Blizzard Looking Into Hacked Diablo III Account Claims

May 22, 2012 -

A number of Diablo III players have claimed that they have logged into their accounts and found that they have been hacked. Players claim that their gear, characters, and gold vanished without a trace. Blizzard Entertainment says that it is taking these reports "very seriously" and is looking to what exactly is going on. Other reports have indicated that this was being caused by some sort of bug.

"Historically, the release of a new game - such as a World of Warcraft Expansion - will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III," Community Manager Lylirra said on the community boards. "We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe."

One thing that many players are finding to be frustrating is that Blizzard's authenticators haven't protected their accounts. The authenticators are supposed to add an extra layer of security via a phone number or through iPhone and Android apps. The authenticator works by generating a unique code tied to your account that expires within two minutes every time a user tries to log in.

Blizzard rejects the idea that the authenticator isn't working:

"We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring," said Blizzard community manager Bashiok. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."

If you have had your account hacked, IGN has some advice to help you deal with the situation here.

Source: IGN by way of Andrew Eisen.


Comments

Re: Blizzard Looking Into Hacked Diablo III Account Claims

Blizzard has some significant issues taking responsibility for their own security systems.

I haven't played WoW in YEARS, haven't had it installed on my computer for years, and in fact hadn't played a single Blizzard games for almost a year. Then when I go to register Diablo 3 I'm told my WoW account was suspended for being hacked. Not my Battle.net account that was fine, no problems registering or anything...JUST my WoW account.

Now how did that happen? Blizzard's answer was to blame me, and when I asked how the account could have possibly gotten hacked from my end when I hadn't even had the game on my computer for several years and in fact and completely reinstalled my OS since then (meaning there wasn't even residual data from the game on my computer). Blizzard support staff literally said "While we cannot think of a way in which your account could have been compromised there are several ways in which an account could be compromised by the user." And then proceeded to list several ways my account could have been hacked on my computer...EVERY ONE OF WHICH would have AT LEAST required the game to actually BE on my computer many of which would have necessitated I actually log into the game or respond to an email requesting my account information (Which I have NEVER done).

They were EXCEEDINGLY unhelpful until I started signing my emails back with "Esquire" after my name (I am an attorney). I didn't change anything I said in the emails, didn't threaten any kind of legal action, merely put "My Name, Esquire." And suddenly I'm talking to some kind of supervisor who suddenly became MUCH more helpful (This is AFTER my requests to speak with/correspond with a supervisor were already ignored/denied previously).

Blizzard's tactic with account compromises definitely seems to be a "We'll help you get your account back...but no matter what IT IS YOUR FAULT. NEVER our fault."

Re: Blizzard Looking Into Hacked Diablo III Account Claims

Give me a goddamn offline mode, or just let me upload my character if I want to use them online.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

This all really isn't going well for Blizzard is it?

Either there are lots of people out there who have a very lax attitude towards security on their own computers, or there is a problem that has yet to surface in the Servers.

My overall feeling is that I an uncomfortable with the company itself holding my data and dictating when the situation is 'suitable' to play a game I own based on the availability of the server, at least I only have myself to point fingers at if data is stolen from my own computer. However, without knowing more about the situation, I really can't say whether this is directly attributable to that system.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

Given my experience doing tech support (whether willingly or because I got dragged into it), I can promise you that there are indeed far too many people with a "very lax attitude towards security".

Re: Blizzard Looking Into Hacked Diablo III Account Claims

One thing that many players are finding to be frustrating is that Blizzard's authenticators haven't protected their accounts.

Despite the claims and theories being made...we have yet to investigate a compromise report in which an authenticator was attached beforehand.

Yes, if you don't actually have an authenticator on your account, that does tend to keep it from protecting you.

 

Re: Blizzard Looking Into Hacked Diablo III Account Claims

I don't play WoW, so I have only peripheral knowledge of these authenticators. But that I might need one of these to play a single player game!?

And how many people are going to know that they need an extra layer of BS just to play a game?

Re: Blizzard Looking Into Hacked Diablo III Account Claims

The authenticator takes one of two forms. Either a keychain device, or a mobile phone app.

 

It generates a random code in sync with a remote server, and when you log in you enter this code as the final part of the login process. And if someone tries to decompile the software, it more or less self destructs.

It's act

Acually a LOT less of a headache than I thought it would be.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

That actually sounds like a pain in the butt. So on top of my usual user name and password, I have to also retrieve and enter some random string from the server. Wow.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

Well, for one thing, Diablo 3 is pretty clear about not being a strictly single-player game. They put a lot of effort into making the multiplayer front and center -- you can choose to ignore it if you want to, but that's doesn't make it not exist.

A bit OT, but I keep getting the feeling that 99 percent of the complaints about Diablo 3 would vanish if had been titled "Diablo Online", with no changes whatsoever made to the actual game.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

The game is not called Diablo Online. It is called Diablo 3. It has a single-player campaign.

If I wanted to jump through flaming hoops I'd go find a circus to join.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

That may be true. However, there would still be a very vocal group of Diablo Fans still complaining that they turned their favorite offline hack and slash game into a MMO.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

agreed, i'm sick of these whiners complaining about not being able to play offline.

They warned you a year in advance. If you dont' like it, don't buy it, don't play it. Just leave everyone else alone.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

Yes, they made it clear a year ago, and people thought it was bullshit. Time has not lessened the rating on the bullshit-o-meter.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

That's exactly what I did. I did not buy Diablo 3. I also didn't buy Starcraft 2 for the exact same reason. However, my complaint about the always online DRM is still valid as I would be more than willing to buy both games if there was a fully offline single player mode. That is my demand if Blizzard wants to see my money. In the mean time, I will continue to be content playing Warcraft 3, Starcraft and Diablo 2 with all their offline, LAN and mod capabilities. Because of those three features, they remain the superior games.

Also, people with valid concerns and complaints are not whiners. They are upset customers or potential customers who feel the product is not what they have come to expect based on previous entries i the franchise. You having a different opinion does not make them wrong.

Re: Blizzard Looking Into Hacked Diablo III Account Claims

Well if this ends up being true, another strike against their always-online decision. :/

Re: Blizzard Looking Into Hacked Diablo III Account Claims

Honestly, I'd rather learn that my system had been keylogged by discovering a missing Diablo 3 character than by discovering my checking account was missing funds.

 
Forgot your password?
Username :
Password :

Poll

Should 'Hatred' have been removed from Steam Greenlight?:
 

Be Heard - Contact Your Politician