#1 - 2012/05/24 11:37:00 AMBlizzard, there is obviously an exploit going around at the moment which is allowing 'hackers' to steal a players gold and items. Many of these people who post on forums also claim to have an authenticator, so there must currently be a way to bypass the log-in system for people to be losing their gear like this.
The RMAH must NOT GO LIVE until this issue has been resolved, as it is currently the biggest danger to your game.
Players are currently SCARED to play your game, for fear of losing tens to hundreds of hours of 'work' on their characters, due to an exploit which is allowing hackers to steal their hard earnt gold and items, despite using an authenticator to secure their account.
Blizzard please, you MUST address this issue, as it is very real as shown by many posts on these forums and videos on youtube.
If the RMAH goes live with this issue, people can spend real money on items in this game, just to have them stolen, and there will be one hell of a ****storm over that.
A very concerned gamer.
Battle.net®/Diablo III Security Concerns
Over the past couple of days, players have expressed concerns over the possibility of Battle.net® account compromises. First and foremost, we want to make it clear that the Battle.net and Diablo III servers have not been compromised. In addition, the number of Diablo III players who’ve contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we’ve investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player’s account, and we have yet to find any situation where a Diablo III player's account was accessed outside of “traditional” compromise methods (i.e. someone logging using an account's login email and password).
To that end, we’ve also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these “traditional” methods -- for example, by “session spoofing” a player’s identity after he or she joins a public game. Regarding this specific example, we’ve looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we’ve determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.
The best defense against account theft still includes smart password management (e.g. using a unique password for every site/service and keeping your password to yourself) and scanning for malware and viruses regularly, as well as following additional preventative steps found [url="http://eu.battle.net/en/security/help"]here[/url]. In the end, while no security method is 100% foolproof, the physical Battle.net Authenticator and Battle.net Mobile Authenticator app are great ways to provide your account with an extra layer of protection.
I strongly recommend that everyone who is worried about losing all their hard work on their Diablo 3 characters to get an authenticator, and to exercise better password / security practice. Change your password for Diablo III now, and make it a unique password that you do not use anywhere else. Currently the only way that accounts are being accessed is by the old-school way of obtaining the user's username and password details.