YAY! Account Compromised.

Whiskey Tango · 05-22-2012, 10:45 AM

Havent been on a website other than Reddit and Edge Gaming since I installed the game. And I just look at cat pictures on Reddit...

They are saying that it is nothing on their end but I find that hard to believe. Just from an IT security perspective. When you have hundreds, maybe thousands, of people all having the exact same issue at the exact same time, it is usually something server side.

Branaddar · 05-22-2012, 11:25 AM

Yeah, my WoW account has been hacked 2-3 times over the years even though I constantly sweep my PC for virii/trojans with 3 different tools, never log into a site from an email, and never share my account info.

Heck, in one of the hack cases, I hadn't logged into the game (nor used my info to log into the account) in over a year, then suddenly one day I get an email that I am banned for suspicion of RMT.

I tried to tell them they have a hole somewhere, but they declined, saying I needed a stronger password. Apparently a 10-digit jumble of seemingly random letters and numbers with no phrases, words or significant pattern to it isn't secure enough, and someone guessed it.

Anyway, hope the rollback doesn't roll you too far back and good luck getting your stuffs back. (Not sarcastic or anything)

Whiskey Tango · 05-22-2012, 11:52 AM

Quote:

Originally Posted by Branaddar

Yeah, my WoW account has been hacked 2-3 times over the years even though I constantly sweep my PC for virii/trojans with 3 different tools, never log into a site from an email, and never share my account info.

Heck, in one of the hack cases, I hadn't logged into the game (nor used my info to log into the account) in over a year, then suddenly one day I get an email that I am banned for suspicion of RMT.

I tried to tell them they have a hole somewhere, but they declined, saying I needed a stronger password. Apparently a 10-digit jumble of seemingly random letters and numbers with no phrases, words or significant pattern to it isn't secure enough, and someone guessed it.

Anyway, hope the rollback doesn't roll you too far back and good luck getting your stuffs back. (Not sarcastic or anything)

I dont use an authenticator because I lost one once, I do use a digital keypad so they cant record my password even if I did have a keylogger. The fact that they can say for certainty that it wasnt on their end also makes me distrust them. There is no way that in less than 24 hours they were able to determine they had no holes in their security.

Punch2Face · 05-22-2012, 12:34 PM

Lol yeah Blizzard is kinda gay like that. I use the authenticator app on my iPhone and it works great. My old WoW account got hacked after me not logging in for over 2 years, found out because one of my friends I played with saw me standing in Dalaran and sent me a text asking if I was playing again. I don't use the battle.net account anymore and I made a new one with the mobile authenticator on it.

I know that Vertago just posted something on the forums yesterday saying that there is in fact a hole that Blizzard is aware of (so they lied to you, basically) where you can watch session ID's of people in your game, allowing you to log into their account without even as much as a username or password. However, with an authenticator it will force them to have that code to get in (I believe).

Sucks you got hacked bro, hope everything works out!

Shiznoe · 05-22-2012, 01:08 PM

I am so sorry to hear that I hope this can be resolved!

IrateDonnie · 05-22-2012, 01:10 PM

Go check out the Diablo3 forums,there's all sorts of people with the same problem. There's a problem somewhere,I'm pretty sure of that. Luckily I haven't been hacked,but it could be because I've only played solo so far.

Logic Overflow · 05-22-2012, 10:39 PM

Quote:

Originally Posted by Punch2Face

Lol yeah Blizzard is kinda gay like that. I use the authenticator app on my iPhone and it works great. My old WoW account got hacked after me not logging in for over 2 years, found out because one of my friends I played with saw me standing in Dalaran and sent me a text asking if I was playing again. I don't use the battle.net account anymore and I made a new one with the mobile authenticator on it.

I know that Vertago just posted something on the forums yesterday saying that there is in fact a hole that Blizzard is aware of (so they lied to you, basically) where you can watch session ID's of people in your game, allowing you to log into their account without even as much as a username or password. However, with an authenticator it will force them to have that code to get in (I believe).

Sucks you got hacked bro, hope everything works out!

As I mentioned in the post, you MUST be sure you have the option to the authenticator prompt at every login. If not it will prompt only once a week and render it useless.

Cerv · 05-23-2012, 08:26 AM

Quote:

Originally Posted by Logic Overflow

As I mentioned in the post, you MUST be sure you have the option to the authenticator prompt at every login. If not it will prompt only once a week and render it useless.

This ^^

As for the authenticator and losing it, I use the phone app for 2 reasons;

#1 - It's free... can't get much better than that.

#2 - IT'S ON MY PHONE, I know I won't lose it. And from what I've read, the phone authenticator is a little more secure than the keychain fob or whatever you want to call it.

Get authenticators, people. If you have a smartphone, it's free, rendering you with absolutely NO EXCUSE for not having one. It's not inconvenient, or a hassle, it takes 5 seconds or less to punch in a code to make sure you're account doesn't get hacked. I've bee using it since they released it for WoW, and I've never had a problem with it.

Branaddar · 05-23-2012, 12:58 PM

If they make a BNet authenticator for Windows Phone, I'll get it. Otherwise, I'm not doing the physical. Too worried about lost/broken.

The way I found out my account had been hacked after I had been quit after 1 year was during Blizzard's big switchover to the BNet account system. There was a security hole being compromised during the process of merging a WoW account into an existing BNet account, letting anyone pick an account and attach it to their email.

Luckily, Blizzard saw that the email used was associated with RMT, so they shut that down fast and fired off an email. They flat-out denied the trouble was on their end. I told them I had bought two new machines since I last played WoW and had changed the password on the brand-new one before cancelling the sub.

Thing is, in 90% of the cases probably, it is the user's fault. I'm not saying any of you guys by any means. But the average WoW gamer knows little about computer security, and just instantly assumes they were hacked. So CS is told to stick to "not our fault" until their tech team discovers any issues, at which point it's announced somewhere. They are not qualified to gauge hack vs password steal.

It makes an unfortunate mess of their reputation when a security hole is present and people are all "toldja so!"

Snipeye · 05-24-2012, 10:39 AM

@Logic Did some research into it, and while D3 will only prompt for it once a week, if you try to log in with a different computer than the one that you did with the authenticator, it'll reprompt you to log in with an authenticator (or at least, that's how it's supposed to work).

For some of the people who's accounts were hacked with an authenticator, it appears that they were using a dial-up authenticator, which doesn't work with D3.

"Dial-in authenticators won't work with Diablo III. They're quite limited and do not take the place of a regular standalone or mobile authenticator at all. They're just a supplement to security; an added measure, but currently not for Diablo III."

http://us.battle.net/support/en/arti...icator-faq#q-7

http://us.battle.net/d3/en/forum/topic/5270830422