Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

So somebody with a physical authenticator got hacked...

simplyawfulsimplyawful Los Alamos, CAPosts: 84Member

Or so it says here: http://us.battle.net/d3/en/forum/topic/5639234717?page=1

Anybody else found any other info on this? This is making me really worried, since I don't have an authenticator, but am somewhat experienced on a PC.

 

 

«1

Comments

  • possessed1possessed1 Strongsville, OHPosts: 36Member

    I think I've read of WOW players w/physical authenticators still getting their accounts hacked; nothing is 100% fool-proof, but w/authenticator, is less likely to be hacked than without.

  • jdnewelljdnewell Spring Hill, TNPosts: 2,150Member Uncommon
    Originally posted by possessed1

    I think I've read of WOW players w/physical authenticators still getting their accounts hacked; nothing is 100% fool-proof, but w/authenticator, is less likely to be hacked than without.

    This.

    With millions of accounts ( D3, SC2, WoW ) all on Bnet and people who's job it is to hack and steal gold / items then some people will get hacked regardless.

    I do feel for the people that this happens to for sure. But out of the millions if not 10s of millions accounts its a low % that actually do get hacked. And many of these can probably be attributed to keyloggers on their PCs, phishing emails, email hacks, ect.

    Nothing is hack proof, history has shown that time and again.

     

    I do wish blizzard would implement a "coin lock" feature like rift did. To me that would solve alot of the problem, not all, but alot IMO.

  • MaxJacMaxJac Another Dimension, CAPosts: 185Member

    Does Blizzard have a policy that restores stolen items/money or are players SOL? I have only had an account broken into once with them and it had not been active for about a year. A friend happened to be on and called me when he saw I had logged in, or so he thought. Short story, Blizzard support was quick to get him off and give me a new password before anything damaging was done. I wander what they would have done had damage been done though.

  • FlawSGIFlawSGI Woodstock, GAPosts: 1,379Member Uncommon
    Originally posted by MaxJac

    Does Blizzard have a policy that restores stolen items/money or are players SOL? I have only had an account broken into once with them and it had not been active for about a year. A friend happened to be on and called me when he saw I had logged in, or so he thought. Short story, Blizzard support was quick to get him off and give me a new password before anything damaging was done. I wander what they would have done had damage been done though.

    Same thing happened to me and yes they are pretty quick to repair the damage.  The guy that hacked me or whatever paid for a months time so my wife was able to log into my characters and look around. They not only fixed my character, but replaced stolen stuff from the guild bank. 

    RIP Jimmy "The Rev" Sullivan and Paul Gray.

  • RednecksithRednecksith Madison heights, MIPosts: 1,238Member

    There's still no proof, only hearsay. Your thread title is a bit sensationalist, don't you think?

  • DarkmothDarkmoth Pittsburgh, PAPosts: 174Member
    Originally posted by simplyawful

    Or so it says here: http://us.battle.net/d3/en/forum/topic/5639234717?page=1

    Anybody else found any other info on this? This is making me really worried, since I don't have an authenticator, but am somewhat experienced on a PC.

     

     

    You really should get an authenticator of some form. There are so many attack vectors that a "secure" PC is impossible to guarantee. I consider two-factor authentication to be the only reliable form nowadays.

    On another note, Ritf's "Coin Lock" feature should be mandatory for any AAA MMO going forwards.

  • KendaneKendane Las Cruces, NMPosts: 225Member
    Originally posted by lickm3

    [mod edit]

    Thats rather arrogant to blame every user. I never bought gold, nor did I fall for any of those painfully obvious philsing emails. I even regularly scan my computer for viruses. Most likely it went to wowwiki(didn't realize it was a bad site, shame on me) and they got in sometime between my virus scans. Most likely, you were just not unlucky,

  • lickm3lickm3 PilsenPosts: 150Member Uncommon
    Originally posted by Kendane
    Originally posted by lickm3

    [mod edit]

    Thats rather arrogant to blame every user. I never bought gold, nor did I fall for any of those painfully obvious philsing emails. I even regularly scan my computer for viruses. Most likely it went to wowwiki(didn't realize it was a bad site, shame on me) and they got in sometime between my virus scans. Most likely, you were just not unlucky,

     

    Don't forget to remind addons with phishing script inside

    “Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.”? -Albert Einstein

  • Ramonski7Ramonski7 Aurora, ILPosts: 2,656Member Uncommon
    Originally posted by simplyawful

    Or so it says here: http://us.battle.net/d3/en/forum/topic/5639234717?page=1

    Anybody else found any other info on this? This is making me really worried, since I don't have an authenticator, but am somewhat experienced on a PC.

     

     

    I got my WoW hacked a couple of years ago and Blizzard helped me retrieve some of the stuff I lost. So when I got it back I promptly installed a mobile authenticator for both mine and my wife's accounts. Smooth sailing since. I also signed up for the sms alerts when they became available. These steps are not 100% foolproof as I could still be hacked by someone with enough determination to do so. BUT what it does is add an aditional hurdle for attackers to jump to get to my accounts.

     

    But what people are doing when they start these unfounded rumors is NOT helping anyone. They are basically telling people who are trying to defend themselves that adding hurdles is a moot point. Why on earth would anyone who is against hacking spread such untruths? The only thing I can think of is there are people out there that have a vested interest in steering players away from getting authenticators, sms alerts and complex passwords.

     

    I would NOT be surprised that gold/account sellers have networks of people working for them to "convince" players to lower their defenses by claming Blizzard's sercurity measures have been compromised. And I damn sure would not be surprised if those campaigns originated in the gold/account selling capital of the world a.k.a. South Korea.

    image
    "Small minds talk about people, average minds talk about events, great minds talk about ideas."

  • DarkmothDarkmoth Pittsburgh, PAPosts: 174Member
    Originally posted by lickm3
    Originally posted by Kendane
    Originally posted by lickm3

    [mod edit]

    Thats rather arrogant to blame every user. I never bought gold, nor did I fall for any of those painfully obvious philsing emails. I even regularly scan my computer for viruses. Most likely it went to wowwiki(didn't realize it was a bad site, shame on me) and they got in sometime between my virus scans. Most likely, you were just not unlucky,

     

    Don't forget to remind addons with phishing script inside

     

    Or zero-day exploits.
     
    There was one particularly nasty one where showing a .png on your machine would give an attacker access:
     
     
    I defy the "I'm so careful" crowd to tell me they've never displayed a .png file in their browser.
  • xr00t3dxxr00t3dx Norcross, GAPosts: 275Member
    Originally posted by Rednecksith

    There's still no proof, only hearsay. Your thread title is a bit sensationalist, don't you think?

    It sure does. 

  • simplyawfulsimplyawful Los Alamos, CAPosts: 84Member
    Originally posted by Ramonski7

    I would NOT be surprised that gold/account sellers have networks of people working for them to "convince" players to lower their defenses by claming Blizzard's sercurity measures have been compromised. And I damn sure would not be surprised if those campaigns originated in the gold/account selling capital of the world a.k.a. South Korea.

     

       Actually that would be China. The average South Korean income is a bit too high to make it that popular there.

     

  • makiimakii noPosts: 280Member

    There are thousands of goldfamers that sell theyr gold for cheap to goldsites. Those sell it again for very expensive price.

    There are some ways ppl get hacked:

    1. They paid to powerlvl theyr account

    2. They gave theyr loging data to fake diablo 3 sites

    3.  They used same login data in Bot programms

    4. THE MOST COMMON WAY:

    THEY USE SAME LOGIN DATA as their account IN DIABLO 3 FANSITES, those sites get hacked alot, since they have no security!!!

    (100% proven in many different interviews with gold sellers)

     

    YOU CANT HACK AN ACCOUNT WITHOUT USERS *FAULT*!

  • ZebladeZeblade Colorado Springs, COPosts: 926Member

    you know Blizzard makes billions. Companys get hacked every day we never hear about. And dont think for one second Blizzard is some how better than anyone else. They never tell you nor will they. They bend the law like everyone else. If your in law enforcement you know this kind of thing happens none stop now days. And if you know what your talking about.. you don't need to hack someone computer to get their info..not any more. Its ALWAYS somewhere else.

  • FrodoFraginsFrodoFragins Manchester, NHPosts: 2,931Member Uncommon

    I'll reserve judgement until more info comes out.

  • JeroKaneJeroKane OsloPosts: 5,353Member Uncommon

    There are so many trolls out there that got their accounts hacked, think they are experts who strongly believe it's not their fault.... it ain't even funny anymore.

    Take this guy for example! Hilarious!

    http://eu.battle.net/d3/en/forum/topic/4551307023

    There has yet to be a single case confirmed regarding an account compromise that had a physical authenticator attached.

    Cheers

  • JimmydeanJimmydean Ypsilanti, MIPosts: 1,270Member

    RMT companies can finally run their businesses without worry of Bans and losing some of their investment. Of course they are going to do whatever they can to hack accounts and increase their profits.

  • Sigurd57Sigurd57 *, IAPosts: 347Member Uncommon

     

    I want to chime in here...

    First the facts:   

    • I play on a Mac Only.
    • I have an authenticator (physical, not dial in.)
    • I bought and played Diablo 3 on release.
    • I never played a Diablo 3 public game.
    • I haven't been logged into WoW since March 6th 2012.   (Account has been inactive since that date).

     

    Last week, I got hacked.   

    I got the email from Blizzard saying my WoW account had been Banned for exploiting the economy.   Typically, this gets written off as spam, but found out, "Oh sh*t this is real!"   So I thought to myself  "Wait a Minute?   My WoW Account is inactive + I have an authenticator, how could this be?"

     

    After putting in a ticket to Blizzard, they got back to me about 6 hours later.  Yes, my account had been compromised, yes, my WoW account had been raped, including the bank of the guild I used to belong to.  ALL WHILE INACTIVE.   (as in, the character couldn't be logged into to play.)

    No time was added to my account, no anything, yet they got in, had some fun, took everything, and did it all against a SECURED account. 

     

    In Diablo,  nothing was missing, however, when I logged back in I saw unfamiliar names in my "Recently Played" list.    So again, a ticket to Blizzard, where they acknowledge somebody had also infiltrated my Diablo account and they offered me a rollback.    

     

    Now, all of this while on an Authenticator.   The email account used with my Battle.net account is used for nothing else but Battle.net.   My password is random generated garbage and used nowhere else but the Battle.net account.

     

    In my many years of having an active WoW account, I've never ever been hacked, compromised or any problems.   Within 2 weeks of Diablo 3 being played, sh*t went wrong.   Very wrong.

    So coincidence?   Maybe.   But very unlikely.   Of course Blizzard would never admit to screwing up on the security side of things, but whatever is going on, is on their end.  

     

    To add to that fact, a friend of mine, who has not played WoW in almost 2 years, bought Diablo 3 on release, played, etc.. He's Authenticator'd too...   He just got his "Your Account Has Been Banned: Exploiting Economy Email"  last night.  

    He's at a @hotmail.com email thought, which I'm sure he uses for everything, so that doesn't help.  But again, coincidence?   Don't think so. 

     

     

     

     

     

     

    Hey TSW Players http://www.unfair.co/ for Mission guides, Lore Locations and stuff....

  • johnismejohnisme ladysmith, BCPosts: 71Member Uncommon

    Just curious,is it possible for a hacker to login to your account if they have a authenticator and your password as well?

  • kevjardskevjards carlislePosts: 1,463Member

    only ever been hacked once..that was lotro a few yrs back,and they got at me thru the forums..took the GM 30 mins to reinstate everything.i guess the more you put yourself about the more you become a target for these scumbags.i just hope there is such a thing called karma where they get what is coming to them for doing stuff like that.

  • Loke666Loke666 MalmöPosts: 18,041Member Uncommon
    Originally posted by lickm3
    Originally posted by Kendane

    Thats rather arrogant to blame every user. I never bought gold, nor did I fall for any of those painfully obvious philsing emails. I even regularly scan my computer for viruses. Most likely it went to wowwiki(didn't realize it was a bad site, shame on me) and they got in sometime between my virus scans. Most likely, you were just not unlucky,

    Don't forget to remind addons with phishing script inside

    The thing is that it is often the users fault but far from always and people tend to assume that everyone is a moron just because 90% of the players who got hacked bought gold or were scammed (90% is a guess without any fact to back it up but it is a large percentage).

    Diablo 3 will be the mostly hacked game ever since the hackers can sell the stuff for real money within the game. Every hacker in the world would like to get in on that.

    If indeed someone with a physical auth got hacked it is very bad news for Blizz.

    On the plus side is all your other games safe since they will focus on D3, but be sure to not have the same password for D3 as your MMOs.

  • majimaji ColognePosts: 2,003Member Uncommon

    Any security measure is only as useful as the user of it is intelligent.

    I don't use any authenticator and never got hacked in any game. In 99% of all cases, the person who got hacked simply did something stupid. I doubt this is any different in the mentioned case.

    Let's play Fallen Earth (blind, 300 episodes)

    Let's play Guild Wars 2 (blind, 45 episodes)

  • Sigurd57Sigurd57 *, IAPosts: 347Member Uncommon

    ... I love the user blame going on here.   Go back and read my post.   Sure, many users are stupid, I'm sure many of them have bought/ sold gold or something shady, HOWEVER - there is a legitimate problem present, and it all started with Diablo 3.

     

    Hell, they even acknowledged in the ticket response that they see all my logins and transactions are done on a Mac, so their suggestions of Malware scanning were not valid in my case.   

     

    They didn't really answer my question as to why a completely inactive account and character was accessed, stolen from and banned.   It seems they don't want to try to explain the logistics of that impossibility.  

     

    Regardless, I'll give them a +10 points for the speed and ease of resolution of this issue.  (start to finish in 6 hours)

     

    So blame whoever you want for whatever you want,  but this recent security breech is a Blizzard failing, having something to do DIRECTLY with Diablo 3 - end of discussion.

    Hey TSW Players http://www.unfair.co/ for Mission guides, Lore Locations and stuff....

  • skeaserskeaser Wichita Falls, TXPosts: 3,849Member Uncommon
    Originally posted by sigurd57

    Hell, they even acknowledged in the ticket response that they see all my logins and transactions are done on a Mac, so their suggestions of Malware scanning were not valid in my case.   

     .

    Mac has malware too! Look up flashback.

  • zymurgeistzymurgeist Pittsville, VAPosts: 5,215Member Uncommon
    Originally posted by sigurd57

     

    So blame whoever you want for whatever you want,  but this recent security breech is a Blizzard failing, having something to do DIRECTLY with Diablo 3 - end of discussion.

     You'll have to provide some sort of proof of that before I believe a word of it.

    "Strong and bitter words indicate a weak cause" ~Victor Hugo

«1
Sign In or Register to comment.