Blizzard Responds to Diablo 3 Account Hacks

Status
Not open for further replies.
G

Guest

Guest
Either it is the lack of an authenticator or Blizzard just put their foot into their mouth. It would be most amusing it were the latter. Maybe then they would stop thinking that their system as it is, is flawless.
 

seroism

Distinguished
Aug 7, 2009
38
0
18,530
0
Blizzard knows it's happening but doesn't want to acknowledge it. They're trying desperately to fix the problem before the RMAH is launched. My money is on the hackers....
 

djscribbles

Honorable
Apr 6, 2012
1,212
0
11,460
61
Some of the rumors floating around point to joining a public game (which gives the hacker access to your session id, which he can then spoof) as being all that is needed to be hacked.
Maybe true, maybe not, but I'm not going to go try to find any new friends until this dies down.

Another rumored cause is people infected with malware that lets a hacker use their PC as a proxy server to bypass their authenticator which is configured to "not ask every time" mode, the hacker would be able to login without authentication because the request is coming from the victims own infected PC.

Personally, I think this is a huge risk to blizzards reputation, I sure hope they are willing to admit if the vulnerability is on their side, and get it fixed soon. Personally I think this seems way too 'big' to be a bunch of schmoes with PC's loaded with malware, but it would be possible they have been saving up a big list of targets, as battlenet accounts were around long before diablo3 launched, and there is likely a large intersection between diablo3 players, wow players, and SC3 players.
 

bgaimur

Distinguished
Dec 2, 2009
52
0
18,630
0
[citation][nom]DoofusOfDeath[/nom]Would the man-in-the-middle attack be avoided if D3 used SSL ?[/citation]
Using SSL on a d3 session would be about as useful as putting a password on a telnet session. If you need to ask why, just take my word for it. No.
 

spookyman

Distinguished
Jun 20, 2011
670
0
19,010
6
Its a shame you can play this game like the original Diablo. It was great to play on a local area network at work and play with friends without having to log on to the internet.

As for the account problems. How hard is it to secure your account?

Could they use WoW as a guide on account security.
 

bgaimur

Distinguished
Dec 2, 2009
52
0
18,630
0
[citation][nom]hoof_hearted[/nom]An authenticator ... great ... now I need a proprietary smartcard to play a single-player game?[/citation]
Proprietary smart card... well if you invest anything into something, you do what's convenient and available to secure it. In this case, you use a two-step authentication process. Sure, you can memorize a password, but can you type in numbers that you're reading from a keychain?! Preposterous!
 
G

Guest

Guest
Sadly this is happening more and more in multiplayer online games now. Happened to valve, nexon, blizzard and the rest etc. The usual denials and silence attitude till it is way too late for the victims. Then insufficient compensation that doesn't even help the victims. So get your $60+ D3 to play (if even can login to play or not get dcd even) coaster and work hard only to have your stuff get stolen. Blizzard already got your money and doesn't care.
 

mchuf

Distinguished
Jul 16, 2010
204
0
18,680
0
So in trying to get a piece of the action from gold farmers, Blizzard has allowed a way for it's customers to get hacked. And of course, it isn't Blizzard's fault.
 
G

Guest

Guest
IMO - Blizzard invited these lazy money grubbing hackers to the party by comming up with such a hairbrained scheme as the RMAH. Blizz - you have truely shown your ignorance just to support your own greed. You don't want people to buy Gold for WoW because you don't get your cut. Now you introduce a way to get your cut and are bringing the worst out in many people.

You want to stop the hacking, be smart like Trion and introuduce some sort of account lock tied to the users e-mail (like Trion did for Rift) when played from different PCs. Otherwise, indefinately delay the RMAH until you get get your $h1t together.
 

kartu

Distinguished
Mar 3, 2009
959
0
18,980
0
[citation][nom]SinisterSalad[/nom]Allowing offline use would be the best way to counter this.[/citation]
Uhm, but it would mean some would be able to play it for free!!!
Who cares that additional cost of servers needed to serve solo play is hardly justified by "reduced piracy".
 

bigdragon

Distinguished
Oct 19, 2011
532
23
18,985
0
So I have to buy the game and then purchase an authenticator in addition to it just to have some sort of account security in a Blizzard game? No thanks. What a nightmare. I am so glad I avoided Diablo 3. All this news just makes it easier for me to say no. I really really wanted to get a good 4-person cooperative game to play with friends. I had such high hopes for this game, but these news stories are frightening. Diablo 3 seems to be a game that's more stressful than work.

I miss the days when games weren't built around unlockable content. I miss the days where micro-transactions and parts packs weren't worked into every product. I miss the days where games were fun experiences to enjoy. Where did it all start going so wrong?
 

atmos929

Distinguished
Apr 21, 2010
517
0
19,160
80
[citation][nom]mobrocket[/nom]I remember SC2 launch going a lot smoother than this[/citation]
yes, even though it did not have LAN either, it did not require active internet connection...
 

esrever

Splendid
[citation][nom]SinisterSalad[/nom]Allowing offline use would be the best way to counter this.[/citation]
how would that help? people who would want to play on bnet would still get hacked and it just make people able to play the game pirated.
 

brett1042002

Distinguished
Jun 17, 2009
565
0
19,010
12
[citation][nom]DoofusOfDeath[/nom]Would the man-in-the-middle attack be avoided if D3 used SSL ?[/citation]

Maybe, but...

The overhead of SSL would only add much higher latency to an already "laggy" game.

More secure? Sure.

Practical in this case? Negative.
 
G

Guest

Guest
Will this game run afoul of federal laws against online gambling?
 
Status
Not open for further replies.

ASK THE COMMUNITY