Sections

Blizzard “dedicated to doing everything” to stop Diablo III Battle.net hacks

Tuesday, 22nd May 2012 07:34 GMT By Johnny Cullen

Blizzard has said its currently “dedicated” to stop Battle.net accounts tied to Diablo III being hacked.

The company has priors in this area with World of Warcraft expansions, but said it would do its part to keep player accounts on Battle.net safe.

“Historically, the release of a new game — such a World of Warcraft expansion — will result in an increase in reports of individual account compromises, and that’s exactly what we’re seeing now with Diablo III,” it said in a statement to Joystiq.

“We know how frustrating it can be to become the victim of account theft, and as always, we’re dedicated to doing everything we can to help our players keep their Battle.net accounts safe — and we appreciate everyone who’s doing their part to help protect their accounts as well.”

Despite the vow, Joystiq cites sources that claim thousands of Battle.net accounts were hacked last year with very little done to stop the outside interference.

For now, Blizzard is advising the usage of an Authenticator through its own keychain brand or an iOS or Android app.

Breaking news

27 Comments

Sign in to post a comment.

  1. Llewelyn_MT

    “We are doing everything yada yada yada. Buy our keychains.”

    #1 2 years ago
  2. MFBB

    But thats only through stupid people getting infected with trojans etc right?

    It is not actually hacking battle.net and stealing account information?

    They should take care of there servers, Diablo 3 servers are a mess.

    Lots of disconnects, bad pings/connection issues and downtime for people all over the world in all regions.

    Got lucky and only had like 4-5 disconnects where i got kicked off the servers.

    #2 2 years ago
  3. endgame

    “Blizzard “dedicated to doing everything” to stop Diablo III Battle.net hacks” LOL! So funny! Oh so funny!

    edit: Because why else would you turn a single player game into a lovely DRM experience except than to protect your customers!?

    #3 2 years ago
  4. Edo

    But..but I thought DRM was suppose to prevent this…

    #4 2 years ago
  5. Strawb

    #4
    I know you’re being sarcastic, I just wanted to comment anyway.

    If anything, making D3 an always online game just makes people that much more vulnerable.

    #5 2 years ago
  6. GrimRita

    Wait? Arent the Authenticators free on itunes/google play? If not, this entire story stinks of Activi$ion trying to make even MORE money.

    #6 2 years ago
  7. noherczeg

    @4 lol? DRM supposed to prevent piracy, not hacks. And yes, only stupid users accounts a hacked, because it works that way. Stupid people with stupid habbits and stupid passwords what makes hackers job easy and not the service provider.

    #7 2 years ago
  8. DSB

    I’m inclined to go with #7.

    You could run a million stories of this happening in WoW, but in all my time there we never had a hack in my guild that wasn’t somehow caused by people giving up their info.

    Personally I always had something like 15 spoof e-mails in my spam box, and if you’re buying gold or taking other shortcuts, then it’s pretty much assured.

    #8 2 years ago
  9. Edo

    @7 As No 5 said…it’s not helping it either.

    #9 2 years ago
  10. Strawb

    #8

    Getting hacked does happen to people who are reasonable from time to time. A friend of mine had his account hacked while it was inactive, despite him not going to shady websites or even having bought gold in-game.

    Getting hacked in a single-player game is just moronic, and it was because of Blizzard’s plan to connect all their franchises via Battle.net that it’s happening. If they had stuck to the old model i.e. only logging onto Battle.net when playing online, or if they simply had made it optional to be constantly online, we’d either not see these hacks or see them sharply reduced.

    #10 2 years ago
  11. Phoenixblight

    @10

    With the AH you were going to see it one way or another because there is Real Money involved.

    #11 2 years ago
  12. Strawb

    @11

    True.

    I wanted to counter-argue that using a log-in system only for the AH feature could make it easier to protect accounts, but I can’t really think of any security system for that kind of account that wouldn’t be done in by a key-logger.

    #12 2 years ago
  13. DSB

    @10 Call me cynical, but usually people don’t admit to watching dutch monkey porn at 3 in the morning, especially when they need to complain to a friend about their accounts being jacked.

    Obviously there’s always the possibility, there’s no way of telling, but personally I don’t believe that anyone wants to spend actual time and energy cracking WoW accounts one at a time, even if it is a business for them.

    And that’s basically because they’d never have to. The reason why people send out spam mail, or operate phishing sites, is because they work, and they’re a far more efficient way of getting peoples information.

    Even if 1 percent out of a million e-mails take the bait, that’s 10,000 accounts in your pocket.

    Back in my old guild, no one would readily admit that they gave up their passwords. Usually we had to either dog them for a week into admitting it, or it would get out through gossip :P

    #13 2 years ago
  14. Phoenixblight

    @13

    People always forget to look up…. at the URL when logging in.

    #14 2 years ago
  15. DSB

    @14 Very true. Some of those phishing e-mails are very convincing.

    I’ve actually checked my Paypal and my Battle.net accounts based on spam mails like that. But of course I never use any link provided in an e-mail to do it.

    #15 2 years ago
  16. OlderGamer

    Guys stop, your doing exactly what Blizzard wants you to do(DSB and PB). Spread the idea that being hacked is ALWAYs the fault and responsibilty of the user. Often times it is. But not always. Just because it didn’t happen to you, doesn’t mean it does happen to other people.

    It happend to me.

    I do not share accounts, do not share PCs, am smart enough not to fall for phishing/spam emails, have never bought gold, never been power leveled, etc.

    I now use an authenticater and have had zero problem.

    Just think for a second if your service is so targeted and so many of your users are effected, that maybe, just maybe there is more to it then some dumb user? I think it is the sheer smugness that guys like you have that really irks me. Like it was my fault or that I invited being hacked.

    The last time I was hacked, while on the phone with Blizz, the rep told me that(off the record), they have had several breaches over the years. And that an authenticater was the only way to stop continued repeat hacking. New PWs and emails wouldn’t matter. Some accounts had their server side IDs stolen and were easily trackable. Ever notice they target a lot of players that don’t have their accounts active? Now how would they know that?

    I am glad it hasn’t happened to you guys.

    But that doesn’t mean it doesn’t happen to other folks.

    #16 2 years ago
  17. viralshag

    I’ve been hacked and I don’t know how as I don’t buy gold and do all the usual stuff to get you in that position.

    And I would still agree with DSB and PB that the majority of the time it will be the users fault.

    #17 2 years ago
  18. OlderGamer

    I also agree that often times it is the user. But being in the situation I was in, I also know that it often is not the users fault. What none of us know is how often and which one is which. And that is what I meant. Blizzard wants people to think that all hacks are preventable and the users fault. Otherwise they are liable.

    #18 2 years ago
  19. DSB

    The problem is obviously human nature, OG.

    People aren’t likely to realize it when they do give their password away, and so you have a lot of people “who didn’t do anything”. It’s not much of a scam if you don’t get blindsided.

    Your theory of a breach is pretty much ruined by the notion of an authenticator being able to prevent you from getting your stuff taken. The only thing an authenticator stops, is in fact people who are using your password. If they actually had access to your full account, you should realize that they’d have absolutely no problem removing your authenticator before sharding your purplz.

    The notion that someone would randomly target your account and spend hours, if not days, cracking it, just so they could get your 6k gold and a few shards simply doesn’t add up. That’s like blowing a hole in the wall of a house, before checking to see if the key is under the doormat. Crime of enrichment isn’t motivated by being hard, laborious or inconvenient. It’s motivated by being a faster way to enrich yourself, than an actual job.

    Why anyone would rather spend months to get a handful of accounts, as opposed to simply spending a week putting together a botnet with a neatly composed phishing e-mail, or really just grabbing those passwords from others who already have them, is just beyond me.

    It doesn’t make any sense. It would be a pretty stupid way to make a buck for whoever is doing it. I just go on what I know. So far everyone I know who has been hacked, has been at fault themselves, by their own admission. Roughly 10-15 people out of a guild with a changing line-up of maybe 300 give or take.

    #19 2 years ago
  20. Ireland Michael

    @DSB I am diletgently in my virus and malware protection, I’ve never clicked an invalidated link in an email or website, especially not in regard to World of Wacraft, and my passwords are always complex and largely unguessable.

    And yet I still had my account hacked.

    I have no doubt there are plenty of people who have had their accounts hacked through phishing and negligence, but this is not always the case.

    #20 2 years ago
  21. Phoenixblight

    @16

    I never said its always the case I am sure there are times like with D3 that someone found an exploitation and used it to get access to an accoun(s) but the majority of people that do get hacked are not being careful and its really silly to not use services that are offered by Blizzard or whomever. My bank account if I log in from completely different computer sends me a text with a code to access it so you don’t just need to have access to my PW but my computer or my phone.

    #21 2 years ago
  22. TheWulf

    @2

    Incorrect! This has nothing to do with trojans, key-loggers, or anything of the sort. It’s just a simple site that can do it if you have the scripts on for that site. It’s a session ID hack, possibly the simplest hack of all.

    Which means that if you’ve logged into Blizzard and then go to a site which has this script running, you’ve been hacked. Simple as. This is some really piss poor security from Blizzard.

    I mean, look at Valve. Valve only got hacked once, and it was solely because they didn’t use their own forum software. And even then, even if a person gets your password, they can’t do anything with it because your account is linked to your computer hardware. This is because Valve knows security, and they pretty much just laugh in the face of hackers.

    Blizzard, on the other hand…

    A session ID related hack, seriously Blizz?

    Sigh.

    #22 2 years ago
  23. TheWulf

    Also, #21 is wrong. The session ID hack USES your authenticator. Blizzard has confirmed that the authenticator does NOTHING against this hack. I repeat, NOTHING. This is because once you’ve logged in with your account, the session ID is there, and anyone can just get at that if you go to the right site.

    #23 2 years ago
  24. DSB

    @20 It obviously could happen, so it probably has, but I think it’s a pretty tough sell that “the hackers chose me”. There’s rarely any proof with these sorts of things, so ultimately I’m always going to rely on statistical probability.

    It’s pretty unlikely that a public company could successfully hide a significant breach, there are too many people and too many snoops, and to me it makes very little sense that hackers would spend a lot of time gaining access to my account. They’ll lose money doing that, compared to pretty much any other job.

    You do have to be unreasonably paranoid to go about the internet without getting screwed these days, and even then there’s no guarantee that a breach somewhere won’t give away your password.

    I lost a password once too (for Ebay) and I still don’t know how that happened either. I consider myself fashionably paranoid, and I’m not going to fall for anything half-assed. In all likelihood though, someone, somewhere got me.

    #24 2 years ago
  25. TheWulf

    Also? If you’re not running NoScript for any sites you don’t know, then you’re begging to be hacked. This is basically how people have been hacked thus far – malicious site scripts. They exist. Basically, they just peer at your session ID for Battle.net, and the poof, in they go. Into your account, to molest your things.

    So no, this isn’t malware, this is a matter of piss poor security on Blizzard’s end and people visiting sites without protection. I’ve actually not been screwed yet – not saying it won’t happen, but I do take the necessary precautions.

    If Blizzard had taken the precautions Valve had, then it wouldn’t have mattered if they’d been hacked. Valve’s shit is A) too highly and properly encrypted, and B) protected by being linked into the user’s hardware. Now that’s security.

    But to have people being hacked because of a session ID? That’s embarrassing.

    #25 2 years ago
  26. soool

    Patrick Garratt eats donkey dicks.

    That is all.

    #26 2 years ago
  27. Giskard

    @25 I have no noscript, no authenticator, and I’ve yet to be hacked. And trust me when I say this. I’ve seen shit. No problems here though.

    #27 2 years ago