# Diablo 3 Accounts Being Hacked



## IBNobody (May 21, 2012)

*UPDATE 2:*

Blizzard 

From Bashiok:




> We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.
> 
> If your account has been hacked, please view the previous post for information on contacting our support department.



http://us.battle.net/d3/en/forum/topic/5149619846?page=29#571

----------------------------------

Apparently, there is a wave of account hacks going around for Diablo 3. Thieves are taking control of characters, looting all equipment, and stealing all their gold. Account stealing is old news with WoW, but it appears that there is more going on than just stolen passwords. Some are saying that it may be a session ID hack or a server-side hack.

Hacked users log in to find their items looted and mysterious entries on their recently played list.


Spoiler












Here are a few examples of game reporters getting hacked.

http://www.eurogamer...nd-items-stolen
http://www.examiner....diablo-3-hacked



> This reporter, *after having her own account with authenticator hacked*, firmly believes this is a serious security breach on Blizzard’s side, though they either do not want to admit it, or are still unaware of the problem. Many who have had their account on _Diablo 3_ hacked were logged in at the time of the hack and support staff tells them there was no evidence of their account being hacked. That indicates there is an exploit in the system being taken advantage of.



Here's a link to a massive thread on Blizzard's website:
http://us.battle.net...49008518?page=1

People are reporting that they've been hacked even though they have an authenticator and a secure password.
People are reporting that they were hacked even though they only played single-player.

Here's some theorycraft on Session ID Theft.

http://us.battle.net...8518?page=8#156



> You make a credential handshake once in the entire session. This happens at the time of login and this is what gets logged (IPs, account IDs, etc.).
> 
> At this point only session identifiers get transferred back and forth for each transaction. A transaction is whenever the state on your account changes. This could be anything from making an AH purchase to picking up some uber sword, or completing a quest, etc..
> 
> ...



NOTE: I'm not a security expert. I have not had my account hacked.


----------



## Rydian (May 21, 2012)

I don't understand how this is funny.  While the current goals seem to be chinese gold farming and not actual money, it's still account security for something people paid for (and is going into the gold farming business).

EDIT: Grammar fix.


----------



## purplesludge (May 21, 2012)

All the stolen stuff doesn't even need to be sold by a third party. Why didn't Blizzard anticipate this when they decided to have the real money auction house?


----------



## Rasas (May 21, 2012)

It isn't that funny but with all the stuff they did to Starcraft 2 and Diablo 3 they had it coming.
They shouldn't charge for a authenticator that offers little to no defense but Blizzard has been going on a downward spiral every since merging with Activision. The DRM preventing single player was a bad idea decreasing sales. We all know hackers will hack it eventually so why hinder your own sales. Also blaming the consumer when you send a ticket when your WoW and Diablo 3 account gets hacked when it probably is a problem with their security is complete BS. Ya, some computers aren't fairly secure but just like MS and Sony they pretty much shift all the blame to you when it might be a security hole on their side when your computer is secure.




purplesludge said:


> All the stolen stuff doesn't even need to be sold by a third party. Why didn't Blizzard anticipate this when they decided to have the real money auction house?


They probably didn't think the numbers would be to high. I'm pretty sure every online service company takes in to mind some accounts being hacked.


----------



## ferofax (May 21, 2012)

but then again there is such a thing as "acceptable losses". chances are, these players will just have to start over and forget about all those hacked items. i mean, really, relying on session IDs alone?

even I who's not well versed on hacking have a faint idea on how to go about doing it, and I might even succeed with the attempt. I didn't expect things to be this lousy, just because it's a DRM.


----------



## IBNobody (May 21, 2012)

purplesludge said:


> All the stolen stuff doesn't even need to be sold by a third party. Why didn't Blizzard anticipate this when they decided to have the real money auction house?



They did... But in a poor way.



> Note: After the first compromise restoration occurs on a Battle.net account, that account's access to the Diablo III Real Money Auction House will be restricted until an authenticator is attached. If the account is compromised a second time, access to the Diablo III Real Money Auction House will be permanently revoked.



Basically, if you get hacked, you get punished.


----------



## Sora de Eclaune (May 21, 2012)

This is why I'm going to wait until there's an exploit to make it possible to play the game offline. I didn't play the first two online, and I didn't have to be constantly connected to the internet to play, so why does this game have to be the odd one out?


----------



## Satangel (May 21, 2012)

Let's hope this is fixed by the time I purchase this baby. Saw it for a few hours today for the first time, impressive.


----------



## emmanu888 (May 21, 2012)

wow that was really fast seems blizzard has some work to do on the security side of the server


----------



## Satangel (May 21, 2012)

Sora de Eclaune said:


> This is why I'm going to wait until there's an exploit to make it possible to play the game offline. I didn't play the first two online, and I didn't have to be constantly connected to the internet to play, so why does this game have to be the odd one out?


DRM + cloud syncing + other things. Cloud syncing is really something useful IMHO, DRM is just BS.


----------



## Seaking (May 21, 2012)

this is funny because

1. it seems saves are NOT on your local machine, correct? so that would mean its in the Blizzard "cloud" on D3 servers


alunral said:


> Sora de Eclaune said:
> 
> 
> > This is why I'm going to wait until there's an exploit to make it possible to play the game offline. I didn't play the first two online, and I didn't have to be constantly connected to the internet to play, so why does this game have to be the odd one out?
> ...




2. what IBNobody pointed out


IBNobody said:


> purplesludge said:
> 
> 
> > All the stolen stuff doesn't even need to be sold by a third party. Why didn't Blizzard anticipate this when they decided to have the real money auction house?
> ...



its been less then a month and hackers have already found a hole in the security.

being Blizzard, i was hoping this would not happen.


----------



## GreatZimkogway (May 21, 2012)

Sora de Eclaune said:


> This is why I'm going to wait until there's an exploit to make it possible to play the game offline. I didn't play the first two online, and I didn't have to be constantly connected to the internet to play, so why does this game have to be the odd one out?



There won't be an "exploit".  You'll have to wait until custom servers can get made, if that's ever possible.  Everything, right now, is stored serverside, nothing on clientside.


----------



## IBNobody (May 21, 2012)

alunral said:


> Sora de Eclaune said:
> 
> 
> > This is why I'm going to wait until there's an exploit to make it possible to play the game offline. I didn't play the first two online, and I didn't have to be constantly connected to the internet to play, so why does this game have to be the odd one out?
> ...



This is true. You can get lag spikes, even on single player. My ping is ~300-500 at times, and I see rubber-banding. There will need to be custom servers set up.


------------------------------------

EDIT: I just updated the OP to indicate Blizzard's initial response.


----------



## xdmario1 (May 21, 2012)

I fail to see why Blizzard isn't getting hell for this. I may not play Diablo III, but I do know that if this were to happen with any console, Nintendo/Microsoft/Sony would be taking it up the ass for this. Why should a computer be any different?


----------



## SpaceJump (May 21, 2012)

Just checked my account and everything seems fine 
Hopefully Blizzard will sort this out quickly!


----------



## Covarr (May 21, 2012)

xdmario1 said:


> I fail to see why Blizzard isn't getting hell for this. I may not play Diablo III, but I do know that if this were to happen with any console, Nintendo/Microsoft/Sony would be taking it up the ass for this. Why should a computer be any different?


Because Blizzard is the second coming of Christ or something. People will put up with the excessive and intrusive DRM, the horribly broken launch that prevents paying customers from playing, and the accounts being hacked en masse less than a week after release, because in the eyes of the average Blizzard customer, they can do no wrong.

Seriously though, why is it that if EA sneezes the wrong way people throw a hissyfit, but if Blizzard has a whole week of problems nobody minds? I simply don't get it.


----------



## MelodieOctavia (May 21, 2012)

Covarr said:


> xdmario1 said:
> 
> 
> > *I fail to see why Blizzard isn't getting hell for this.* I may not play Diablo III, but I do know that if this were to happen with any console, Nintendo/Microsoft/Sony would be taking it up the ass for this. Why should a computer be any different?
> ...



Have you been living under a rock for the last week and a half? Nobody minds? Error 37 is now a meme.  Thousands if not MILLIONS of people have been bitching and complaining (rightfully so) about the abysmal launch that Diablo III had. Why don't you check the archive of any gaming news site and you'll see how "nobody minds".

Nobody has been making a big deal on here because, frankly, Diablo III isn't targeting the average 'Temper.


----------



## Wabsta (May 21, 2012)

A friend of a friend got hacked, sucked.
The whole forum and subreddit of diablo are full of people complaining about it.. I've seen people reporting websites (diablowiki apperently had a virus warning, and people who went on there have been hacked, for example)..
I've not been hacked myself yet. Not that I would REALLY mind, I'm not that far into the game yet.


----------



## DiscostewSM (May 21, 2012)

TwinRetro said:


> Error 37 is now a meme.



[yt]I43GUnZN_s4[/yt]


----------



## Deleted User (May 21, 2012)

1


----------



## Foxi4 (May 21, 2012)

brandonspikes said:


> lololoAuthenticator.





> This reporter, *after having her own account with authenticator hacked*, firmly believes this is a serious security breach on Blizzard’s side, though they either do not want to admit it, or are still unaware of the problem. Many who have had their account on Diablo 3 hacked* were logged in at the time of the hack and support staff tells them there was no evidence of their account being hacked*. That indicates* there is an exploit in the system being taken advantage of.*


Reading is _hard_.

The Authethenticator didn't help, this hack appears to hijack/monitor the entire session and extract the pass or even break in to the server itself, it has nothing to do with troyans. No offense, there's a lot of dumbasses out there who basically give their pass away on a plate if you ask them for it, but this occours on a scale far higher than the average keylogger/troyan issue.


----------



## Rasas (May 21, 2012)

brandonspikes said:


> Okay, So before people in this thread spout bullshit they don't know.
> 
> 
> ITS NOT BLIZZARDS FAULT.
> ...


Some people who bought it have connection issues just because you don't have a problem doesn't mean everyone doesn't have a problem. Some people don't even have a smartphone to get the free app or are unwilling to get the authenticator. Even then people with it got hacked.

Spoofing a session ID is Blizzards fault they should of at least came up with some counter-measures all you have to do is join a public game and someone can do it to you assuming spoofing the session id is how they get it you. The authenticator offers no defense what so ever in this scenario.


----------



## AceWarhead (May 21, 2012)

brandonspikes said:


> Okay, So before people in this thread spout bullshit they don't know.
> 
> 
> ITS NOT BLIZZARDS FAULT.
> ...


What the heck? It's OUR FAULT that Blizzard had a fluke with their security? How does that work out?
Oh, but of course, we are so dumb we didn't know that Blizzard fucked up their security measures.


----------



## Deleted User (May 21, 2012)

1


----------



## Deleted User (May 21, 2012)

hr]


----------



## Rockhoundhigh (May 21, 2012)

Yeah, considering this awesome launch I'll go with the game actually made by the real Diablo makers, Torchlight II when it releases.


----------



## Foxi4 (May 21, 2012)

brandonspikes said:


> *Shows that reading is even harder than expected*


Which part of session spoofing do you not understand? This should not be possible even if someone has a troyan/keylogger - one should not be capable_ to log on twice onto the same account at the same time with the same ID from two different IP's and loot the character_, the server should *fu*king notice* that two different IP's recieved the same session ID, which part of server exploit is hard to understand?

*EDIT: *Okay, in plain English so you understand what I'm telling you. Each gamer when logging on recieves a session ID and this ID is unique to this particular playthrough. Serverside, the ID's are assigned to players, no ID's are used twice at the same time.

Problem is that the system _does not check the ID's it assigned later on like it should and doesn't appear to give a rat's ass about them. _Spoofing this ID makes_ the server think that no hack even occurred -_ the server is _bloody convinced_ that_ YOU were logged on and that's an EXPLOIT right there. This is *Internet Security 101, *_Blizzard _f*cked up._


----------



## Deleted User (May 21, 2012)

Foxi4 said:


> brandonspikes said:
> 
> 
> > *Shows that reading is even harder than expected*
> ...


I have over 20 real id friends, None of them got hacked, nor did any of their friends, from what people have gathered its just a conspiracy going on to make blizzard look bad, the only people to get hacked are ones with un-secure security.


----------



## Zaertix (May 22, 2012)

brandonspikes said:


> -snip-



Here's the one part I'm confused about...

The Authenticator is one of two things. Either the key fob or the app on a phone. How can having a 'specific type' of keylogger/trojan allow them access to either exterior item, or allow them to access it? I've never known a trojan to allow access to a phone from a PC. Just sayin.

Also I love how vehement you are about it being the person's fault due to keyloggers and such. Where's YOUR proof? Just because you and your 20 real ID friends weren't hacked doesn't mean diddly. You might not have been in the right circumstances or what not. You just DON'T KNOW. Instead, your raging, trying to sound smart, whilst pulling terms out of where the sun doesn't shine.

How about we all agree this predicament sucks, and it's NO ONE'S fault and that it sucks? Did I mention it sucks?

Also, I wasn't hacked. 

The end.


----------



## Foxi4 (May 22, 2012)

brandonspikes said:


> I have over 20 real id friends, None of them got hacked, nor did any of their friends, from what people have gathered its just a conspiracy going on to make blizzard look bad, the only people to get hacked are ones with un-secure security.


Wow. Just wow.

Listen, Diablo 3 sells like cure for cancer. Poland is literally out of stock at this point, there isn't a single game store in this country that still has copies and the prices on auctions reach ludicous heights. The game nearly reached 1 million copies sold even before it was on the shelves in _preorders alone_. You think that your point is somehow valid because you have _20 _friends that didn't experience issues?

You know what 20 users are compared to the rest of the world? _A statistic fart. _If there was no issue, there would be no storm surrounding it and it would not be a global problem. Accept the thought, get used to it.


----------



## Deleted User (May 22, 2012)

1


----------



## Deleted User (May 22, 2012)

Foxi4 said:


> brandonspikes said:
> 
> 
> > I have over 20 real id friends, None of them got hacked, nor did any of their friends, from what people have gathered its just a conspiracy going on to make blizzard look bad, the only people to get hacked are ones with un-secure security.
> ...


That only proves that point that since "Everyone" is buying it, MOST of them aren't secure PC users.


----------



## Zaertix (May 22, 2012)

brandonspikes said:


> Zaertix said:
> 
> 
> > brandonspikes said:
> ...




Whoa whoa whoa buddy, calm it down. You seem to be getting up in arms about a game.

Take a second and breathe.. Woo sah.

And no, I know plenty of people that are 'secure' PC users that STILL get infections and malware. Just because you're secure, doesn't mean you're impervious to infections/malware. It just means you're more ready for it.

But do me a favor, before posting again, go for a walk, drink a beer, SOMETHING. Calm yourself. You're raging at NOTHING. Just because you feel you're ,more intellectually advanced than EVERYONE in this thread.


----------



## Foxi4 (May 22, 2012)

brandonspikes said:


> That only proves that point that since "Everyone" is buying it, MOST of them aren't secure PC users.


No it doesn't, it's _completely unrelated_. Even Blizzard actively looks into the issue, are you being a contrarian just for the sake of it or do you really don't understand that_ the server should periodically (preferably all the time) sift through the ID's and compare them with IP's to pick up the fact that they have two people logged onto the same account at the same time from different IP's or that the ID doesn't match the IP it was assigned to?_

This is why the ID system was _invented_ in the first place - to have a barrier that cannot be spoofed without physical access to the device that assigned the ID dynamically. This conversation is over. Bloody MSN tells you when you're logged on in two places, Facebook even gives you a little map that shows you where the bizzare log on took place when the difference in IP's is huge. Diablo 3 doesn't seem to mind that you suddenly teleported from the US to freaking China within 5 minutes.

[yt]fqs9DYisSsg[/yt]


----------



## Rydian (May 22, 2012)

Seaking said:


> its been less then a month and hackers have already found a hole in the security.
> 
> being Blizzard, i was hoping this would not happen.


A month and a previously-unknown hole is found?  That's not abnormal at all.
http://en.wikipedia.org/wiki/Zero-day_attack
http://9to5mac.com/2011/03/10/embarrassing-macbook-air-safari-5-0-4-pwned-at-hacking-contest-in-five-seconds/

Anyways this is another downside of the current trend of pushing things online.



Foxi4 said:


> brandonspikes said:
> 
> 
> > *Shows that reading is even harder than expected*
> ...


Two problems there.

1 - In order for somebody to log on with a certain session ID, they need to know it (unless it's literally an in-order numerical identifier).

2 - Session information is handled between the client and server, and if it exists on the client's computer a trojan can access it.

But yeah not checking for duplicate logins is a huge oversight (along with being able to log on with just the session ID of course).


----------



## Foxi4 (May 22, 2012)

Rydian said:


> Two problems there.
> 
> 1 - In order for somebody to log on with a certain session ID, they need to know it (unless it's literally an in-order numerical identifier).
> 
> ...


Obviously the ID has to be obtained in some fashion, I'm not saying that it doesn't. What I'm saying is that Blizzard did not think of the obvious scenario of someone simply using the same ID twice, which is indeed a huge oversight. When you create a system based on user accounts, the first thing you do is making sure that logging onto the same account twice, and I don't mean dual-boxing since you usually use two accounts for that, is impossible. Blizzard didn't - they thought that if a physical device assigns the ID, they don't have to worry about it. Oupsie - it appears that they do have to worry about it afterall.

Servers like this require safety routines, ones that simply make sense. Logging on in two spots at the same time is one thing, teleporting from one place to a very distant one within minutes is another, I could go on and on about this but all in all, bad security is bad security and it's not 100% the user's fault.


----------



## Felipe_9595 (May 22, 2012)

brandonspikes said:


> Rasas said:
> 
> 
> > brandonspikes said:
> ...


----------



## Rasas (May 22, 2012)

Can you just drop it brandonspikes regardless of how it occurs it occurs. I wouldn't of used the word assuming if I had proof. I know some will be gotten through phishing and other methods like trojans but this most likely is not the case. I doubt the article writers don't have a fairly secure PC or might play it at their company where they probably have good security for obvious reasons so can we just agree the hackers aren't getting in using the obvious methods. It probably is a exploit in the game's design so playing with randoms is not a good idea. Playing with trusted friends is okay.

Edit: SIngle Player People are getting hacked according to their forums so I think it is a server side issue.


----------



## the_skdster (May 22, 2012)

xdmario1 said:


> I fail to see why Blizzard isn't getting hell for this. I may not play Diablo III, but I do know that if this were to happen with any console, Nintendo/Microsoft/Sony would be taking it up the ass for this. Why should a computer be any different?



Ja. Well said.


----------



## AceWarhead (May 22, 2012)

brandonspikes said:


> Foxi4 said:
> 
> 
> > brandonspikes said:
> ...


----------



## DSGamer64 (May 22, 2012)

Rydian said:


> I don't understand how this is funny.  While the current goals seem to be chinese gold farming and not actual money, it's still account security for something people paid for (and is going into the gold farming business).
> 
> EDIT: Grammar fix.



Account security requires two parties to work properly. Blizzard's authentication servers not recognizing that an account is already online is a problem, however you need a keylogger in order to obtain the account username and password.


----------



## Rydian (May 22, 2012)

Er, isn't part of the problem how the geoIP detection was NOT functional?


----------



## Rasas (May 22, 2012)

DSGamer64 said:


> snip


People with Blizzard's Authenticator got hacked whose to say it is or is not a server side issue. Lets not jump to conclusion until a hacker shows a method to do it or Blizzard admits or shows how they did it since lets be honest Blizzard's messages are more likely to protect their interests not the truth and their message will most likely be fake or not entirely true depending on the scenario.

You just need the sessionid apparently not the password and maybe even a username. With singleplayer accounts being hacked I'm thinking it might be more of a serverside issue.


----------



## GreatZimkogway (May 22, 2012)

the_skdster said:


> xdmario1 said:
> 
> 
> > I fail to see why Blizzard isn't getting hell for this. I may not play Diablo III, but I do know that if this were to happen with any console, Nintendo/Microsoft/Sony would be taking it up the ass for this. Why should a computer be any different?
> ...



Because lolherpComputerviruses and lolEndusersfault.


----------



## Carnivean (May 22, 2012)

Yea, happened to me. Logged in to all my shit gone and a 'recently played' entry on my contact list when I've never been in a public game. Fresh install of windows as of a month ago, password is not weak and uses numbers, caps and symbols. Not a whiner or a blizzard hater, there is something seriously wrong here. Pretty pissed this happened.

And just to note, I sandbox everything that might be suspicious and use virustotal on every single exe I download.


----------



## AceWarhead (May 22, 2012)

It's rather retarded that you have to go ONLINE to play a SINGLE PLAYER game...


----------



## Gahars (May 22, 2012)

It's fitting that the launch for Diablo has just been going straight to hell.


----------



## DSGamer64 (May 22, 2012)

Rasas said:


> DSGamer64 said:
> 
> 
> > snip
> ...



I have had an authenticator since the day Blizzard started selling them, and that was what, 3 years ago? I have had numerous attempts at breaching my Battle.net account made on me over the years, since my WoW account has copious amounts of gold on it and a few max level characters. No doubt they will try to breach my account again, thankfully I am not a stupid consumer. An authenticator plus safe web browsing habits will protect your account, people being able to log into accounts through session ID's seems like a new thing, but should have been something Blizzard themselves fixed before the game went live. Sometimes things don't always turn out the way you want though and mistakes are made. They are going to fix the log in issues and things will be back to normal. Anyone who gets hacked from here on out was key logged and not using an authenticator.

Also, you can't log into an account from another location that has an authenticator attached to the account, without having to put in an authenticator code. Blizzard also has it in place that you don't have to continually keep putting in the codes every time you log in, the authentication server resets on Tuesdays alongside the realm maintanence for WoW. The authenticator code is tide to the IP address that you logged in from, so changing your IP will force you to enter in a new code.


----------



## Foxi4 (May 22, 2012)

DSGamer64 said:


> Also, you can't log into an account from another location that has an authenticator attached to the account, without having to put in an authenticator code. Blizzard also has it in place that you don't have to continually keep putting in the codes every time you log in, the authentication server resets on Tuesdays alongside the realm maintanence for WoW. The authenticator code is tide to the IP address that you logged in from, so changing your IP will force you to enter in a new code.


_Presumed Encryption Routine:_
IP Address + Code Generation Algorithm ---> Auth.Key
Auth.Key + Game ID + (probably Date as well) ---> Session ID

Thus if you spoof the Session ID, the server just thinks you re-connected after a D/C. You don't need a new Auth.Key if the Session ID checks out and the server never checks for duplicates, apparently.


----------



## Hells Malice (May 22, 2012)

Glad I wasn't hacked. Granted..i'm essentially dirt poor. I have no gold and none of my gear is that great for a level 53.
It also surprises me that big name companies like Sony and Blizzard can get compromised like this.




AceWarhead said:


> It's rather retarded that you have to go ONLINE to play a SINGLE PLAYER game...



It isn't a singleplayer game.
It's an online coop game with the option of playing alone.
It's a pretty solid anti-piracy tactic tbh.


----------



## nl255 (May 22, 2012)

DSGamer64 said:


> Rasas said:
> 
> 
> > DSGamer64 said:
> ...



That is not necessarily true.  If you can get the session ID *you don't need the login or password *and apparently that can be sniffed somehow, possibly when you join a public game.  Also, you do know that the Blizzard Authenticators, which are nothing more than RSA SecureID tokens were hacked a long time ago (someone got the random seeds and other cryptographic information that is needed to spoof RSA SecureID dongles), right?


----------



## DSGamer64 (May 22, 2012)

nl255 said:


> DSGamer64 said:
> 
> 
> > Rasas said:
> ...



Considering the codes are randomly generated, not to mention you can switch the dongle for the app, that shouldn't be an issue. Also, even if you keylogged the person and copied the authenticator number in real time, at least with SC2 and WoW, you wouldn't be able to log into the game servers if someone else is connecting at the same time using the account as the servers read for the preferred IP Address that you regularly connect your account to.


----------



## ferofax (May 22, 2012)

*BLIZZARD IS DOING A SONY!*

also, follow the bread crumbs. never friended a "lei yong" but you got offline activity with that account before you got hacked? chances are, he hacked you, or will lead you to the one who did. follow the loot.

as Hades very aptly put it, "If the aliens give you lemons, make freaking alien lemonades!"


----------



## machomuu (May 22, 2012)

ferofax said:


> *BLIZZARD IS DOING A SONY!*


I think it'd be more appropriate to say "Blizzard got SONY'd" given the circumstances, but in any case the scenarios are pretty different.


----------



## crysalim (May 22, 2012)

Surprised this hasn't been mentioned already, but sites are already up selling 100k gold for $6 USD, and offering power level services from 1-60 for $199.  I've seen people talking in /general about how they got hacked after doing this. 

Also, to the person talking about session id being the way to avoid multiple logins, that's not how online games work - if a person loses connection on their end, the game has to be able to let that player log back in almost instantly to not disrupt their game experience.  Most online games function in this fashion; for a few minutes both sessions will co exist online and there is nothing that can be done about this.  Older games used to lock out logins until the previous session timed out, usually at around 5~ minutes, but this resulted in a much greater sense of "customer dissatisfaction" than simply allowing both sessions to be on simultaneously.


----------



## DeMoN (May 22, 2012)

AceWarhead said:


> It's rather retarded that you have to go ONLINE to play a SINGLE PLAYER game...


Anti-piracy and anti-hack. Back in Diablo 2, you could play single player offline but you can hack the game easily since it wasn't online. Then you could bring just your hacked shit online and play and trade with others, and Blizzard couldn't catch you since you did all the hacking offline. See the problem here? So Blizzard created protected servers which required you to play online all the time, and almost everyone chose this because they didn't want to deal with the hackers. So D3 being online-only isn't anything new really.


----------



## Rasas (May 22, 2012)

DeMoN said:


> AceWarhead said:
> 
> 
> > It's rather retarded that you have to go ONLINE to play a SINGLE PLAYER game...
> ...


That was the open servers not the closed servers(closed are online only) and you can always host your own game and kick people who used hacked items plus playing with hacked items can be fun after so many runs in Diablo 2. Have so much agility that evasion that it goes negative on you was great. You always got hit AKA. Yes, games being online only isn't anything new but I think it hinders sales a little and does little against piracy since there will most likely be private servers and a single player hack down the line. Also anti-hack is just them banning your key after so many warnings or just straight up since it was that bad which they did before but there are plenty of map hacks for Starcraft 2 and sooner or later so will Diablo 3 will probably have some hacks. I honestly think it does nothing but decreases potential sales from people that just want single player. Maybe I'm wrong or maybe I'm right but they can always make it so you can't go online with your single player account preventing hacked items and stats right or make a separate closed servers and open servers like in Diablo 2.


----------



## Bladexdsl (May 22, 2012)

so glad i  never bought it


----------



## Psionic Roshambo (May 22, 2012)

Thats ok my account for WoW was accessed from my gmail account, Google sent me an email that my email had been "accessed through unknown means" so they got my WoW account. After that I reset everything and thought it was cool, 12 hours later blizzard decided the nuke my account entirely and I lost years worth of stuff I had accumulated.... So happy I didn't buy Diablo III even though I wanted it very badly.

Just too angry with Blizz over the whole WoW thing to give them another dime.

Edit: This is rather sad to be honest because until the WoW incident I was a life long blizzard fan from WC on up all the expansions and even multiple copies of some games (Diablo 2 LOD was great fun if you had 3 copies of the game and ran them)


----------



## nl255 (May 22, 2012)

DSGamer64 said:


> nl255 said:
> 
> 
> > DSGamer64 said:
> ...



Except you don't have to do that.   Basically, once you log in with your username, password, and authenticator Diablo 3 and the servers creates a login token that is stored.  If you can get that login token, you don't need the password or authenticator at all because you are already past that point.  Think of it as being like Dropbox, once the OAuth token is created the username and password don't matter anymore.  Finally, it appears that authentication token is sent when you join an online game or possibly even sent in the clear whenever you log in making it fairly easy to sniff.  Not to mention that it is NOT tied to your IP address or location like it is supposed to be.


----------



## Rockhoundhigh (May 22, 2012)

brandonspikes said:


> Rasas said:
> 
> 
> > brandonspikes said:
> ...


----------



## ferofax (May 22, 2012)

How is lax security NOT Blizzard's fault?


----------



## Nah3DS (May 22, 2012)

blizzard.... just put an offline mode


----------



## DSGamer64 (May 22, 2012)

I really see no reason as to hacking D3 accounts. The Real Money Auction House is a joke and very few people are going to use it, whether it be for end game PvP when it comes or just for getting the best gear possible. The majority of players are finishing off Normal or Nightmare modes, considerably less have cleared Hell and Inferno modes. Gold is so absurdly easy to get that if someone wants to buy gear off the Auction House, they can just use gold to buy it rather then real money.


----------



## Deleted User (May 22, 2012)

Posted by​


> Bashiok
> 
> *Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.*
> 
> ...








> It seems to me like it's the most logical way to go about it. Build up a list of accounts and passwords, and then hit them in a rapid succession before word can spread and people can change their passwords, add an authenticator, etc.​


----------



## IBNobody (May 22, 2012)

I've updated my first post with the quote from Bashiok.


----------



## Zaertix (May 22, 2012)

brandonspikes said:


> Posted by​
> 
> 
> 
> ...




And of course you have to be a tool. Why not just let it be said and leave it at that? Oh wait, you're an egotistical ass. Thaaaat's right. 

Glad you left though and stopped raging.


----------



## ComeTurismO (May 22, 2012)

Oh no. On a other forum my friend was complimenting diablo. He asked if anyone likes playing it. Next day, he says  "F*** I got hacked on my level 50 wizard godly stuff I had".


----------



## SSVAV (May 22, 2012)

It's ironic they try to sell authenticators when it's well established that the account hackings aren't done by stealing the account passwords.

lolherpderp commercial technique?


----------



## Hunter X (May 22, 2012)

People are also getting hacked by stealing user ids and passwords. I got an email from "Blizzard" inviting me to play WoW MoP Beta. It was a little strange because every email i've gotten from them has their email in the sender field, but the one i got was from myself. The email looked very legit with a proper title and images. However, me being skeptical with emails I get, I dissected the email header and found it originated from the email account [email protected] from IP address 106.10.149.71 which is in Singapore. The invite links you to some obscure site ​ hXXp://www.sbeha-ernyzf.gx/login.asp?ref=https%3A%2F%2Fus.battle.net%2Faccount%2Fmanagement%2Findex.xml&app=bam (Please don't visit this link) and I believe this is where people are getting their credentials stolen.


----------



## Seaking (May 22, 2012)

Hunter X said:


> [removed link] (Please don't visit this link)


well herpderp the start of the URL isnt even battle.net, its forun-realms.tk, who could be so stupid to NOT look at a URL when typing in login info?


----------



## Hells Malice (May 22, 2012)

DSGamer64 said:


> I really see no reason as to hacking D3 accounts. The Real Money Auction House is a joke and very few people are going to use it, whether it be for end game PvP when it comes or just for getting the best gear possible. The majority of players are finishing off Normal or Nightmare modes, considerably less have cleared Hell and Inferno modes. Gold is so absurdly easy to get that if someone wants to buy gear off the Auction House, they can just use gold to buy it rather then real money.



I lol'd hard.
You must also think free2play MMOs with cash shops just do abysmally too, right?
Or hey, gold sellers must make a pittance since gold is so easy to get in MMOs.

Rich kids will like Diablo 3, and they will pay for anything they desire with mommies credit card. Why? Because people are lazy. They want to be amazing at a game, but they just really are too important and busy to play themselves.

Also a little trick in economics, if mob cash drops and items could be sold for around 5 gold, and making 10k gold would take a day of farming...an insanely epic and rare item may be upwards of 50k.
Blizzard realizes gold drops are really low (this would never happen due to economy destruction, bear with me hurr), so they amplify gold drops and item worth to sell to NPCs to about 5k gold average. Now getting 1mill takes about a day, low and behold, items don't STAY at 50k, they rocket to around 5mill.
Basically if gold is insanely easy to get, well, shit will be insanely expensive to buy. Making the RMAH, ESPECIALLY FOR LOWER LEVELS, incredibly efficient for a person (plus you can buy gold with it). Low level items sell for around 10-30k...I tried to equip my low level DH for cheap, yeahright. Shit my level costs about 20-50k, i'm level 53.
Simple concept.

Last note to make this a bit more on topic instead of half-assed on topic.
Gold sellers are ALREADY selling Diablo 3 gold, and prices are rising and lowering (meaning there is FLOW, people are buying stock and they're adjusting depending on supply and on demand). I've been watchin' out of interest.
So, reason to hack D3 accounts? Plenty. MMOs and online games with currency in an infancy stage are the absolute BEST times to sell gold. It's before people get a handle on what gold is really worth, and they can sell little for quite a lot. There's a lot of demand.


----------



## Foxi4 (May 22, 2012)

Adding to Hell's comment which I obviously Like'd, I want to add that Farming is the most mundane and boring activity of them all - it does not progress the story, it's not fun, it's repeatedly maiming one type of mobs because they're said to drop lots of gold or precious items. Farming is not "playing", it's not perfecting your skills, it plays no role in storytelling, it does not make you meet new friends in a fun activity - farming is the equivalent of watching paint dry or grass grow. Some people find it too mundane and boring and simply choose to ask someone else to do it for them for a moderate price and I can fully understand that. MMO economy is unforgiving and if you do not wish to suffer through hours of grinding in a robotic manner, this is a viable option, a win-win situation.


----------



## DarkStriker (May 22, 2012)

Already happend twice to my friend. Guess what their solution was! A rollback! Way to go blizzard......


----------



## Deleted member 473940 (May 22, 2012)

weird timing. my youtube account got hacked -.-

after all the delays, they still have flaws :/


----------



## Slowking (May 22, 2012)

There has been talk that session IDs would have to be obtained somehow. They really don't. With this many players online, you can just bruteforce them. Sooner or later you'll find an active ID.
Ofcourse it's easy to prevent a bruteforce, by locking out the IP after a few trys, but considering that Blizzard doesn't even check IDs against IPs I wouldn't be surprised if they don't have such a check.


----------



## Deleted User (May 22, 2012)

Zaertix said:


> brandonspikes said:
> 
> 
> > Posted by​
> ...


Being a tool? It's calling defending my point.


I know that people are trying to shit on this game in any way possible, there was no "stealing" Id's in a public game, it was all normal hacks from un-secure people.

I don't care what you think of me, my point is still correct.


----------



## Rasas (May 22, 2012)

brandonspikes said:


> Being a tool? It's calling defending my point.
> *We are both tools it is just that your a tool defending a company who has done some questionable things and possible have a big exploit.*
> 
> I know that people are trying to shit on this game in any way possible, there was no "stealing" Id's in a public game, it was all normal hacks from un-secure people.
> ...


Hacking of Diablo 3 regardless of the means is happening at such a rate it should be a major issue regardless of it is on the client's side or Blizzard's side. You cannot really trust Blizzard's statements since they might be lies to protect their own interests. Your point may be correct or may be false so drop it your not convincing anyone of your possible lies or truth. Plus Blizzard is deleting a lot of topics where people complain about being hacked so the numbers may be high.


----------



## Foxi4 (May 22, 2012)

brandonspikes said:


> I know that people are trying to shit on this game in any way possible, there was no "stealing" Id's in a public game, it was all normal hacks from un-secure people.
> 
> I don't care what you think of me, my point is still correct.


Prove it. Do you have proof that it is not possible?

And no, don't shove statements made by Blizzard into anyone's faces - of course they're not going to tell the public they screwed up, it's always the End-User's fault.

Unless you have solid evidence that each and every case was a simple matter of keyloggers and troyans on the computers of victims, you can just as well shush now and wait for more information just like everybody else. You don't have a point - you're just being pushy with your argument without anything to prove its legitimacy whatsoever other than some statement made by a Blizzard employee on a forum. This is hardly proof of anything - the accounts are hacked en-masse, how is it hard to understand is beyond me.

*EDIT: *And no, we're not here to bash Diablo 3. Diablo is a damn awesome franchise and this is a genuienly great game, but it may have a glaring weakness in its online structure and concern is only natural.


----------



## Rydian (May 22, 2012)

DarkStriker said:


> Already happend twice to my friend. Guess what their solution was! A rollback! Way to go blizzard......


And the alternative would be... ?


----------



## Foxi4 (May 22, 2012)

Rydian said:


> DarkStriker said:
> 
> 
> > Already happend twice to my friend. Guess what their solution was! A rollback! Way to go blizzard......
> ...


Doing a roll-back *and* plucking the security hole that caused the issue in the first place? 

When a little stone falls into your shoe and annoys you to no end, you don't just take your foot out, rub it a bit where it hurts and put it right back into the shoe - you get rid of the stone.


----------



## Rydian (May 22, 2012)

I was referring to the state of the accounts, which seemed to be the complaint.

Fixing the security hole is so damn obvious I didn't bother mentioning it.
Like "unzip before you pee"-level obvious.


----------



## Foxi4 (May 22, 2012)

lol, I suppose you're right Rydian, but given the amount of people going all "omg, there is no issue at all, you are all dumb!!1!" I figured that it'd be best if we establish that in every post for effect.

If this ever happened to Sony, people would create a global army of hate againts the company.

Wait...

Damn...


----------



## Rydian (May 22, 2012)

Yeah this was one hell of an oversight on their part.

And this is another reason I tend to wait before getting new games, other than the price of course.


----------



## Foxi4 (May 22, 2012)

Rydian said:


> Yeah this was one hell of an oversight on their part.
> 
> And this is another reason I tend to wait before getting new games, other than the price of course.


What I don't understand is that they have a system that works perfectly fine that's been thoroughly tested throughout the years of using it for World of Warcraft and Starcraft 2, why the exact same system was implemented with gaping holes into Diablo 3 is not something I can easily understand.

What I do wonder is if the ID can indeed be easily obtained and used by someone else on an entirely different game and an entirely different IP... does that spell some opportunities for users who play the pirated version? I mean, if a pirated version of the game will use a spoofed ID of an original one, the system shouldn't know any better, right?

This basically means "one friend buys Diablo and five other friends play it with him for free".


----------



## DiscostewSM (May 22, 2012)

Was this sort of thing happening during the beta?


----------



## TheLostSabre (May 23, 2012)

Not that I was aware of, no.


----------



## Deleted User (May 23, 2012)

Foxi4 said:


> brandonspikes said:
> 
> 
> > I know that people are trying to shit on this game in any way possible, there was no "stealing" Id's in a public game, it was all normal hacks from un-secure people.
> ...


DO YOU have any proof of what you're saying?


----------



## Rydian (May 23, 2012)

He's theorizing and discussing it, not stating something as fact.


----------



## AceWarhead (May 23, 2012)

brandonspikes said:


> Foxi4 said:
> 
> 
> > brandonspikes said:
> ...


DO YOU?
None of us have proof. Foxi and others are just theorizing.
While YOU, sir, are stating things as if it were facts.


----------



## Deleted User (May 23, 2012)

AceWarhead said:


> brandonspikes said:
> 
> 
> > Foxi4 said:
> ...


Yes, I do have facts, Facts that are based off other blizzard games I've played for the past 7 years, I've proved that it was normal hacking methods, and blizzard has said so themselves.


SO yes, I did prove it.


----------



## Rydian (May 23, 2012)

brandonspikes said:


> Facts that are based off other blizzard games I've played for the past 7 years, I've proved that it was normal hacking methods


Jesus fucking christ, did I just read that?

http://www.johnpratt.com/items/astronomy/science.html

Readplz.



brandonspikes said:


> and blizzard has said so themselves.


No, blizzard has said they have not yet seen proof for one side.

That does not mean that side is false, just that it has not been proven.

And conversely, it does not prove the opposing theory true.


----------



## Deleted User (May 23, 2012)

Rydian said:


> brandonspikes said:
> 
> 
> > Facts that are based off other blizzard games I've played for the past 7 years, I've proved that it was normal hacking methods
> ...


We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. *Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password.* While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.​

IT CLEARLY says they haven't found any hack via the things listed in this thread from other.

Let me say this again, The same thing happened during wrath of the Lich king


----------



## Unagi (May 23, 2012)

And you sir need to calm down.


----------



## Rydian (May 23, 2012)

The theories being discussed were about how the session ID could have been used to log in.


----------



## Unagi (May 23, 2012)

I just love how he clings to these Blizzard statements like they're golden facts and he's being pushy about it. Shit whats the big deal anyways?


----------



## Foxi4 (May 23, 2012)

At first it was funny, then I facepalmed, then I read it again to make sure that my mind isn't playing tricks on me and finally I just felt... Saddened. I'll just say a few things without getting into details here:

>World of Warcraft was secure for me, ergo...
>Diablo 3 must be secure as well.

"I like eggs thus obviously I must like poultry."

>Proof.
>Blizzard said so.

"I don't need to think, I pay an army of people to think for me because I'm not very good at it. By proxy my truth is truther than yours because you are wrong because that's what I was told."

>A huge group of people suddenly experiences issues with account hacking.
>Surely they are all idiots.

"I shall use a stereotype as an argument because science!"

This thread is becoming more and more entertaining by the minute.


----------



## DiscostewSM (May 23, 2012)

Was just thinking that hackers (via suspicious websites) possibly got what they needed for accessing account during beta, so even if people were not accessing suspicious sites now, their accounts are compromised had they done so prior. They waited until now to use this information because beta gave no incentive.


----------



## Rasas (May 23, 2012)

brandonspikes said:


> snip


Blizzard lies time to time. Remember how they said the Diablo 3 closed beta would give no bonuses then they decided to do it anyway. Remember the lies about balancing and the beta invites to Mists of Pandaria for WoW for a annual subscription. They go back on their word several times so why would you trust a group who lies. Are you stupid? If I lie to you several times would you trust me no. If a company lies several times you do. Wow your not very smart are you. So keep believing their claims as truth when they lied in the past several times and seem to only be increasing the number of lies. That just seems foolish. You cannot trust statements like this since it is only to fix public relations but why not get tricked your the biggest tool on this thread.

Also the past isn't a good record people can change and Blizzard definitely changed after the merger with Activision and not in a good way.


----------



## Rydian (May 23, 2012)

DiscostewSM said:


> Was just thinking that hackers (via suspicious websites) possibly got what they needed for accessing account during beta, so even if people were not accessing suspicious sites now, their accounts are compromised had they done so prior. They waited until now to use this information because beta gave no incentive.


This theory has some credence, as it's not uncommon for pre-release data on MMOs to be wiped so that everybody has a clean slate on full release.

If the hackers took advantage of users back then, they would have had little to gain and would have gotten a security hole patched before being able to exploit to retail.


----------



## Saddamsdevil (May 23, 2012)

Good thing I use the authenticator, still, that won't do me much good when the damn thing is OFFLINE. *sigh*


----------



## AceWarhead (May 23, 2012)

brandonspikes said:


> AceWarhead said:
> 
> 
> > brandonspikes said:
> ...


So you are just gonna take everything a company shoves down your throat and call it facts? A company that over and over again, LIED?
That... is blind fanboyism...


----------



## Rasas (May 24, 2012)

brandonspikes regardless of if they are telling the truth or not it you shouldn't trust a company that lies time and time again. My previous post had some examples but there are dozen more. I understand that it is possible it was done through the more common methods but can you not agree it is possible Blizzard left a exploit in their system and are lying about it.


----------



## Kioku_Dreams (May 24, 2012)

Well this is... Saddening. I mean, I was gonna buy this tomorrow.. I don't want my account getting hacked not even a day after buying it... No..


----------



## Rydian (May 24, 2012)

"Theorizing about how a hack took place when there's a lack of information" != "shitting on good games".


----------



## Rasas (May 24, 2012)

brandonspikes said:


> snip


So despite all that you won't even consider a possibility that they are lying about it despite past instances of them lying. I'm not trying to say either side is right but there is no solid proof that it is one thing or another.


----------



## alphamule (May 24, 2012)

I'll probably ROFL if any of the following turns out to be true:
A)  Flaw in file distribution network.  Everything from apache-httpd to BitTorrent to SSL has bugs or weaknesses.
B)  Spyware created to prevent cheating got pwnd.
C)  People all running some popular application (not necessarily a bot) with a previously unknown backdoor.  See #1 but not Blizzard's clients/protocols.  (Even Windows Media Player has had this sort of problem)

Whatever - I don't have an account so it doesn't affect me.  Sorry if your virtual stuff got stolen.  Mine got zapped because the server died so I know how much that sucks!


----------



## NetShira (May 25, 2012)

Hmm oddly enough after perusing this today thinking "Hmm that sucks"... I logged on to D3 a few minutes ago to see how much farther my son (who plays all day) got farther from me since we played last night in D3 (I feel slightly competitive because I can't keep up with his progress when he played 3x more than I hehe)... and Guess what.. all characters have their gear, but no inventory, no money and no items in the first page of the stash (second page does have items ... and my chars have their "worn" inventory..).   So  I must add myself to those who appearantly got hacked (between 22 hrs ago and now).  Last night I had a stash and 3 "temp" characters full of gold items for when the US AH opens.  For those who care I run a pretty tight ship at home lan-wise because of what I do for a living hehe so this is pretty unexpected and dare I say it.. pretty improbable that the intrusion occurred at my side of things  Just my opinion, maybe I'm "hacked" but nothing else I run is so we'll see.  TLA.


----------



## doyama (May 25, 2012)

Session ID theorizing is somewhat moot. It means that you would need ot initiate a MITM attack which isn't possible unless you have access to a core router somewhere. It's simply not possible to actually do this from China, or whatever. The theories behind this simply do not make any technical sense, and are generally simply repeated by individuals that don't actually understand the technical possibilities. And again if you could do this WHY use it on D3? Much more profitable to use it on Paypal or some other infrastructure.

This is also highly contradicted by the fact that many users get hacked without being in a game (they find out items are simply gone) to the recent trend of somehow accessing the AH is causing the hack.

Note that the majority of users are playing public games, and therefore users are going to make a fairly incorrect correlation that public games cause the problem. And those will indeed appear to make up the perponderance of the claims made on the forums simply from a statistical standpoint.

I think what coudl be happening is similar to the xbox issue.

http://xbox.about.co...k-Explained.htm


----------



## DeMoN (May 25, 2012)

Keep in mind that Blizzard has made a shitload of money from Diablo 3 sales already, and regardless of whether they're right or wrong on this issue, they're still filthy rich.

Very foolish PR move for them to continue to deny this, but I guess ever since the merger it's all been about the profits.


----------



## Rydian (May 25, 2012)

doyama said:


> Session ID theorizing is somewhat moot. It means that you would need ot initiate a MITM attack which isn't possible unless you have access to a core router somewhere. It's simply not possible to actually do this from China, or whatever. The theories behind this simply do not make any technical sense, and are generally simply repeated by individuals that don't actually understand the technical possibilities.


As stated if all they actually needed was the ID it wouldn't be hard to brute-force until they found some active IDs with good loot.

But yeah a lot of the info seems odd, but people were talking about what little info was available at the start.



doyama said:


> And again if you could do this WHY use it on D3? Much more profitable to use it on Paypal or some other infrastructure.


Tell that to the entire chinese MMO gold farming/stealing industry.


----------



## hatredg0d (May 26, 2012)

if you choose to listen to that crap on their forum go for it. 

My D3 account had an (mobile) Authenticator attached to it before loosing my items/gold. After three days of my ticket getting ignored i called, no one accessed my account according to them, but they rolled my account back anyways. something happened whether the server was having problems and deleted my stuff or the hacking everyone speaks of.
One of my friends had his char simply vanish unable to use the undo char delete button. he also required a roll back, honestly i think both me and him experienced some sort of glitch.


----------



## alphamule (May 26, 2012)

Well that gets me thinking... supply and demand thing.

If there *ARE* D3 items getting transferred to gold seller's accounts, then you'd see a huge increase in the supply of items and gold.   If not, the accounts might not be hacked at all but something is flagging the items as dupes or something silly like that.  A lot of games use unique hidden serial numbers to prevent duplicated items, for those that don't get what I mean by 'dupes flagging'.


----------



## Densetsu (May 26, 2012)

Can we please all just agree to disagree?  It baffles me what people argue over sometimes 

None of your posts have been permanently removed, just hidden for now.  I apologize to those of you whose non-flamey posts got caught up in the net, but we'll go over them and restore them if they didn't contribute to the flame war.


----------



## alphamule (May 27, 2012)

Densetsu said:


> Can we please all just agree to disagree?  It baffles me what people argue over sometimes
> 
> None of your posts have been permanently removed, just hidden for now.  I apologize to those of you whose non-flamey posts got caught up in the net, but we'll go over them and restore them if they didn't contribute to the flame war.



Oh, I see what you did there...  A flamewar... with a _Diablo_ game.


----------



## Rydian (May 27, 2012)

Maybe-on-topic; I've seen a lot of diablo porn showing up lately.  Not the franchise, but the character.


----------



## ZAFDeltaForce (May 28, 2012)

Saddamsdevil said:


> Good thing I use the authenticator, still, that won't do me much good when the damn thing is OFFLINE. *sigh*


Actually some of the hacked victims were authenticator users.

Still better than nothing though.

I downloaded the authenticator app right after I heard news of the hacking wave. Still good so far


----------



## Deleted User (May 28, 2012)

ZAFDeltaForce said:


> Saddamsdevil said:
> 
> 
> > Good thing I use the authenticator, still, that won't do me much good when the damn thing is OFFLINE. *sigh*
> ...


No they weren't, they had dial up authenticators that don't work for D3..


----------



## alphamule (May 28, 2012)

Rydian said:


> Maybe-on-topic; I've seen a lot of diablo porn showing up lately.  Not the franchise, but the character.


Well, someone'll be damned!  LOL


----------



## ZAFDeltaForce (May 29, 2012)

brandonspikes said:


> No they weren't, they had dial up authenticators that don't work for D3..


You mean the authenticator app?


----------



## Deleted User (May 29, 2012)

ZAFDeltaForce said:


> brandonspikes said:
> 
> 
> > No they weren't, they had dial up authenticators that don't work for D3..
> ...


They're 3 types of Authenticators.

Android/Iphone App. Phone Dial UP/SMS, and the Physical Token.

People who have the Dial Up/SMS ones think they have an actual authenticator, and believe it or not, *those do NOT work for Diablo 3.*


----------



## ZAFDeltaForce (May 29, 2012)

brandonspikes said:


> They're 3 types of Authenticators.
> 
> Android/Iphone App. Phone Dial UP/SMS, and the Physical Token.
> 
> People who have the Dial Up/SMS ones think they have an actual authenticator, and believe it or not, *those do NOT work for Diablo 3.*


That's odd, I've never heard of Dial Up/SMS authentication. SMS alerts maybe? But SMS alerts only alerts the user of password changes if I recall correctly. Nothing to do with log in authentication as you say.

Also, no need to *bold *anything. I read just fine


----------



## Deleted User (May 29, 2012)

ZAFDeltaForce said:


> brandonspikes said:
> 
> 
> > They're 3 types of Authenticators.
> ...


SMS alerts that go with the dial up, Pretty much if you login from a different location, you call an automatic number,put your pin/Code it gives you, and it generates a code, Its only for WoW and SC2.

SMS alerts are for when a login is made from a different location,


----------



## ZAFDeltaForce (May 29, 2012)

brandonspikes said:


> SMS alerts that go with the dial up, Pretty much if you login from a different location, you call an automatic number,put your pin/Code it gives you, and it generates a code, Its only for WoW and SC2.
> 
> SMS alerts are for when a login is made from a different location,


I see, thanks for clearing that up.

Come to think of it, that does sound secure. I wonder if Blizzard would introduce this as an additional authentication measure for Diablo 3 in response to the hacking wave


----------



## doyama (Jun 15, 2012)

ZAFDeltaForce said:


> brandonspikes said:
> 
> 
> > SMS alerts that go with the dial up, Pretty much if you login from a different location, you call an automatic number,put your pin/Code it gives you, and it generates a code, Its only for WoW and SC2.
> ...



They just did as a requirement to use Paypal in the RMAH. People are ALREADY BITCHING ABOUT IT. You can't please anyone.


----------

