down the drain also with their DA2, SWTOR, ME3 shananigans.... And that is why I think those kickstarters may be the saving grace of gaming...

Laughing_God
Laughing_God

 @AstroVampyr Shame only a few knows whats really going on, 99% of the sheeps would say its your fault for getting hacked or get a authenticator or you fell for keylogging sites.

eric_neo3
eric_neo3

 @Cruisemissile I wish they had implemented it, the shitstorm that would have followed would have settled the matter of RMAH and always online DRM for good.

 

But for now we wait...

Abomb2487
Abomb2487

 @cirugo They still have servers up for D1 and D2, YEARS later. Your point is moot. Oh and SC1, and WC3. HERP DERP.

mullen1200
mullen1200

 @Szeiden dont forget an extra 15 percent if you ever want to see that in cash. 

mullen1200
mullen1200

 @rhollingsworth NORMALLY, i'd agree. But blizzard DID have some sort of massive email list leak. Thousands of people started getting FLOODED with those spam gold/phishing emails at the same time, for no apparent reason. Blizz F'd up, and this was a long time ago. I STILL get those emails constantly, and on a much higher scale then I did before that day.

eriktkire
eriktkire

 @rhollingsworth that's where you're very wrong.

 

It's Blizzard's responsibility to not let stuff like that leak.  I did point out that I hadn't been using that email anywhere else, so it's not like my email had made some dodgy porn/casino/warez mailing list... yet those phishing emails were addressing me by the listed name or the account name I gave Blizzard.  Things I don't share around, and often make unique for every major account setup I intend using.

 

Phishing doesn't just happen.

 

And Blizzard is no longer merely a developer.  They institute their own form of DRM which controls your access, they market and sell directly through their company as well.  They are a fully fledged distributor and they ARE responsible.

 

The very nature of enforcing and maintaining their DRM also raises the level of responsibility in this scenario... DRM is meant to be a form of security right?  That's what they keep telling us.  That means they are directly responsible for the secure nature of EVERYTHING that involves their games/products/content, and ALL access between the consumers of their games/products/content and their actual 'stuff'.

 

 

BUT EVEN IF they were still just a developer, or this were going through the distributor's staff/department... you handle sensitive information, you are thus responsible for it.

 

Blizzard have leaks, it's no secret.

 

And to round off my reply, I wasn't complaining, I was stating a fact.  A complaint involves an expectation that a wrong will be rectified... I have every confidence Blizzard will fail to defend themselves from the gold farming, account hacking filth that so populate their user base these days.

Link3301
Link3301

 @Squigibow I think you can remove the authenticator if you use your security question. He must have given it to a shady website or had a keylogger program on his computer.

AstroVampyr
AstroVampyr

 @Sparkatus I hope so too... I don't want them to fall just as their predecessors did...

AstroVampyr
AstroVampyr

 @rhollingsworth was in my trolling mood back then... But I know when I've crossed the line dear sir... I apologize... But still It's kinda funny when my email for gaming has the gaming specific phishing ones and the work one has none.....  explain that dear sir... (not in the mood to troll) serious question....

rhollingsworth
rhollingsworth

 @AstroVampyr Kiddo?  LOL ok whatever.

 

First of all, i have more networking experience than you will ever have.    Are your two emails linked to your gaming accounts?    Probably not as I suspect your email addresses that are used for gaming are the ones that get phished.   If you dont know anything about how phishers work, please do not try to come here and pretend you know more than you think.

 

I work with network security for a very large company.  Phishing is as simple as it gets, there is really not a lot any company can do to prevent phishing.   All it takes is a spoof of a website, and a email domain to send mass emails to.

 

I think the only child here is you, son.  If you are stupid enough to fall for a phishing email, then that is your naivety and ignorance.   Apparently you have no concept of the vast amount of phishing done across all levels of gaming, credit companies, banks, online payment sites and Ebay type auction sites.   None of these are free from phishing attacks.

 

Those emails will keep coming, there is NOTHING blizzard can do to stop phishing.

 

Before you come on here trying to tell me that I do not know what i am talking about, why dont you take some classes in network security.

 

My company alone deals with numerous DOS attacks weekly, there is never an end to people trying to hack, phish, attack or otherwise compromise a consumer network.

 

Sounds like you people just have a beef against Blizzard.  If that is the case, simply dont buy their games and you wont have a reason to bitch and moan as you are prone to do.

 

Sure Blizz had issues at launch, with authentication and other login issues.  But to also blast them for phishing is just plain ignorant as phishing is as common as spam email.

 

 

eriktkire
eriktkire

 @rhollingsworth well, I own the domain names that are on my email accounts as well so this isn't a mass public domain freebie account situation.

 

They may not show the right info in the headers regarding their origin actually being from Blizzard, but the whole point of these kind of scams is to catch out the people that haven't got a clue what an email header is, let alone how to use read/understand one.

 

And again, I did mention these emails have included Blizzard account and "personal detail" names that they could have only accessed if they got into the Battle.net database.

 

There's absolutely nothing random about the emails I get.

 

Blizzard are just too big a target since WoW took off for 90% of attacks to be random or casual.  Blizzard are constantly being hacked and attacked.... how many are actually successful?  WAY more than they'll ever admit to.. and sadly their support department dedicated to hacks and phishing are either undermanned or simply aren't interested in tracking down any of the hacks that aren't system critical... meaning unless your account is hacked AND they are outright liable if they don't act, the best you'll get is a common techsupport response of "thanks, we might look into it but here's a condescending list of things your typical simple minded MAC user needs to be told not to do while surfing for porn and cheats to protect themselves"

 

MooncalfReviews
MooncalfReviews

I didn't get any emails, and I use Yahoo. Guess why? I don't have a Diablo account.

rhollingsworth
rhollingsworth

 @eriktkire Phishers do not use account names, they spam email domains, doesnt matter what your name is, they target the entire @yahoo.com, @hotmail.com domain and your account is there so you get the email.

 

Not one company or entity has been able to get around this fact, that is why these phishing emails are as common as spam emails anymore.   

 

To blame blizzard for this fact is just flat out incorrect.  I dont care if your account name was so obscure no one could guess it.   A Spam of a domain covers ALL combinations, those that are bounced are simply purged as they come back.  A simply algorithm, the hardest part is spoofing the site with a web domain that actually looks legit.