so after we get hacked or someone else gets hacked we all degenerate to fighting over forums like kids in pre-school...
guys relax, the forums aren't made for people to blow off steam. we're here to talk (i presume XD)
i have very serious doubts on the nature of the hacks...
if it's server side compromise, how did they bypass Blizz/on-site security? the only long range connection to them are through the clients... unless there's an evil dev trolling all of us... they already announced that sometimes during a launching of a new game/expansion in their system, vulnerabilities start appearing... meaning they already know what's happening and is dealing with it.
if it's client side, how did it go past the authenticators (if present) or do it without keyloggers? i do tend to just crack/hack people just for the lulz (don't worry, i return what i steal most of the time), but that requires time and must target specific people only. these people tend to be those that aren't security conscious about their account. so if you aren't that then you shouldn't be hacked (or at least have a small chance of being hacked)
so... is it client side or server side? both seems to pose their own impossible scenarios...
I was reading up about the hacking on European battlenet forums. In one post there are two reports from people who bought brand new computers days before the release of D3. If it isn't an issue on blizzards side than how do you explain this? The computers came from the factory with keyloggers allready on them?
An comprimised account can happen any time. It could have happened on their old computer, or what ever they were using to log into Battle.net (and related games) before the obtained their new computer. Just because the hackers used your account at a certain time doesn't mean they obtained your info at the same time.
As someone else stated they could have easily saved comprimised accounts for the launch of D3 in order to get a bunch of gold and items right away to capitilize off of the Gold AH or just to get their own third party gold selling started. A lot of gold sellers are also ones that use comprimised accounts.
He should be busy lickin' his greasy lips sat in his mother's basement.
I know there is a language barrier and you are trying hard to write everything in English, but I really have no clue what you just said. You can keep resorting to insults because you are wrong, and I am right. Again, you can keep crying about not having an authenticator. Your original post in this thread was bashing Blizzard because you felt an exploit was on their end, and not because you're an idiot for not taking care of your account's security. What more feedback do you need from people here when they tell you to get an authenticator to reduce your problems to zero?
I'll go make out with my authenticator right now because she keeps me safe from the mean Chinamen trying to take my gear and gold.
I got hacked on wow once, found out my email had been hacked (gmail, had not used it for 5 years and didnt know the password) and it was used to associate with the email i used for my blizzard account (yahoo) and then they used that to reset my blizzard account.
So i got a phone authenticator and voila" it got hacked again while i was at work, they used an authentication code and broke in.
I had thought that authenticators could completely stop hacking, but as blizzard had me reset the authenticator code so it would generate new keys, so i guess they dont (couldnt play wow for 2 weeks there lol, authenticators are srs bzns). Heaven help me we use similar technology at the power station i occasionally work at.
As for keylogging, my gaming pc doesnt have a browser on it, i use my laptop for all internets, and i use a portable mozilla browser usually, most of it being read only. may have got it when i was administering my account at blizzards website perhaps?
Might seem paranoid, but i am a sysadmin for an it firm, and you get into habits
So hacking can happen whoever you are, and dont assume that just because someone got hacked, they are a moron.
Oh, and keyloggers these days are nasty, they capture copy/paste, and most can on the fly decrypt the major virtual keyboards ;(
So i got a phone authenticator and voila" it got hacked again while i was at work, they used an authentication code and broke in.
The only way to break into an account with an Authenticator is to use a Man in the middle attack or physically using your Authenticator. Either way it requires the authenticator to physically generate a code. If someone had cracked the alogotrithm that generates the tokens then they would be using their abilities on something other then a video game.
Like you know actual bank accounts with millions of dollars in them.
people are using an exploit to get into player's accounts even if they have an authenticator
Spreading rumors as fact isn't helping. Unless this can be verified, it's best not to state this as fact. If there was a loophole as such, Blizzard would stand to gain nothing by denying it and hiding an ongoing compromise via their end.
Please explain how suddenly tens of thousands of people are being hacked, even those with authenticators, in a very short window, can all be attributed to individual cases of user error.
The short answer is: statistically speaking you dont see an overnight spike in hacked accounts and blame individual users. Hundreds of thousands of people dont all suddenly compromise their own account security based on their own individual actions, at the same time. You are a literal retard for even considering this.
Let me explain then. Often, people on the internet just like in real life wander around with no clue as to what they're doing. If their account wasn't hacked directly then in most cases their e-mail account was hacked directly. Which means their battle.net password can be reset. Which means their game account is compromised.
Many people on the official forums who have reported this happening to them have authenticators attached to their account. Try again.
What? People on an internet forum lied to make their story more solid? Oh my... that's never happened before. Of course it's still possible for this to happen to someone and I'm not suggesting it never does, but I am suggesting that some of the people saying they had authenticators more likely than not... didn't.
So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?
Nope, I don't think it was an elaborate hoax. But I do think it was a large group of people who got taken advantage of by some hackers. Blizzard can't protect people from themselves. It's certainly possible for Blizzard or any company to have a security hole like the one that was being brought up. I just prefer to hear it from an official source instead of immediately believing anonymous posts on an internet forum. Why? Because history tells me that many of those posters are either not understanding what happened or are purposely trying to add fuel to a fire. Maybe sad... but again... history proves it true all too often.
Youre such a sad sack blizz fanboy you truly believe no amount of evidence could prove blizzard has done wrong. enjoy eating humble pie when blizz follows up with their annoucement detailing the issue.
From what I saw just about everyone was simply saying they wanted to hear the response from Blizzard before jumping to conclusions about the situation. Somehow that was unacceptable to you. Why people seem surprised that they come on to a fan site and find fans there always confuses me.
Pretty much says they haven't *actually* been given a hack with an authenticator attached *beforehand*, meaning a lot of those "I had an authenticator" posts were "Well, I added one after, hoping it would help".
we have yet to investigate a compromise report in which an authenticator was attached beforehand.
And, he also agreed that the hackers probably had a bunch of compromised machines and data ready for the game release, and hit everyone all at once. As I said, hackers can read calendars, too. That would explain the scale of this.
Youre such a sad sack blizz fanboy you truly believe no amount of evidence could prove blizzard has done wrong. enjoy eating humble pie when blizz follows up with their annoucement detailing the issue.
From what I saw just about everyone was simply saying they wanted to hear the response from Blizzard before jumping to conclusions about the situation. Somehow that was unacceptable to you. Why people seem surprised that they come on to a fan site and find fans there always confuses me.
I hope he's enjoying his pie today. I'm the 'sad sack blizz fanboy' he posted that to. I allowed for the possibility that the session ID thing was plausible, but, Blizzard has said everything's the usual hack, and they haven't seen one with an authenticator attached before the hack. Pretty much what I had been saying, and what I expected.
I've been watching WoW players blame Blizzard for hacks for 5+ years now, and they weren't right, either, so I didn't expect this to be any different.
The most likely explanation is that some unscrupulous folks have been collecting user info for quite some time. They want to cash in on the gold market before Blizzard allows gold buying/selling on their own AH. As far as I'm concerned, this is all on the end user.
I have not posted in this thread since starting it because I had nothing new to add - I had done and continue to do everything possible to be careful with my internet security, but I did not have an authenticator so could not claim with any certainty if the problem was on my end or Blizzard's end.
I am on a Mac and check for software updates every day, and last night I was offered a Java security update that was supposed to address a security vulnerability with the Java plug-in for the Safari web browser. Who knows, maybe that's how my account managed to get compromised.
I've learned an important lesson about not relying on the "it won't happen to me" security plan and have attached an authenticator, which I of course should of had from the start. I consider the issue closed, and suggest all those who were 100% adamant that their security was fool-proof and the problem was with Blizzard to be more open-minded and wait for all the information before rushing to judgment in the future.
I am on a Mac and check for software updates every day, and last night I was offered a Java security update that was supposed to address a security vulnerability with the Java plug-in for the Safari web browser. Who knows, maybe that's how my account managed to get compromised.
Just FYI, and this isn't criticizing you: I play on a Mac, I work in IT security, and know how to keep things clean w/o an authenticator...but I've had one for a couple years now, because it's like locking your car. Not foolproof, but if they're just looking to grab loose stuff out of the unlocked vehicles, they're going to pass me by. And that's how that hackers are, too. They're not going to fool with hacking past authenticators (look up man-in-the-middle, you still have to be compromised on your end) when they have all those new accounts with no locks ripe for the picking just after launch.
(speculation) I wonder how many of those accounts were beta accounts that they compromised during that time, and didn't do anything till the real game came out. And of course any other account they got the credentials to before launch, but nothing worth messing with was being used on it yet.
I am on a Mac and check for software updates every day, and last night I was offered a Java security update that was supposed to address a security vulnerability with the Java plug-in for the Safari web browser. Who knows, maybe that's how my account managed to get compromised.
Just FYI, and this isn't criticizing you: I play on a Mac, I work in IT security, and know how to keep things clean w/o an authenticator...but I've had one for a couple years now, because it's like locking your car. Not foolproof, but if they're just looking to grab loose stuff out of the unlocked vehicles, they're going to pass me by. And that's how that hackers are, too. They're not going to fool with hacking past authenticators (look up man-in-the-middle, you still have to be compromised on your end) when they have all those new accounts with no locks ripe for the picking just after launch.
(speculation) I wonder how many of those accounts were beta accounts that they compromised during that time, and didn't do anything till the real game came out.
I was aware that an authenticator was a good idea, and that I really should get one, but as I said I was relying on the age-old "it won't happen to me" security plan, or perhaps the "I'm too smart and good-looking for it to happen to me" security plan. Obviously there were a few holes in my plan. I knew that, which is why I wasn't arrogant enough to fill up 7 pages of this thread with angry statements blaming Blizzard's security.
Personally, I am viewing this as a lesson well learned. The game had been out for less than a week when this happened. My highest character was only level 26 - everything that was stolen was easily recovered in a day or two of farming. I've now attached an authenticator, I've already recovered from the items and gold theft, and am not going to let this ruin my enjoyment of the game.
I have not posted in this thread since starting it because I had nothing new to add - I had done and continue to do everything possible to be careful with my internet security, but I did not have an authenticator so could not claim with any certainty if the problem was on my end or Blizzard's end.
I am on a Mac and check for software updates every day, and last night I was offered a Java security update that was supposed to address a security vulnerability with the Java plug-in for the Safari web browser. Who knows, maybe that's how my account managed to get compromised.
I've learned an important lesson about not relying on the "it won't happen to me" security plan and have attached an authenticator, which I of course should of had from the start. I consider the issue closed, and suggest all those who were 100% adamant that their security was fool-proof and the problem was with Blizzard to be more open-minded and wait for all the information before rushing to judgment in the future.
Getting an authenticator should be mandatory. Websites like this are key targets for hackers to try and launch keyloggers and catch people who aren't protected. The Curse network has to work extra hard because there are thousands of accounts tied to the games they support who could get royally hosed. It's happened in the past.
Hackers are going to try and gain access anywhere gamers browse. You have to be prepared for it. Complaining that Blizzard is fail (not you, but some people in this thread) won't keep you safe.
guys relax, the forums aren't made for people to blow off steam. we're here to talk (i presume XD)
i have very serious doubts on the nature of the hacks...
if it's server side compromise, how did they bypass Blizz/on-site security? the only long range connection to them are through the clients... unless there's an evil dev trolling all of us... they already announced that sometimes during a launching of a new game/expansion in their system, vulnerabilities start appearing... meaning they already know what's happening and is dealing with it.
if it's client side, how did it go past the authenticators (if present) or do it without keyloggers? i do tend to just crack/hack people just for the lulz (don't worry, i return what i steal most of the time), but that requires time and must target specific people only. these people tend to be those that aren't security conscious about their account. so if you aren't that then you shouldn't be hacked (or at least have a small chance of being hacked)
so... is it client side or server side? both seems to pose their own impossible scenarios...
also
An comprimised account can happen any time. It could have happened on their old computer, or what ever they were using to log into Battle.net (and related games) before the obtained their new computer. Just because the hackers used your account at a certain time doesn't mean they obtained your info at the same time.
As someone else stated they could have easily saved comprimised accounts for the launch of D3 in order to get a bunch of gold and items right away to capitilize off of the Gold AH or just to get their own third party gold selling started. A lot of gold sellers are also ones that use comprimised accounts.
I know there is a language barrier and you are trying hard to write everything in English, but I really have no clue what you just said. You can keep resorting to insults because you are wrong, and I am right. Again, you can keep crying about not having an authenticator. Your original post in this thread was bashing Blizzard because you felt an exploit was on their end, and not because you're an idiot for not taking care of your account's security. What more feedback do you need from people here when they tell you to get an authenticator to reduce your problems to zero?
I'll go make out with my authenticator right now because she keeps me safe from the mean Chinamen trying to take my gear and gold.
Battle.net Profile / Diablo Progress Profile
So i got a phone authenticator and voila" it got hacked again while i was at work, they used an authentication code and broke in.
I had thought that authenticators could completely stop hacking, but as blizzard had me reset the authenticator code so it would generate new keys, so i guess they dont (couldnt play wow for 2 weeks there lol, authenticators are srs bzns). Heaven help me we use similar technology at the power station i occasionally work at.
As for keylogging, my gaming pc doesnt have a browser on it, i use my laptop for all internets, and i use a portable mozilla browser usually, most of it being read only. may have got it when i was administering my account at blizzards website perhaps?
Might seem paranoid, but i am a sysadmin for an it firm, and you get into habits
So hacking can happen whoever you are, and dont assume that just because someone got hacked, they are a moron.
Oh, and keyloggers these days are nasty, they capture copy/paste, and most can on the fly decrypt the major virtual keyboards ;(
The only way to break into an account with an Authenticator is to use a Man in the middle attack or physically using your Authenticator. Either way it requires the authenticator to physically generate a code. If someone had cracked the alogotrithm that generates the tokens then they would be using their abilities on something other then a video game.
Like you know actual bank accounts with millions of dollars in them.
Spreading rumors as fact isn't helping. Unless this can be verified, it's best not to state this as fact. If there was a loophole as such, Blizzard would stand to gain nothing by denying it and hiding an ongoing compromise via their end.
BurningRope#1322 (US~HC) Request an invite to the official (NA) <dfans> Clan
Let me explain then. Often, people on the internet just like in real life wander around with no clue as to what they're doing. If their account wasn't hacked directly then in most cases their e-mail account was hacked directly. Which means their battle.net password can be reset. Which means their game account is compromised.
What? People on an internet forum lied to make their story more solid? Oh my... that's never happened before. Of course it's still possible for this to happen to someone and I'm not suggesting it never does, but I am suggesting that some of the people saying they had authenticators more likely than not... didn't.
Nope, I don't think it was an elaborate hoax. But I do think it was a large group of people who got taken advantage of by some hackers. Blizzard can't protect people from themselves. It's certainly possible for Blizzard or any company to have a security hole like the one that was being brought up. I just prefer to hear it from an official source instead of immediately believing anonymous posts on an internet forum. Why? Because history tells me that many of those posters are either not understanding what happened or are purposely trying to add fuel to a fire. Maybe sad... but again... history proves it true all too often.
From what I saw just about everyone was simply saying they wanted to hear the response from Blizzard before jumping to conclusions about the situation. Somehow that was unacceptable to you. Why people seem surprised that they come on to a fan site and find fans there always confuses me.
Bashlok posted this: http://www.diablofan...lo-iii/#post571
And this: http://www.diablofan...lo-iii/#post633
Pretty much says they haven't *actually* been given a hack with an authenticator attached *beforehand*, meaning a lot of those "I had an authenticator" posts were "Well, I added one after, hoping it would help".
And, he also agreed that the hackers probably had a bunch of compromised machines and data ready for the game release, and hit everyone all at once. As I said, hackers can read calendars, too. That would explain the scale of this.
I hope he's enjoying his pie today. I'm the 'sad sack blizz fanboy' he posted that to. I allowed for the possibility that the session ID thing was plausible, but, Blizzard has said everything's the usual hack, and they haven't seen one with an authenticator attached before the hack. Pretty much what I had been saying, and what I expected.
I've been watching WoW players blame Blizzard for hacks for 5+ years now, and they weren't right, either, so I didn't expect this to be any different.
I am on a Mac and check for software updates every day, and last night I was offered a Java security update that was supposed to address a security vulnerability with the Java plug-in for the Safari web browser. Who knows, maybe that's how my account managed to get compromised.
I've learned an important lesson about not relying on the "it won't happen to me" security plan and have attached an authenticator, which I of course should of had from the start. I consider the issue closed, and suggest all those who were 100% adamant that their security was fool-proof and the problem was with Blizzard to be more open-minded and wait for all the information before rushing to judgment in the future.
Just FYI, and this isn't criticizing you: I play on a Mac, I work in IT security, and know how to keep things clean w/o an authenticator...but I've had one for a couple years now, because it's like locking your car. Not foolproof, but if they're just looking to grab loose stuff out of the unlocked vehicles, they're going to pass me by. And that's how that hackers are, too. They're not going to fool with hacking past authenticators (look up man-in-the-middle, you still have to be compromised on your end) when they have all those new accounts with no locks ripe for the picking just after launch.
(speculation) I wonder how many of those accounts were beta accounts that they compromised during that time, and didn't do anything till the real game came out. And of course any other account they got the credentials to before launch, but nothing worth messing with was being used on it yet.
I was aware that an authenticator was a good idea, and that I really should get one, but as I said I was relying on the age-old "it won't happen to me" security plan, or perhaps the "I'm too smart and good-looking for it to happen to me" security plan. Obviously there were a few holes in my plan. I knew that, which is why I wasn't arrogant enough to fill up 7 pages of this thread with angry statements blaming Blizzard's security.
Personally, I am viewing this as a lesson well learned. The game had been out for less than a week when this happened. My highest character was only level 26 - everything that was stolen was easily recovered in a day or two of farming. I've now attached an authenticator, I've already recovered from the items and gold theft, and am not going to let this ruin my enjoyment of the game.
Getting an authenticator should be mandatory. Websites like this are key targets for hackers to try and launch keyloggers and catch people who aren't protected. The Curse network has to work extra hard because there are thousands of accounts tied to the games they support who could get royally hosed. It's happened in the past.
Hackers are going to try and gain access anywhere gamers browse. You have to be prepared for it. Complaining that Blizzard is fail (not you, but some people in this thread) won't keep you safe.
Battle.net Profile / Diablo Progress Profile