There are SO many arguments in this thread about whose fault it is that your account gets hacked...
Which is kind of sad because I think they COMPLETELY miss the point.
Why do you guys think D3 accounts getting hacked is "news?" Battle.NET accounts get hacked ALL THE TIME. You're not going to see all this discussion because someone's WoW account got hacked...trust me. It's like a daily occurence.
The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked. You simply weren't exposed to it at all.
But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO. Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.
So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player. Discussing who is at fault for the hacking is pointless, that's not what this is really about. This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.
No it's not, so get of your soapbox preaching about how the good old days with offline singe player were so much better. You started of good, with saying that it's about Battle.net accounts being compromised. Then you lost it again, because Diablo 1 and 2 weren't any better in that respect. If you played offline single player then your account was safe from this. But that's not what this thread is all about. Not everyone is like you and only plays it solo. Not everyone wants to. It's like you're saying that if there was a seperate single and multiplayer, this issue wouldn't matter at all, because people could just play the single player offline and risk free.
Well, I guess it's true for the small vocal minority that wants offline single player. Their accounts are at risk, if they don't pay any mind to their own security. That's their own responsibility though. However, if it matters that much, people shouldn't have bought the game at all, just out of sheer principle.
Why do you think people who only played the Diablo games single player are a vocal minority? Is it because you never saw them in any of your multiplayer games . I also don't play solo all the time, but I like the option, as do many other people.
Anyway, I really like D3, I'm having a blast with it. But that doesn't mean that I'm just going to overlook something that I feel is wrong with the game. It is possible to like one part of a game and dislike another. It doesn't always have to be black or white.
Wow hacking happened years ago and I changed 2 PCs in meantime. On top of that wow account was inactive for at least a year (on my side at least) when hacking happened.
I have said it before, so I will say it again! It doesn't even have to be your own PC.
If you have accounts on public forums / fansites and use the same password there, it is highly possible one of those sites have been comprimised.
As Battle.net and a lot of other account systems these days unfortunately use your email address as account name, they basically only need to get hold of your password.
That's why I am using authenticators on these account sites as extra layer of security.
If you don't want to pay for one, you can instead use the free software based authenticator.
Cheers
Im sorry dude but i dont have same account on public forums/fan sites etc I only make account where I have to. Even ppl with authenticators are reporting being hacked. I dont have authenticator yet but mine is on the way and if i get hacked again, with authenticator, than Im done with Blizzard.
The way hacking is done tells me that whoever is behind it is very well oorganized very methodical and knows exactly when ppl log off cause thats when they attack.
If hacking persists and Blizzard does nothing D3 will die.
Please, people claim all kinds of crap. I can also say this:
I just installed Diablo 3 on a PC I put together an hour ago, maximum secured, jsut for playing Diablo 3. I logged in, made a barbarian and suddenly I got kicked off! I logged back in and noticed that my freshly made barbarian had no more weapons equipped! Bloody hackers! I even have an authenticator!
I can say this, but it doesn't make my story true. Mosts posts are like this. It's never the fault of the one whos account got compromised, of course not. It's the evil company that made the game! Like I said, people can make claims all day long, but suprisingly almost no one backs it up with proof. Even the Youtube video floating around proofs nothing more that accounts got compromised and looted till they're empty. The same thing that happens in almost every MMO out there.
All Im trying to say is that someone well organized is behind this hacking wave. So much (hacked) info you have to go through, so many ppl hacked so fast etc...
Blizzard acknowledged ppl being hacked and say nothing appears wrong on their side. Fine.
I just hope you are right when you said ppl are probably lying about being hacked with authenticator. Authenticator is my last hope.
There are SO many arguments in this thread about whose fault it is that your account gets hacked...
Which is kind of sad because I think they COMPLETELY miss the point.
Why do you guys think D3 accounts getting hacked is "news?" Battle.NET accounts get hacked ALL THE TIME. You're not going to see all this discussion because someone's WoW account got hacked...trust me. It's like a daily occurence.
The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked. You simply weren't exposed to it at all.
But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO. Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.
So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player. Discussing who is at fault for the hacking is pointless, that's not what this is really about. This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.
You miss one point as well thou. Blizzard would rather have us (players) paying for game and getting hacked (online version only) than us (players) hacking game and playing for free (off line version).
Yeah because pirating just destroyed Diablo II right? The game was in the Guiness book world of records as the fastest selling computer game EVER when it came out, and it sold over four MILLION copies, and that was back in 2000 when the gaming market is not nearly as big as it is now.
Look, I don't condone piracy, but I think we need to stop acting like it's destroying the industry because there is really no evidence to back that up. I am all for DRM like Steam that really isn't ultra-intrusive (of course, opinions may vary), but I have to draw the line at a non-MMO game that requires a server connection 100% of the time to play.
It's just draconion and unnecessary. And TBH, I'm pretty sure piracy isn't the main driver for this always online thing. That would probably be the RMAH.
Hackers were not fast enough with D2 crack (same with D3) but most games get hacked before they hit stores. Very bad for business. I like off line play too and hate always on line but thats better than some crazy anti-hacker protection software that can mess up your PC and on top of that still cant do its job and game in the end gets hacked anyway.
Originally posted by Souldrainer You try something. Play D3 for one hour in a party. Then try an hour solo. Get booted in solo mode? You know why? Because b.net opens port 80 for parties and closes it when solo. This same port is the one that people use to steal your passwords. This whole setup of requiring port 80 open is a ploy to sell authenticators: No question!
You know what else opens port 80?
Web browsers.
Oops... one word was typed wrong... meant to type "forward" instead of "open." My computer is the obly reasonably secure one on my network, so I refuse to do port forwarding for one game. It's extremely fishy to me that Only Blizzard requires this kind of weird security flaw to run its games.
I'm sorry to keep spamming this thread, but this type of thing is very important to me.
I have just confirmed that incgamers (they have a very large diablo fansite) was hacked on may 18th. Their username/pw database was compromised.
Now this may not be the source of the attacks, and even if it is it probably isn't the only source but regardless:
IF YOU USE THE INCGAMERS WEBSITE AND ESPECIALLY IF YOUR PASSWORD IS THE SAME THERE AS IT IS FOR BATTLE.NET PLEASE PLEASE PLEASE PLEASE PLEASE PLEASE
CHANGE YOUR BATTLE.NET PASSWORD!
Even so lets pretend this is how usernames and passwords were obtained.
If I gave you my username and password and had an authenticator attached to my account you still cannot log in. The amount of people hacked with authenticators flys in the face of this sort of exploitation. Also Blizzard is telling some of these people that their account has not been logged into yet all their stuff is missing. It just doesn't add up is all.
Well if you have an authenticator on your account you won't mind telling me your username and password, will you?
Everyone knows that when accounts get stolen 99.9% of the time it is the users own fault. Everything in that article is speculation.. words like 'suggested' are evidence that the whole article is completely factless. Even the word 'hacked' isn't accurate right now because no one knows why those items went missing.
Well....honestly I think its more to do with the Battle.Net system than the user. The reason I say this, I had/have a WoW account for 4 years (from Launch),and as soon as they switched to the Battle.Net for WoW my account got hacked 3 times in 6 months,and im a very well versed user.
Agree with that. I never had any problems with wow account, until bliz start using battle.net.. after that, my account got hacked...
Its pretty pointless to say that I dont click anythink like "get free gold" or use same psw .. and so on, coz most of ppl on forum will simply say its my fault anyway.
Im a big bliz fan, have like all their games. But the thing with acounts beeing hacked right after your not beeing active for some time is sad. But its exactly what is happening.
Everyone knows that when accounts get stolen 99.9% of the time it is the users own fault. Everything in that article is speculation.. words like 'suggested' are evidence that the whole article is completely factless. Even the word 'hacked' isn't accurate right now because no one knows why those items went missing.
Well....honestly I think its more to do with the Battle.Net system than the user. The reason I say this, I had/have a WoW account for 4 years (from Launch),and as soon as they switched to the Battle.Net for WoW my account got hacked 3 times in 6 months,and im a very well versed user.
Agree with that. I never had any problems with wow account, until bliz start using battle.net.. after that, my account got hacked...
Its pretty pointless to say that I dont click anythink like "get free gold" or use same psw .. and so on, coz most of ppl on forum will simply say its my fault anyway.
Im a big bliz fan, have like all their games. But the thing with acounts beeing hacked right after your not beeing active for some time is sad. But its exactly what is happening.
There are other possibilities besides "IT'S ALL BLIZZARDS FAULT" or "IT'S ALL THE USERS FAULT"
Thank you all for your reports, and for your investment in account security. We're treating this situation very seriously and have been from the start. While we've investigated numerous reports of Battle.net and Diablo III accounts being compromised, we have yet to find any situation wherein a player's account was accessed outside of traditional compromise methods (that is, someone logging in with an account's login email and password). Additionally, while the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.
If you believe your account may have been compromised, please notify our support department as soon as possible. Contact information and instructions for account recovery can be found athttp://us.battle.net/en/security/help on our Blizzard Support page. We will do all that we can to assist.
I really wonder how much of this we'll see. Losing a peice of epic gear from a game is one thing, but having someone steal $20 worth of cash sellable gear is another in itself. The RMAH is going to give things like this a totally different perspective.
As pointed out on Monday, Diablo 3 players are reporting hacks on both sides of the authenticator fence. They have also been able to watch the hacking take place in real time while taking screenshots in the process. Even Examiner journalist Tara Swadley saw her gold and character items drained after using a Battle.net authenticator.
"This reporter, after having her own account with authenticator hacked, firmly believes this is a serious security breach on Blizzard’s side, though they either do not want to admit it, or are still unaware of the problem," she writes. As hinted to on Monday, there's speculation that this flood of hacking is just a prelude to what's to come once Blizzard launches the real-money auction house next week.
As pointed out on Monday, Diablo 3 players are reporting hacks on both sides of the authenticator fence. They have also been able to watch the hacking take place in real time while taking screenshots in the process. Even Examiner journalist Tara Swadley saw her gold and character items drained after using a Battle.net authenticator.
"This reporter, after having her own account with authenticator hacked, firmly believes this is a serious security breach on Blizzard’s side, though they either do not want to admit it, or are still unaware of the problem," she writes. As hinted to on Monday, there's speculation that this flood of hacking is just a prelude to what's to come once Blizzard launches the real-money auction house next week.
There was one issue with the authenticator that I ran in to. It wouldn't ask for the authentication code most of the time. You need to go to your battle net setting and force it to ask at each login. I don't have time to read her article, but authenticators only work if Blizzard forces them on each and every login.
I'm at least glad the hackers came out before the RMAH. Imagine if you had all of your cash spent on stupid items. Blizzard can't afford and won't underestimate this problem. If they release the RMAH before they have this pinned down they are in for a lot of trouble.
The hackers may not be as successfull with the RMAH simply because of the paper trail and the ability of PayPal to cancel a transaction once notified by Blizzard. The hackers chose a strange time to come out. They either are stupid or they were so afraid that Blizzard would patch a vulnerability that they decided not to wait for people to accumulate a lot more gold and stuff.
What's so strange is the number of people being kicked off while playing. Most of the people I know in the past weren't even online when the hack occurred. It could be a coincidence or there could be a vulnerability on the servers.
As pointed out on Monday, Diablo 3 players are reporting hacks on both sides of the authenticator fence. They have also been able to watch the hacking take place in real time while taking screenshots in the process. Even Examiner journalist Tara Swadley saw her gold and character items drained after using a Battle.net authenticator.
"This reporter, after having her own account with authenticator hacked, firmly believes this is a serious security breach on Blizzard’s side, though they either do not want to admit it, or are still unaware of the problem," she writes. As hinted to on Monday, there's speculation that this flood of hacking is just a prelude to what's to come once Blizzard launches the real-money auction house next week.
There was one issue with the authenticator that I ran in to. It wouldn't ask for the authentication code most of the time. You need to go to your battle net setting and force it to ask at each login. I don't have time to read her article, but authenticators only work if Blizzard forces them on each and every login.
I'm at least glad the hackers came out before the RMAH. Imagine if you had all of your cash spent on stupid items. Blizzard can't afford and won't underestimate this problem. If they release the RMAH before they have this pinned down they are in for a lot of trouble.
As far as I know they already posponed the RMAH till further notice.
PS. There is no proof as of yet that people using an Authenticator have been hacked. It's all hearsay so far.
Man, that always online DRM really looks like it's working at stopping hackers. Isn't it, guys?
It is meant to stop people hacking their own characters to ake them more powerful. But nice try on the spin attempt. A for effort.
You know, when I played Diablos I and II, my single player characters never had to deal with other people's hacked characters. Most importantly, I never once worried about my game being hacked and losing all of my items and gold.
As pointed out on Monday, Diablo 3 players are reporting hacks on both sides of the authenticator fence. They have also been able to watch the hacking take place in real time while taking screenshots in the process. Even Examiner journalist Tara Swadley saw her gold and character items drained after using a Battle.net authenticator.
"This reporter, after having her own account with authenticator hacked, firmly believes this is a serious security breach on Blizzard’s side, though they either do not want to admit it, or are still unaware of the problem," she writes. As hinted to on Monday, there's speculation that this flood of hacking is just a prelude to what's to come once Blizzard launches the real-money auction house next week.
There was one issue with the authenticator that I ran in to. It wouldn't ask for the authentication code most of the time. You need to go to your battle net setting and force it to ask at each login. I don't have time to read her article, but authenticators only work if Blizzard forces them on each and every login.
I'm at least glad the hackers came out before the RMAH. Imagine if you had all of your cash spent on stupid items. Blizzard can't afford and won't underestimate this problem. If they release the RMAH before they have this pinned down they are in for a lot of trouble.
As far as I know they already posponed the RMAH till further notice.
PS. There is no proof as of yet that people using an Authenticator have been hacked. It's all hearsay so far.
::sigh:: ::Dusts off the pic from the Real Id kerfuffle::
"You do it to yourself, you do And that's what really hurts Is that you do it to yourself Just you and no one else You do it to yourself You do it to yourself"
Maybe if these twonks would stop trying to be the Facebook/Twitter/Google of gaming and just go back to focusing on making GOOD games instead, they wouldn't get their teeth knocked out every time they turn around.
"Gypsies, tramps, and thieves, we were called by the Admin of the site . . . "
::sigh:: ::Dusts off the pic from the Real Id kerfuffle::
"You do it to yourself, you do And that's what really hurts Is that you do it to yourself Just you and no one else You do it to yourself You do it to yourself"
Maybe if these twonks would stop trying to be the Facebook/Twitter/Google of gaming and just go back to focusing on making GOOD games instead, they wouldn't get their teeth knocked out every time they turn around.
i recommend just staying away from gaming in multiplayer mode - and not buying gold. i can't imagine how anyone could hack my account if they dont know it exists...
It's interesting to me that this is happening when there are free ways of dealing with it. Heck even the authenticators are cheap and free delivery. So why are people posting about this again? It's the users fault if they get hacked at this point due to the security that Blizz emplemented. It really is. I'm not a Blizz fan when it comes to the direction their company is going but i have to say they did the right thing when it comes to security for their players.
So why isn't it mandatory then?
Free option requires recent models of mobile phones... not everyone has them.
So then everyone else has to pay for one.
You would think that they would offer a secure service as part of the whole $60 price tag. Seems reasonable to me at aleast.
They offer a secure system. I've never had an account stolen, hacked or wotever in 15 years. I worked as a computer tech for a while and let me tell you... most peoples computers are a mess. A massive trash of a mess. I have no doubt at all that people who lose accounts do so because they can't maintain a computer properly or click on things they shouldn't.
I'm in the same boat you are....
Except I think that if you are nickle and diming someone the way Blizzard is with making people buy authenticators to use their service securely, something is wrong with that. If you are going to make it a requirement to play on their servers even for single player games, you should probably make sure your system is very secure, otherwise you are inviting the very same kind of PR nightmare they currently are going through.
People NEED to understand, that to get into your Battle.net account, they NEED to know your password!
Blizzard isn't going to spread your passwords on the internet! Get a grip!
While name, address and email might be stored plain text in their database (as happens everywhere else), your password however is stored WITH encryption!
So hackers can't just breach / hack Battle.net and then retreive your passwords! Eventho PSN network was hacked (which has 10 times more users than Battle.net, the only usable stuff they got were email addresses from people which they could have sold on, resulting in more spam in your mailbox).
So the ONLY way your account can get hacked, is if the hacker managed to get your email address AND password!
A hell lot of people use the SAME password everywhere! Including fansite forums (which often use freeware solutions that are prone to security leaks and bad encryption...some don't encrypt passwords at all)! Not to mention that a lot of people are total cheapskates and buy online keys from Asian offgamer sites, which are KNOWN to be dodgy and use the SAME password there as well! You cannot make it any easier for a hacker that way!
And who says people like the OP didn't have a keylogger on their PC? How do they know?
You can run a virus scanner and anti-malware... yet most of these programs don't always automatically check your internet cookies!
A lot of people never bother to clean up their internet cache, history, cookies and stored passwords on regular basis!
I do it myself at least once/twice a week... depending on my internet activity.
Instead of immediately pointing the finger at Blizzard, wich is all too easy, trace back your own steps first. What have you been doing the past week or two? What have you installed? Wich sites have you visited? Wich sites do you have an account and using the same password? Etc, etc.
It's much more likely that hackers might have hacked one of the many fansites out there or managed to get a keylogger embedded via an Add or something, like happened to that fansite lots of US D3 players visited and got their account hacked shortly after!
Cheers
Look up session hijacking. If Blizzard has a hole in their security they wouldn't need to login. They just hijack your session from you and boot you from the server.
That is a whole different matter and would have nothing to do with Battle.net!
However it would be strange if Blizzard hasn't got this covered by their security messures! This is not easy to do!
Session hijacking often happens, when people use public computers like Internet cafes and are careless, by not clearing the browser cache before leaving and/or properly logging off, making sure their account info, etc isn't stored!
Session Hijacking via your home network is almost impossible, as they would need to know your IP address. Again they might get hold of this by hacking fansites that store IP addresses plain text in databases. But still most Providers have security messures in place to detect this.
But seriously tho... I have never heard about this happening in MMO's, especially not with people playing via their home network! Unless they have an open WiFi network with no password or even worse... have no firewall / NAT enabled on their internet router! You would seriously be suprised how many people don't know about this!
You list of all the ways the individual user should engage in some foresight (and all of them very sound), but how about some foresight on blizzard's part?
You obviously have technical knowledge. Congrats, you are part of the 1% of PC gamers, and the .0001% of PC users. I've given hundreds of little impromptu PC best practices behavior to people whose systems i've worked on over the past now 15 years. and people still keep making the same mistakes.
Most of the players of Diablo IIII are going to be technical idiots. So you need to take this into account when making your game, especially when you are going to mandate that they login and play online for even single player games. (those who play almost exclusively single player tend to be more ignorant). Otherwise, you are looking at a PR nightmare, and one that was entirely forseeable.
There was a guy that wrote a post on another forum about how he acquired thousands NCSoft accounts in one weekend.
I won't post the link here, because it gets a little bit descriptive of how he did it to the point where this post would probably get modded.
Also, I will note that this guy is not a "hacker" in the sense that he wasn't doing this maliciously. Just wanted to see what could be done. He submitted all of his data to NCSoft after they had a huge hacking fiasco. This was done to help them determine the amount of people using the same password for a fansite for the game they were playing.
.
First off, I would state that the methods this guy used are very basic and very legit. This is something anyone with a basic level of network security knowledge could accomplish.
I'll explain it in simple non-tech terms.
He, acquired a database of over 200,000 users from several fan sites. Remember, a real attacker is always going to take the path of least resistance. This would be much easier than hacking NCSoft's database as fansites are less secure and have less resources.
A portion of those passwords ( around 50k) were crackable. The passwords were encrypted in the database, but simple dictionary based passwords are vulnerable to cracking. I won't detail how he did it, but he was able to crack the weaker passwords.
He submitted the data of the cracked passwords to NCSoft to compare against their databases. It turned out that about 20% of the accounts on these fansites were using the EXACT same password for the fansite as they were for their game account.
20 FRIGGIN PERCENT. Imagine if he had a database of 1 million users? or 2 million? 20 percent of those would on average have the same freaking password for their game as they use for a vulnerable fansite.
So here's another twist to this story. A very popular Diablo fansite was being listed by google as having been infected with malware recently. It was incgamers diablo fansite I believe. This almost garuntees that they were compromised. They may not have been the only one.
So I have a question for those of you that got hacked. Are you in the 20%?
Occam's Razor would probably apply here. Your explanation being a lot simpler than session spoofing.
Comments
Why do you think people who only played the Diablo games single player are a vocal minority? Is it because you never saw them in any of your multiplayer games
. I also don't play solo all the time, but I like the option, as do many other people.
Anyway, I really like D3, I'm having a blast with it. But that doesn't mean that I'm just going to overlook something that I feel is wrong with the game. It is possible to like one part of a game and dislike another. It doesn't always have to be black or white.
Are you team Azeroth, team Tyria, or team Jacob?
All Im trying to say is that someone well organized is behind this hacking wave. So much (hacked) info you have to go through, so many ppl hacked so fast etc...
Blizzard acknowledged ppl being hacked and say nothing appears wrong on their side. Fine.
I just hope you are right when you said ppl are probably lying about being hacked with authenticator. Authenticator is my last hope.
Hackers were not fast enough with D2 crack (same with D3) but most games get hacked before they hit stores. Very bad for business. I like off line play too and hate always on line but thats better than some crazy anti-hacker protection software that can mess up your PC and on top of that still cant do its job and game in the end gets hacked anyway.
Would you rather they used UPnP for the ports?
didnt think so.
and this is why single player games should not be required to be online to play kids
Well if you have an authenticator on your account you won't mind telling me your username and password, will you?
Agree with that. I never had any problems with wow account, until bliz start using battle.net.. after that, my account got hacked...
Its pretty pointless to say that I dont click anythink like "get free gold" or use same psw .. and so on, coz most of ppl on forum will simply say its my fault anyway.
Im a big bliz fan, have like all their games. But the thing with acounts beeing hacked right after your not beeing active for some time is sad. But its exactly what is happening.
Man, that always online DRM really looks like it's working at stopping hackers. Isn't it, guys?
You have no idea what you are talking about.
I have gone through every single packet that gets sent by the game and received from the server during a public multiplayer game.
The session hijack thing is false. read some of my posts in this thread. You are wrong.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
There are other possibilities besides "IT'S ALL BLIZZARDS FAULT" or "IT'S ALL THE USERS FAULT"
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
Another Blue post on the matter
Thank you all for your reports, and for your investment in account security. We're treating this situation very seriously and have been from the start. While we've investigated numerous reports of Battle.net and Diablo III accounts being compromised, we have yet to find any situation wherein a player's account was accessed outside of traditional compromise methods (that is, someone logging in with an account's login email and password). Additionally, while the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.
If you believe your account may have been compromised, please notify our support department as soon as possible. Contact information and instructions for account recovery can be found athttp://us.battle.net/en/security/help on our Blizzard Support page. We will do all that we can to assist.
Additional security steps (which we highly recommend reviewing) are also available online. For more information visit: http://us.battle.net/en/security/checklist
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
It is meant to stop people hacking their own characters to ake them more powerful. But nice try on the spin attempt. A for effort.I really wonder how much of this we'll see. Losing a peice of epic gear from a game is one thing, but having someone steal $20 worth of cash sellable gear is another in itself. The RMAH is going to give things like this a totally different perspective.
i dont know what the issue is - but a journalist claimed she was using an authenticator, prehack
http://www.tomshardware.com/news/Diablo-3-Authenticator-Battle.net-Bashiok-Password,15724.html
As pointed out on Monday, Diablo 3 players are reporting hacks on both sides of the authenticator fence. They have also been able to watch the hacking take place in real time while taking screenshots in the process. Even Examiner journalist Tara Swadley saw her gold and character items drained after using a Battle.net authenticator.
"This reporter, after having her own account with authenticator hacked, firmly believes this is a serious security breach on Blizzard’s side, though they either do not want to admit it, or are still unaware of the problem," she writes. As hinted to on Monday, there's speculation that this flood of hacking is just a prelude to what's to come once Blizzard launches the real-money auction house next week.
EQ2 fan sites
There was one issue with the authenticator that I ran in to. It wouldn't ask for the authentication code most of the time. You need to go to your battle net setting and force it to ask at each login. I don't have time to read her article, but authenticators only work if Blizzard forces them on each and every login.
I'm at least glad the hackers came out before the RMAH. Imagine if you had all of your cash spent on stupid items. Blizzard can't afford and won't underestimate this problem. If they release the RMAH before they have this pinned down they are in for a lot of trouble.
The hackers may not be as successfull with the RMAH simply because of the paper trail and the ability of PayPal to cancel a transaction once notified by Blizzard. The hackers chose a strange time to come out. They either are stupid or they were so afraid that Blizzard would patch a vulnerability that they decided not to wait for people to accumulate a lot more gold and stuff.
What's so strange is the number of people being kicked off while playing. Most of the people I know in the past weren't even online when the hack occurred. It could be a coincidence or there could be a vulnerability on the servers.
As far as I know they already posponed the RMAH till further notice.
PS. There is no proof as of yet that people using an Authenticator have been hacked. It's all hearsay so far.
You know, when I played Diablos I and II, my single player characters never had to deal with other people's hacked characters. Most importantly, I never once worried about my game being hacked and losing all of my items and gold.
Is that author quoted above hearsay?
Maybe its all of those foreign gold farmers trying to get more gold to resell
::sigh:: ::Dusts off the pic from the Real Id kerfuffle::
"You do it to yourself, you do
And that's what really hurts
Is that you do it to yourself
Just you and no one else
You do it to yourself
You do it to yourself"
Maybe if these twonks would stop trying to be the Facebook/Twitter/Google of gaming and just go back to focusing on making GOOD games instead, they wouldn't get their teeth knocked out every time they turn around.
"Gypsies, tramps, and thieves, we were called by the Admin of the site . . . "
i recommend just staying away from gaming in multiplayer mode - and not buying gold. i can't imagine how anyone could hack my account if they dont know it exists...
I'm in the same boat you are....
Except I think that if you are nickle and diming someone the way Blizzard is with making people buy authenticators to use their service securely, something is wrong with that. If you are going to make it a requirement to play on their servers even for single player games, you should probably make sure your system is very secure, otherwise you are inviting the very same kind of PR nightmare they currently are going through.
You list of all the ways the individual user should engage in some foresight (and all of them very sound), but how about some foresight on blizzard's part?
You obviously have technical knowledge. Congrats, you are part of the 1% of PC gamers, and the .0001% of PC users. I've given hundreds of little impromptu PC best practices behavior to people whose systems i've worked on over the past now 15 years. and people still keep making the same mistakes.
Most of the players of Diablo IIII are going to be technical idiots. So you need to take this into account when making your game, especially when you are going to mandate that they login and play online for even single player games. (those who play almost exclusively single player tend to be more ignorant). Otherwise, you are looking at a PR nightmare, and one that was entirely forseeable.
Occam's Razor would probably apply here. Your explanation being a lot simpler than session spoofing.