Blizzard addresses Diablo III account thefts

Company says security compromises aren't on's end, encourages all players to use authenticator programs for added protection.


While the Diablo III launch at times saw essentially all players unable to log in because Blizzard's servers couldn't handle the demand, there were also a number of players reporting that they couldn't log in because their accounts had been stolen. Blizzard today addressed these reports, saying that the security compromises that allowed the account theft in the first place weren't on its end.

Blizzard wants players to use its authenticator services to prevent account theft.
Blizzard wants players to use its authenticator services to prevent account theft.

In a post on the official Diablo III forums, a Blizzard community manager said, "We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password."

Blizzard has released a separate statement encouraging all players to consider using the Authenticator (a physical keyring that generates access codes) or the Mobile Authenticator app for iOS and Android devices. While the community manager acknowledged the authenticators aren't a guarantee against account theft, "we have yet to investigate a compromise report in which an authenticator was attached beforehand."

Got a news tip or want to contact us directly? Email

Join the conversation
There are 375 comments about this story
375 Comments  RefreshSorted By 
GameSpot has a zero tolerance policy when it comes to toxic conduct in comments. Any abusive, racist, sexist, threatening, bullying, vulgar, and otherwise objectionable behavior will result in moderation and/or account termination. Please keep your discussion civil.

Avatar image for Timmy_Gwar

"we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password."

While lying isn't illegal in most cases, it is obvious.

After my account got hacked I got a rather personal email about how if I had used an authenticator, I would have been fine. The particular game master said "I have personally never seen an account get hacked with an authenticator"...seriously, I have the screenshot of the ticket.

I did get service within 3 days though, so at least its quick...

Avatar image for MegaMatt91

I wanted to buy a physical one, but the postage is $20!

SO I just got the mobile one. Its a pain having to always have my phone right next to me though, especially when it needs charging.

Avatar image for prince__vlad
prince__vlad anyone even surprised ? I didn't think so. Wasn't it better, like in the good times, with an offline singleplayer ? :D This is the solution and charge a moderate price for the game. They charge higher and higher, add extra charges etc ...they don't care about YOU, they care about beeing billionaires in a few days and live forever in luxury. I spit on them!

Avatar image for RoadStar1602

If these authenticators are so necessary, why didn't I get one in my $60 Diablo 3 box?

Avatar image for RoadStar1602

The issue is, indeed, most likely on Blizzard's end. Here's my story quickly. I played WoW for a while, then quit. A few months later my PC died and I bought a Mac. The Mac never had WoW installed on it. A full nine months after I quit WoW (which was played on the old PC), I received an email from Blizzard about my account being hacked. It stated that my WoW items had been restored and I should run anti-virus software, etc. It was basically saying that it was my fault this happened, even though I hadn't even installed WoW or any other Blizzard product, or even logged into my Blizzard account on this computer, and hadn't logged in on any computer for nine months.

So I went to Blizzard's site and jumped through the hoops needed to restore my account and create a new password and I figured that was the end of it. A couple of months later I got another notification that my account had been hacked yet again. Mind you, I still don't even have WoW installed on the computer and my Mac is clean of any sort of virus or keylogger. Additionally, my passwords are complex. I didn't even bother to restore my account after that since there was obviously a security leak at Blizzard's end that I can do nothing about.

I think it's very likely that the same security issue is plaguing Blizzard with Diablo 3. These account thieves in Asia are clever. Very clever. They work incredibly hard to steal money. I have to scratch my head and wonder why they don't just get a normal job if they have to work so hard to steal.

Avatar image for RoadStar1602

Oh, by the way. When I visited the Blizzard site to restore my account, I did not click the link in the email. I typed in the address manually, as I always do because phishing email can look very legit.

Avatar image for Carreau13

The sheer fact they say it isn't their fault and that we have to download another stupid little program to ensure security is further proof how much it's their fault. I have a 16 digit password and still got hacked all for my super good lvl 23 gear and puny gold. Totally kills my desire to play this game at the thought of how crazy hacking will get once the real money auction house is up and the real money farming hackers arrive.

Avatar image for alixkid

Same old Blizzard.. You would think they would have learned from WOW. Hey but blizz doesn't care it's more money in there pocket. and thats why i stopped supporting them.

Avatar image for nima_metal90

so many network problems, so maaaannnnyyyy.....

Avatar image for SamehH99

@ALCHEMYSTO your loss LOL this game is epic

Avatar image for Talavaj

sounds like an inside job to scare people and make them "consider using the Authenticators" which translates as "consider buying the Authenticators for 6.50$ off our store"

or I'm just paranoid, but considering the amount of greed Blizzard has shown lately I wouldn't be surprised

your single player games charging you extra for better than abysmal account security, gaming industry is not going down the toilet, it's at the bottom of the cesspit already

Avatar image for jhonnybush

@Talavaj sad but probably true. I just got an email last week that my wow account was banned for suspicious 'gold selling' activity. Given the fact that i have not paid for an active wow account for over 18 months they either have serious flaws in their security systems or something even worse like you are suggesting

Avatar image for szafto

@jhonnybush that's just spam. not from blizzard lol

Avatar image for method115

@szafto haha yea like the "amazon order was canceled" emails. I havent ordered anything from amazon in months.

Avatar image for hassanem

this is happening because Blizzard made a mistake. Online gaming should be a choice, not the only way. now i cant play D3 on my laptop when there's no electric power, when other member of the family is streaming video on other pc, when the server is crowded, when..... etc. `~~

Avatar image for cirugo

gee, can't hack offline single player games...

Avatar image for sdsman

@cirugo I can't even buy this game because it requires an always on internet connection.

Avatar image for soap1mactavish

I am glad it didn't happened to me..!

Avatar image for -Unreal-

Someone tried to get into my account but I have it locked with an authenticator.

Avatar image for MasterDZ0522

I just got hacked. I'm 100% sure nobody had my password. How they got in, I have no clue. I'm just saying this is a serious issue. I wasn't so much hacked as had all of my items stolen off of my level 45 DH...

Avatar image for spoonybard-hahs


On rare occasions, it has happened. But when it did, I never said to myself, "Gee, this sounds like a horrible investment that I might regret later. But I'm still going to buy it. Even if I am right, I'll just get super-mad about it and then pirate the game just to show the publisher my disdain for them. Even though I already gave them a sale."

If you seriously cannot fathom the logical fallacy that this is, the problem isn't the industry.

Avatar image for Tongy26

Simple way to avoid account theft: don't give out your password to anyone.

No one is going to help you advance your character's level

No one is going to give you free content

Follow that one simple rule and you'll be fine. Don't blame Blizzard!

Avatar image for shadowhunter0

@Tongy26 but yet there are people accounts that still getting hack and they don't hand out their password even some of them have that stupid useless authenticator

Avatar image for cirugo


or don't buy games that require you to have an account and be online to play them...

Avatar image for Cru3lGam3r

@Tongy26 Seriously dude do you actually know what the Internet is here is one rule everything on the Internet is Hackable.

Avatar image for PadyEos

@Tongy26 No, if any hacker worth his salt will ever go after you you won't stand a chance. You guys have no idea what is out there.

Avatar image for PadyEos

@mnoi The game is susceptible to middleman attacks on the connection after you have logged in with you pass and aunthenticator so by basically duplicating the identification info of you computer and with the session ID from the game you are currently playing they can bypass the log-in process and jump straight into your game kicking you out. Authenticator made useless like a BOSS.

Avatar image for 100proofsoco

Just Say NO to DRM!

Avatar image for superspeed04

well gg blizzard after i don't know 15 years of playing online this is the first time i've EVER had an account hacked so thanks 45+ hours of gameplay on my demon hunter is gone.... just awesome....

Avatar image for -Unreal-

@superspeed04 Why is it Blizzard's fault?

Avatar image for PadyEos

@superspeed04 Don't worry, the demon hunter has been nerfed to near uselessness anyway :P

Avatar image for superspeed04

@PadyEos nerfing or whatever its just 45 to 50 hours of invested time that in no shape of form is gone because of me, some one or group has gotten my info and i have absolutely no idea and blizzard is just like spend money to get this even tho people still get hacked with it or try to call and their que is full so they basically say fu** off

Avatar image for shadowhunter0

@lonewolf1044 I know some pc nerds that has the best computer security and they also were using the authenticator and their accounts still got hacked so actually blizzard needs to address their security but they don't care their customers all they care about is money and they don't want to spend it to improve their security so the blame the users when if fact it is actually blizzard's fault

Avatar image for lonewolf1044

@PadyEos As long there is code, it can be hacked but keep in mind it better to have something in place, then nothing at all. If your system is not protected with the proper software or hardware, one has nobody to blame but them selves. However if someone was able to hack the authenticator, then Blizzard needs to address that issue that issue. Some people may not have too much knowledge about computer security and one should use a program that is going to protect the whole system.

Avatar image for PadyEos

@superspeed04 and still the fanboys don't believe anything. They are convinced a measly authenticator will guarantee them 100% protection when there are so many ways around them.

Avatar image for lindallison

Strange days when you can have your credentials stolen for trying to play a single player game....and Blizzard's auction house idea encourages hackers to steal your virtual stuff. Bizarre.

Avatar image for Ice-Cube

Keep away from shady sites, even the ones that may be offering advice on making money in Diablo 3. Stick to the forums/wiki, it's not hard to get a keylogger on your computer.

Also as PixelAddict said, it only takes a few minutes to setup an authenticator on your iPhone, iPod touch or other mobile devices.

It's terrible this has happened and I hope Blizzard takes more security precautions and hopefully think of new "Free" ways of security enhancement features for it's customers. The SMS feature is great but I myself don't own a phone (don't need one).

Avatar image for PixelAddict

Just downloaded the free authenticator app. Took 10 seconds and 2 minutes to set up.

I doubt Blizzard made millions off of this free transaction.

Avatar image for mnoi

@xenomessiah @PadyEos someone steals your phone, uses the authenticator to log into battlenet and then steal ur stuff. Bit of a longshot though.

Avatar image for fredwv

logged in last night. Toon was naked with zero gold and an empty inventory. Not happy...

Avatar image for shadowhunter0

@fredwv you got hacked

did you give away your account info or use the same passwords on other sites

Avatar image for PadyEos

@shadowhunter0 you don't say? I love it how the fanboys figure everyone who got hacked went round screaming they account details over the internet and that they are the only ones that know basic stuff like passwords and authenticators.

NEWSFLASH: There are so many ways to bypass the authenticators and the passwords you couldn't believe. Well you wouldn't believe it anyway since apparently you believe a measely authenticator will guarantee 100% account security. FACEPALM.

Avatar image for shadowhunter0

@lonewolf1044 I know pc nerds that got their account hacked and their computer wasn't infected hell one of them help me with the security on my computer so it is on blizzard side but they just don't care all they care about is money and in order for them to fix it it would cost them more money so they just blame the users

Avatar image for shadowhunter0

@PadyEos I know I was hoping that he would say no to prove that it is blizzards fault and what they are saying is a load of bull

Avatar image for lonewolf1044


Hackers do not necessarily need to access Diablo directly, if you have a infected computer from the start or a computerbot meaning your computer was infected even before Diablo was released hackers have almost total control of your computer and all that time you thought your computer was safe.

Avatar image for shadowhunter0

@RedMachine72 yeah and also it is anther reason among many to not buy this game or anything from blizzard

Activision has ruined blizzard and I knew it was going to happen

Avatar image for NeilCardiff


Activision are like EA, their short sighted corporate greed ruins everything they touch.

Avatar image for shadowhunter0

@NeilCardiff yup expect for that Activision is worse than EA

at least EA makes some good games not many though