I have not purchased the game yet because I decided to let the dust settle and work on something else for awhile. Tell ya what. GO to the game hit the public chat channels and chat awhile. While you are there right clicky on some people and tell me what you get back.
I still think the hole is in chat not in public games.
I doubt it's all Blizzard's fault, but to claim that none of it is their fault is a bit much. They can't stop it completely, but there are plenty of things to make themselves and their customers less of a target without having to reach the automatically include an authenticator level, both on the prevention side and on the punishment side, especially on the punishment side. Right now, everyone knows that even if they get caught, the worst that will happen is that their current account is banned, and they simply have to open a new one. There doesn't seem to be any real deterrrent to make the scammers and hackers think twice, and this is going to be a huge problem they need to contain before introducing the RMAH. Even if it only effects a small percentage of accounts, all it takes is one or two accounts involving significant amounts of real money, and they are going to have a PR nightmare on their hands.
I believe it was Final Fantasy 11 that had a very simple solution to getting around the keyloggers. When you went to type in the password, it pulled up a keyboard on the screen, and you could click on the keys to enter your password. No using the keyboard, so no benefit to keyloggers. This seems like a reasonable solution that would go a long ways toward reducing the problem without causing anyone that much of a headache.
Yeah ok Blizzard. I like your games but your business practices are just poor as hell. It is so much easier to blame the next guy when Diablo 3 has a ton of issues right now.
blizzard never cares for player unless u play subs and eventho not very helpfull,they just care about taking money from the comunitie and make money .
and for theyr free games(f2p) they dont care about hacks its not like thay really going to spend money trying to fix things they just wanna gain not to lose
The best thing you can probably do is use a different username and password than anything else you use on the net. Or for anything. Period.
Your games should have their own unique username and password. Dont use it for anything else other than that. Ever. Most people buy digital copies these days, but I still like boxes. I always took a peice of paper, wrote my username and password on it, and shoved it in the box in case I forgot, but regardless, game companies will usually e-mail your info if you only ask .
But using just one, or a couple of usernames and passwords for everything on the net and your online games too? Not the best of ideas. You could probably get away with that too but its better to just not.
If you just suddenly created a username and password for D3 that you have NEVER used before with anything else, ever? You're probably in good shape or at least from my experience you could be.
Also get a good free virus protection software like Avast. Use it to do a boot time scan about once a week or so. Stay away from strange sites you dont trust. I watched a GW2 live feed of their beta weekend on some streaming site I didnt know. It was linked here on mmorpg.com in a forum. Malware comes in through Java and infects Adobe. Then it infected everything else before I even knew what it was. Crashed my whole system and I had to eventualy format and reinstall the whole OS.
Be careful out there.
On a side note, an authenticator? If thats really needed, and I dont think it is, then it should be included in the box. I shouldnt have to go buy something just so my account is semi secure. That just doesnt seem viable to me. If it really were that bad of a problem, then I shouldnt have to pay extra to solve it.
Honestly with the RMAH Blizzard was obligated to include an authenticator with purchase. Not doing so is going to make them liable down the road should someone lose items/in game currency that is worth a hefty amount of rl currency.
Other game companies have taken big hits over issues like this. Blizzards only way of covering their arses was to include 1 authenticator with purchase this way they get to say they took every concievable pre-caution in protecting other peoples property since it has real life monetary value.
They did not though and are likely relying on a flimsy terms of service that has yet to be effective in keeping other companies from getting hit hard by lawsuits about the above.
Blizzards big mistakes were ..
1) Not including an authenticator to cover their arses.
2) Allowing people to pull cash out of the RMAH system.
Those things combined can lead to a very bad day down the road lol.
A hell lot of people who bought Diablo 3, also played previous games and most likely already have an authenticator! Like me and everyone else I know who play games.
So why would I need another authenticator? Every time you log into Battle.net you get face smacked regarding secuirty and the authenticator!
Every local gamestore also sells them for just 5 bucks! Gamestop stores have them hanging in the shelves right next to Blizzard's games.
You must be really blind to miss all this.
1) I didn't say include one just for JeroKane.... sorry if I some how made it seem like I did.
2) I didn't ask if anyone sold the authenticators, I simply stated that it can likely bite then on the rear later down the road by not making it standard to send an authenticator with the game due to the nature of the game.
Honestly with the RMAH Blizzard was obligated to include an authenticator with purchase. Not doing so is going to make them liable down the road should someone lose items/in game currency that is worth a hefty amount of rl currency.
Other game companies have taken big hits over issues like this. Blizzards only way of covering their arses was to include 1 authenticator with purchase this way they get to say they took every concievable pre-caution in protecting other peoples property since it has real life monetary value.
They did not though and are likely relying on a flimsy terms of service that has yet to be effective in keeping other companies from getting hit hard by lawsuits about the above.
Blizzards big mistakes were ..
1) Not including an authenticator to cover their arses.
2) Allowing people to pull cash out of the RMAH system.
Those things combined can lead to a very bad day down the road lol.
A hell lot of people who bought Diablo 3, also played previous games and most likely already have an authenticator! Like me and everyone else I know who play games.
So why would I need another authenticator? Every time you log into Battle.net you get face smacked regarding secuirty and the authenticator!
Every local gamestore also sells them for just 5 bucks! Gamestop stores have them hanging in the shelves right next to Blizzard's games.
You must be really blind to miss all this.
1) I didn't say include one just for JeroKane.... sorry if I some how made it seem like I did.
2) I didn't ask if anyone sold the authenticators, I simply stated that it can likely bite then on the rear later down the road by not making it standard to send an authenticator with the game due to the nature of the game.
You can download a free authenticator for your phone.
I've said it before and I'll say it again, Blizzard has always had security issues. I know people and have read accounts of other people who make a living off of PC's that know how to stay secure and have still had their accounts stolen. I've had my WoW account stolen twice and I have never, not even once had my account violated in any other MMO and believe me except for those released this year I have played almost all the AAA titles.
Interesting example. Shipping authenticators with the box would add an extra layer of security against keyloggers.
Its your responsibility to protect yourself. No one else is responsible for your safety.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
Interesting example. Shipping authenticators with the box would add an extra layer of security against keyloggers.
Its your responsibility to protect yourself. No one else is responsible for your safety.
That's true, but how easy any given company makes it for you does matter, and Blizzard doesn't seem to do much at all; even simple little steps would go a long way to helping the customer and making themselves a smaller target.
Only account i have ever been hacked in is wow, never in l2/war/lotro/aion/pw/ddo/eq1/eq2/vg. I always thought it was people that didt handle theyr security properly but when it comes to blizzard i dont think this is the issue. It might be a problem only blizzard has becouse its so popular.
I know someone tryd to log into my d3 account as i had to type the authenticator again after that mass hack but they never managed to enter since i had this.
So according to blizzard supporters, the fact that over the past couple days large amounts of accounts(anywhere between 10k-100k) have been hacked, and we are not supposed to believe that blizzard deserves any of the blame?
I tend to be pretty safe and cautious on my computer AND no one else uses it, yet somehow my account on diablo got hacked and all my items and gold was removed.
I also have played numerous mmos and have never had an account hacked in any of them. My battle.net account ahs been hacked twice....
Ive changed passwords numerous times and just now added an authenticator but NO other game has made me have to do that. So please enlighten me blizzard supporters, why I should not blame blizzard whatsoever.
I logged off last night with my level 51 character on Nightmare mode in the last part of Sanctuary getting ready to beat it to go on to Hell mode.
I log on this morning and all my gold, items in storage and items on my character were gone. My character was back on Normal mode in Tristan with the beginning quest again. I submitted a trouble ticket and won't hear back for a couple of days or if at all.
There is no rootkit or other viruses, keyloggers or any kind of malware on my computer. I know about the fake Blizzard emails going around that are phishing scams.
I never have played co-op yet in Diablo 3 so those specualtions on how others can hack those on multiuplayer which I've read about cancels me out even if it is remotely true.
One of two things happened or both, who knows, 1. Blizzard has a major bug on their system causing these issues to a vast majority of people or 2. Professional hackers were able to compromise the Blizzard's servers.
Take your pick because it is one of these two or both. Blizzard is denying everything, go figure.
1. Do you have an authenticator?
2. Screenshot of your hacked characters as proof?
3. What Anti-virus suite are you using? Any anti-malware software? Is it current an updated? When did you last scan? Post some scan logs showing that your system is virus free?
4. Troll much?
I strongly disagree that Blizzard servers have been compromized specifically BECAUSE they're denying that they were. It would be very damaging for Blizzard to deny that they were hacked and then have someone post evidence of a compromise, especially where credit card info is involved. I also doubt that there is a severe bug in their systems causing all of these non-authenticated accounts to be compromised. The problem is more than likely one of those infamous PEBKAC issues.
You can't make user's smart, and you can't be playing mommy for the ignorant masses. Quit surfing pr0n/buying gold and you probably won't have these problems anyways.
Edit: Just to make it clear, I'm not saying Bliz is great on security or anything. The lack of brute-force protection and IP locking always irked me in WoW. In all fairness though, I played WoW from release to about a month into Cata and never had my account hacked once. Semi simple password that I never changed. I'm not the type to surf porn, buy gold or play around on shady websites though...
Interesting example. Shipping authenticators with the box would add an extra layer of security against keyloggers.
Its your responsibility to protect yourself. No one else is responsible for your safety.
That's true, but how easy any given company makes it for you does matter, and Blizzard doesn't seem to do much at all; even simple little steps would go a long way to helping the customer and making themselves a smaller target.
No. You just want free stuff.
They have already provided you a way to help make yourself a smaller target...buy an authhenticator.
This is what you get for not standing up and making companies understand that you dont want to be forced into having to play games online that dont need to be online just because they think they are somehow going to stop people from pirating their game...this is the bed you helped to make...lay in it.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
I logged off last night with my level 51 character on Nightmare mode in the last part of Sanctuary getting ready to beat it to go on to Hell mode.
I log on this morning and all my gold, items in storage and items on my character were gone. My character was back on Normal mode in Tristan with the beginning quest again. I submitted a trouble ticket and won't hear back for a couple of days or if at all.
There is no rootkit or other viruses, keyloggers or any kind of malware on my computer. I know about the fake Blizzard emails going around that are phishing scams.
I never have played co-op yet in Diablo 3 so those specualtions on how others can hack those on multiuplayer which I've read about cancels me out even if it is remotely true.
One of two things happened or both, who knows, 1. Blizzard has a major bug on their system causing these issues to a vast majority of people or 2. Professional hackers were able to compromise the Blizzard's servers.
Take your pick because it is one of these two or both. Blizzard is denying everything, go figure.
Get an authenticator. apps can't find a keylogger until they have the definition of it.
Interesting example. Shipping authenticators with the box would add an extra layer of security against keyloggers.
Its your responsibility to protect yourself. No one else is responsible for your safety.
That's true, but how easy any given company makes it for you does matter, and Blizzard doesn't seem to do much at all; even simple little steps would go a long way to helping the customer and making themselves a smaller target.
No. You just want free stuff.
They have already provided you a way to help make yourself a smaller target...buy an authhenticator.
This is what you get for not standing up and making companies understand that you dont want to be forced into having to play games online that dont need to be online just because they think they are somehow going to stop people from pirating their game...this is the bed you helped to make...lay in it.
I didn't help make the bed. I have yet to buy the game because they haven't convinced me it's worth it just yet. And I'm not looking for free stuff either. If the authenticator is truly that necessary, it should be considered part of the game, and the cost of it treated as such, not as a separate item. Also, the authencticator is just one way of solving the problem, and doens't even really attack the root cause. It makes the individual customer a smaller target within the bulls-eye that is Blizzard, but until they reduce their own target size, it won't really solve the ongoing problems. I find it hard to beileve that Blizzard can't find someone to come up with up to half a dozen ideas that would be fairly easy to implement and low key enough that they woudn't irritate the people affected by them that woud greatly reduce their problems. Heck, simply appearing proactive would by itself be a major step forward that would reduce the target considerably compared to their current stance of "we don't know, care, or have any interest in worrying about it."
Seatbelts are not optional when you pruchase a car, if you put them on, thats another question.
A company has to offer adequate -free- protection to the consumer of their product.
Blizzard has to offer a free and universal (smartphones, not everyone has them) security-solution to their consumers.
It doesn't need to be authenticators, it can be as easy as Steamguard or the google authentication.
Else, where do you draw the line of customer responsibility?
Is it when you had your computer secured with a military encryption?
What exactly is "reasonable"?
Not every consumer of yours is a computer-whiz and aware of the dangers. As a company you have to provide the necessary precautions so even the dumbest of your clients is secure if they provide a paid service.
Seatbelts are not optional when you pruchase a car, if you put them on, thats another question.
A company has to offer adequate -free- protection to the consumer of their product.
They did, it's called a login name and password. Like you said, it's up to you to put the seatbelt on... Strong passwords and safe surfing are the buckle.
Oh trust me i agree with you on their business practices at Blizzard, however their authenticator for phones, itouches and ipads is free.
Tho, I have to bring this up, if they didn't make D3 persistantly online under the lie that somehow it was simply to kill off the gold farmers (as opposed to their real position of absolute greed) then they probably wouldn't be having this issue now would they. hmmm... nope.
I think Blizzard could do a bit more with security, at least with the login. I cannot stand games that make me login with my email. My email is very easy to figure out and once someone has that, they have got part of the login already. A set username would be more secure imo, like it used to be before the battle.net merge. Also, battle.net does not recognize the difference between uppercase and lowercase letters in the password string. If you enter uppercase laters for your password, they are converted to lowercase when sent to the server. So this password 'HaCk' is the same as 'hack'. Maybe that only helps when the pw is being brute forced, but surely it couldn't hurt to allow for case sensitivity.
Ultimately though, the blame is on us. We need to use more varied passwords on various sites and be more careful with how we surf the web. To be honest I think a lot of the accounts were comprised with data stolen from other databases/websites, not Blizzards.
I will say this however, my WoW account was comprised a couple/few years ago. It was not long after the WoW account/battle.net merge. How it happened? I don't know but I blame myself. It's the only game account out of the hundreds (I have played a lot games!)I have that has been comprised. Since then I have been much more careful with passwords/usernames and haven't had a problem since. The free authenticator ofc helps as well.
I logged off last night with my level 51 character on Nightmare mode in the last part of Sanctuary getting ready to beat it to go on to Hell mode.
I log on this morning and all my gold, items in storage and items on my character were gone. My character was back on Normal mode in Tristan with the beginning quest again. I submitted a trouble ticket and won't hear back for a couple of days or if at all.
There is no rootkit or other viruses, keyloggers or any kind of malware on my computer. I know about the fake Blizzard emails going around that are phishing scams.
I never have played co-op yet in Diablo 3 so those specualtions on how others can hack those on multiuplayer which I've read about cancels me out even if it is remotely true.
One of two things happened or both, who knows, 1. Blizzard has a major bug on their system causing these issues to a vast majority of people or 2. Professional hackers were able to compromise the Blizzard's servers.
Take your pick because it is one of these two or both. Blizzard is denying everything, go figure.
Make sure you are logging into the correct region. For some reason or another it has randomly switched for some people during a hotfix or maint. or something. Check your region because if you log into a different region (Americas, Asia, EU) you will have nothing.
Can't you use your mobile phone as authenticator anymore?
Yes you can.
Can I? I dont have a smart phone and dont need one. I have a basic cellular phone with text. I dont need to surf the web check emails or such on my phone. Can I still use this authenticator without a smart phone?
I do know one thing and my pc has the latest updates and virus protection. My buddies smartphone is easier to hack by far since they dont have any protection of any worth.
Can't you use your mobile phone as authenticator anymore?
Yes you can.
Can I? I dont have a smart phone and dont need one. I have a basic cellular phone with text. I dont need to surf the web check emails or such on my phone. Can I still use this authenticator without a smart phone?
I do know one thing and my pc has the latest updates and virus protection. My buddies smartphone is easier to hack by far since they dont have any protection of any worth.
You need a phone with either the Andriod operating system or iOs (Iphone) to use the authenticator.
Beyond that, using a crazy password that is ONLY used for battle.net and being very careful when viewing your emails should be enough. Surf the web responsibly
So according to blizzard supporters, the fact that over the past couple days large amounts of accounts(anywhere between 10k-100k) have been hacked, and we are not supposed to believe that blizzard deserves any of the blame?
I tend to be pretty safe and cautious on my computer AND no one else uses it, yet somehow my account on diablo got hacked and all my items and gold was removed.
I also have played numerous mmos and have never had an account hacked in any of them. My battle.net account ahs been hacked twice....
Ive changed passwords numerous times and just now added an authenticator but NO other game has made me have to do that. So please enlighten me blizzard supporters, why I should not blame blizzard whatsoever.
If blizzards servers were compromised they are legally required to inform their customers. This is why everytime there is a compromise the companies come out and fess up. Everytime it costs them money, but it would cost them even more money if they were to keep the compromise secret and it was found out.
Fact is 6.3 million people bought the game last week.
Assuming that is ONLY the people who bought the game, and not more, and assuming out of the 6.3 100k people were compromised.
Thats a .01% of the user base. If blizzards servers were compromised...we'd be seeing a far greater number of accounts compromised. Something in the neighborhood of a million or more. The servers would be offline and everyones accounts would be locked for security reasons.
If blizzard was compromised this would be a significantly greater issue. .01% of your users (and I personally think 100,000 is high) screams fishing, social engineering, keylogging, and forum database compromises not blizzard getting hacked.
**Edit Just to be clear Im not a blizzard or Activision fanboi. I personally despise activision and their business practices with their call of duty series. Blizzard is only marginally better. That being said lots of folks in this thread are saying a lot of things with out knowing the basics of internet security.
Comments
humm.
no one has proven that it is on Blizzards end.
I have not purchased the game yet because I decided to let the dust settle and work on something else for awhile. Tell ya what. GO to the game hit the public chat channels and chat awhile. While you are there right clicky on some people and tell me what you get back.
I still think the hole is in chat not in public games.
If you are interested in making a MMO maybe visit my page to get a free open source engine.
I doubt it's all Blizzard's fault, but to claim that none of it is their fault is a bit much. They can't stop it completely, but there are plenty of things to make themselves and their customers less of a target without having to reach the automatically include an authenticator level, both on the prevention side and on the punishment side, especially on the punishment side. Right now, everyone knows that even if they get caught, the worst that will happen is that their current account is banned, and they simply have to open a new one. There doesn't seem to be any real deterrrent to make the scammers and hackers think twice, and this is going to be a huge problem they need to contain before introducing the RMAH. Even if it only effects a small percentage of accounts, all it takes is one or two accounts involving significant amounts of real money, and they are going to have a PR nightmare on their hands.
I believe it was Final Fantasy 11 that had a very simple solution to getting around the keyloggers. When you went to type in the password, it pulled up a keyboard on the screen, and you could click on the keys to enter your password. No using the keyboard, so no benefit to keyloggers. This seems like a reasonable solution that would go a long ways toward reducing the problem without causing anyone that much of a headache.
blizzard never cares for player unless u play subs and eventho not very helpfull,they just care about taking money from the comunitie and make money .
and for theyr free games(f2p) they dont care about hacks its not like thay really going to spend money trying to fix things they just wanna gain not to lose
The best thing you can probably do is use a different username and password than anything else you use on the net. Or for anything. Period.
Your games should have their own unique username and password. Dont use it for anything else other than that. Ever. Most people buy digital copies these days, but I still like boxes. I always took a peice of paper, wrote my username and password on it, and shoved it in the box in case I forgot, but regardless, game companies will usually e-mail your info if you only ask .
But using just one, or a couple of usernames and passwords for everything on the net and your online games too? Not the best of ideas. You could probably get away with that too but its better to just not.
If you just suddenly created a username and password for D3 that you have NEVER used before with anything else, ever? You're probably in good shape or at least from my experience you could be.
Also get a good free virus protection software like Avast. Use it to do a boot time scan about once a week or so. Stay away from strange sites you dont trust. I watched a GW2 live feed of their beta weekend on some streaming site I didnt know. It was linked here on mmorpg.com in a forum. Malware comes in through Java and infects Adobe. Then it infected everything else before I even knew what it was. Crashed my whole system and I had to eventualy format and reinstall the whole OS.
Be careful out there.
On a side note, an authenticator? If thats really needed, and I dont think it is, then it should be included in the box. I shouldnt have to go buy something just so my account is semi secure. That just doesnt seem viable to me. If it really were that bad of a problem, then I shouldnt have to pay extra to solve it.
1) I didn't say include one just for JeroKane.... sorry if I some how made it seem like I did.
2) I didn't ask if anyone sold the authenticators, I simply stated that it can likely bite then on the rear later down the road by not making it standard to send an authenticator with the game due to the nature of the game.
You can download a free authenticator for your phone.
I've said it before and I'll say it again, Blizzard has always had security issues. I know people and have read accounts of other people who make a living off of PC's that know how to stay secure and have still had their accounts stolen. I've had my WoW account stolen twice and I have never, not even once had my account violated in any other MMO and believe me except for those released this year I have played almost all the AAA titles.
Its your responsibility to protect yourself. No one else is responsible for your safety.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
Yeah, just buy your items back!
That's true, but how easy any given company makes it for you does matter, and Blizzard doesn't seem to do much at all; even simple little steps would go a long way to helping the customer and making themselves a smaller target.
Only account i have ever been hacked in is wow, never in l2/war/lotro/aion/pw/ddo/eq1/eq2/vg. I always thought it was people that didt handle theyr security properly but when it comes to blizzard i dont think this is the issue. It might be a problem only blizzard has becouse its so popular.
I know someone tryd to log into my d3 account as i had to type the authenticator again after that mass hack but they never managed to enter since i had this.
So according to blizzard supporters, the fact that over the past couple days large amounts of accounts(anywhere between 10k-100k) have been hacked, and we are not supposed to believe that blizzard deserves any of the blame?
I tend to be pretty safe and cautious on my computer AND no one else uses it, yet somehow my account on diablo got hacked and all my items and gold was removed.
I also have played numerous mmos and have never had an account hacked in any of them. My battle.net account ahs been hacked twice....
Ive changed passwords numerous times and just now added an authenticator but NO other game has made me have to do that. So please enlighten me blizzard supporters, why I should not blame blizzard whatsoever.
1. Do you have an authenticator?
2. Screenshot of your hacked characters as proof?
3. What Anti-virus suite are you using? Any anti-malware software? Is it current an updated? When did you last scan? Post some scan logs showing that your system is virus free?
4. Troll much?
I strongly disagree that Blizzard servers have been compromized specifically BECAUSE they're denying that they were. It would be very damaging for Blizzard to deny that they were hacked and then have someone post evidence of a compromise, especially where credit card info is involved. I also doubt that there is a severe bug in their systems causing all of these non-authenticated accounts to be compromised. The problem is more than likely one of those infamous PEBKAC issues.
You can't make user's smart, and you can't be playing mommy for the ignorant masses. Quit surfing pr0n/buying gold and you probably won't have these problems anyways.
Edit: Just to make it clear, I'm not saying Bliz is great on security or anything. The lack of brute-force protection and IP locking always irked me in WoW. In all fairness though, I played WoW from release to about a month into Cata and never had my account hacked once. Semi simple password that I never changed. I'm not the type to surf porn, buy gold or play around on shady websites though...
No. You just want free stuff.
They have already provided you a way to help make yourself a smaller target...buy an authhenticator.
This is what you get for not standing up and making companies understand that you dont want to be forced into having to play games online that dont need to be online just because they think they are somehow going to stop people from pirating their game...this is the bed you helped to make...lay in it.
I hope we shall crush...in its birth the aristocracy of our moneyed corporations, which dare already to challenge our government to a trial of strength and bid defiance to the laws of our country." ~Thomes Jefferson
Get an authenticator. apps can't find a keylogger until they have the definition of it.
I didn't help make the bed. I have yet to buy the game because they haven't convinced me it's worth it just yet. And I'm not looking for free stuff either. If the authenticator is truly that necessary, it should be considered part of the game, and the cost of it treated as such, not as a separate item. Also, the authencticator is just one way of solving the problem, and doens't even really attack the root cause. It makes the individual customer a smaller target within the bulls-eye that is Blizzard, but until they reduce their own target size, it won't really solve the ongoing problems. I find it hard to beileve that Blizzard can't find someone to come up with up to half a dozen ideas that would be fairly easy to implement and low key enough that they woudn't irritate the people affected by them that woud greatly reduce their problems. Heck, simply appearing proactive would by itself be a major step forward that would reduce the target considerably compared to their current stance of "we don't know, care, or have any interest in worrying about it."
Seatbelts are not optional when you pruchase a car, if you put them on, thats another question.
A company has to offer adequate -free- protection to the consumer of their product.
Blizzard has to offer a free and universal (smartphones, not everyone has them) security-solution to their consumers.
It doesn't need to be authenticators, it can be as easy as Steamguard or the google authentication.
Else, where do you draw the line of customer responsibility?
Is it when you had your computer secured with a military encryption?
What exactly is "reasonable"?
Not every consumer of yours is a computer-whiz and aware of the dangers. As a company you have to provide the necessary precautions so even the dumbest of your clients is secure if they provide a paid service.
They did, it's called a login name and password. Like you said, it's up to you to put the seatbelt on... Strong passwords and safe surfing are the buckle.
Oh trust me i agree with you on their business practices at Blizzard, however their authenticator for phones, itouches and ipads is free.
Tho, I have to bring this up, if they didn't make D3 persistantly online under the lie that somehow it was simply to kill off the gold farmers (as opposed to their real position of absolute greed) then they probably wouldn't be having this issue now would they. hmmm... nope.
I think Blizzard could do a bit more with security, at least with the login. I cannot stand games that make me login with my email. My email is very easy to figure out and once someone has that, they have got part of the login already. A set username would be more secure imo, like it used to be before the battle.net merge. Also, battle.net does not recognize the difference between uppercase and lowercase letters in the password string. If you enter uppercase laters for your password, they are converted to lowercase when sent to the server. So this password 'HaCk' is the same as 'hack'. Maybe that only helps when the pw is being brute forced, but surely it couldn't hurt to allow for case sensitivity.
Ultimately though, the blame is on us. We need to use more varied passwords on various sites and be more careful with how we surf the web. To be honest I think a lot of the accounts were comprised with data stolen from other databases/websites, not Blizzards.
I will say this however, my WoW account was comprised a couple/few years ago. It was not long after the WoW account/battle.net merge. How it happened? I don't know but I blame myself. It's the only game account out of the hundreds (I have played a lot games!)I have that has been comprised. Since then I have been much more careful with passwords/usernames and haven't had a problem since. The free authenticator ofc helps as well.
Make sure you are logging into the correct region. For some reason or another it has randomly switched for some people during a hotfix or maint. or something. Check your region because if you log into a different region (Americas, Asia, EU) you will have nothing.
Can I? I dont have a smart phone and dont need one. I have a basic cellular phone with text. I dont need to surf the web check emails or such on my phone. Can I still use this authenticator without a smart phone?
I do know one thing and my pc has the latest updates and virus protection. My buddies smartphone is easier to hack by far since they dont have any protection of any worth.
You need a phone with either the Andriod operating system or iOs (Iphone) to use the authenticator.
Beyond that, using a crazy password that is ONLY used for battle.net and being very careful when viewing your emails should be enough. Surf the web responsibly
If blizzards servers were compromised they are legally required to inform their customers. This is why everytime there is a compromise the companies come out and fess up. Everytime it costs them money, but it would cost them even more money if they were to keep the compromise secret and it was found out.
Fact is 6.3 million people bought the game last week.
Assuming that is ONLY the people who bought the game, and not more, and assuming out of the 6.3 100k people were compromised.
Thats a .01% of the user base. If blizzards servers were compromised...we'd be seeing a far greater number of accounts compromised. Something in the neighborhood of a million or more. The servers would be offline and everyones accounts would be locked for security reasons.
If blizzard was compromised this would be a significantly greater issue. .01% of your users (and I personally think 100,000 is high) screams fishing, social engineering, keylogging, and forum database compromises not blizzard getting hacked.
**Edit Just to be clear Im not a blizzard or Activision fanboi. I personally despise activision and their business practices with their call of duty series. Blizzard is only marginally better. That being said lots of folks in this thread are saying a lot of things with out knowing the basics of internet security.