Just read this on official forums. A blue replied but didn't confirm nor deny it. Seems like the issue is on Blizzards end after all.
"an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know"
That is currently unconfirmed, but if it's true that's pretty genius. Doesn't make a lot of sense though that Blizz would use an unencrypted piece of information that acts like a master key. This isn't exactly their first online game.
Someone just tried to hack my account just a few minutes ago. I immediately changed my password. Thank God I did it quick enough and signed back on, none of my things are missing. Someone random was added to my friend's list. I reported them and removed them.
Watch out people! I haven't bought any gold or anything else from anywhere, and the only website I've been to D3 related is this one and the official one. So Blizzard needs to check their servers!!!!
Do you have an authenticator? If not, get one. You probably have a security issue, no matter how much you protest.
Edit- Looks like someone all ready posted this info but I will keep it on
Just read this on official forums. A blue replied but didn't confirm nor deny it. Seems like the issue is on Blizzards end after all.
"an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know"
If this is the case we should expect to see servers going down shortly I would think.
This is the thread its in, http://us.battle.net...opic/5149539239 not much else to read though. I just logged in to delete randoms off my friends list, not sure if it would help or not but I just want to be safe as possible lol. I kept getting errors trying to remove people from friends and getting disconnected...
It doesn't explain every hacking incident, like one of the users in here that had their password changed which requires their email be hacked too.
Blue has confirmed nothing. Until blue posts that they found a problem, I'll believe that it's all client side, like WoW/SC2. And if it's a 'public game' issue as this poster says, why are people getting hacked who were never in a public game? Yeah. It's client-side unless Blizzard says it isn't.
Yes, they can be lying about the authenticators, but there are a lot of them. And it is interesting how many people insist it is key loggers at work, well then why the sudden influx of hacked accounts? I really doubt the organizations that installed keylogger programs are more interested in stealing your video game gold than your real banking information.
If someone had access to the server directly, they wouldn't need to hack accounts.
The problem is between the keyboard and the chair.
Please explain how suddenly tens of thousands of people are being hacked, even those with authenticators, in a very short window, can all be attributed to individual cases of user error.
The short answer is: statistically speaking you dont see an overnight spike in hacked accounts and blame individual users. Hundreds of thousands of people dont all suddenly compromise their own account security based on their own individual actions, at the same time. You are a literal retard for even considering this.
Please explain how suddenly tens of thousands of people are being hacked, even those with authenticators, in a very short window, can all be attributed to individual cases of user error.
Few theads on BNET forums = tens of thousands of people apparently.
Please explain how suddenly tens of thousands of people are being hacked, even those with authenticators, in a very short window, can all be attributed to individual cases of user error.
Few theads on BNET forums = tens of thousands of people apparently.
Started and post capped thread in a single day, multiple gaming sites noting it and writing articles, blizzard ceasing reponses to tickets on the issue and is investigating. Threads about it on every single D3 fansite.
Are you trying to deny there is any issue at all? That the amount of hacked accounts is on the same day to day average as expected?
It must be nice to look at an insurmountable plethora of evidence to the contrary and say "nope, nothings happening here". How was church this weekend? lmao
Please explain how suddenly tens of thousands of people are being hacked, even those with authenticators, in a very short window, can all be attributed to individual cases of user error.
Few theads on BNET forums = tens of thousands of people apparently.
Blizzard's official position is don't post these concerns in public, please privately e-mail us.
This is from a Blue Poster in response to someone complaining about their account getting hacked.:
5]The forums really aren't the proper place to discuss these concerns; please contact Customer Support.
As Istreamer mentioned, if you look around Diablo fan sites/reddit, there are a lot of people reporting hacking. And a lot of them have been long time members of the community with lots of previous posting activity before they got hacked, which adds credibility.
As Istreamer mentioned, if you look around Diablo fan sites/reddit, there are a lot of people reporting hacking. And a lot of them have been long time members of the community with lots of previous posting activity before they got hacked, which adds credibility.
As Istreamer mentioned, if you look around Diablo fan sites/reddit, there are a lot of people reporting hacking. And a lot of them have been long time members of the community with lots of previous posting activity before they got hacked, which adds credibility.
Unfortunately, no, it doesn't add credibility.
There are Diablo Fans on this site and there are Diablo Fanboys on this site. There are people who love the games Blizzard makes and there are people who say the sky is only blue if Blizzard tells me it is.
If somebody has built up a reputation over time, they are more credible than somebody who makes his very first posting and has no history. Do you trust somebody more on ebay who has sales under their belt or if it is their first auction? One has a reputation, the other does not.
There are in depth questions and answers with numerous people on other sites who have been hacked and here is the synopsis, based upon multiple q&a with hundreds of people who have been hacked:
Latest update regarding this is that public games have a vulnerability which allows others in the game to snatch a session id and use it to access your account, but there is no official word yet, but I guess you'd want to stay away from public games in the meantime.
Some of the Q&A showed people with multiple characters, but only the characters who played in public games got hacked. There will be more clarity over time, but this is the latest information for now. And having an authenticator made no difference.
Latest update regarding this is that public games have a vulnerability which allows others in the game to snatch a session id and use it to access your account, but there is no official word yet, but I guess you'd want to stay away from public games in the meantime.
There are also some posts, though - not many, but some - from people saying this has happened to them when they have never joined a public game since installing, and that they have never bought or sold anything though the AH. At this point I'm honestly not sure whether to stay logged in and keep an eye on my account or stay logged out in hopes they can't snatch a session ID if I'm not logged in.
"an exploit was discovered by duplicating a session ID
basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting
if you play with people, try not to play in public games bro, only with people you know"
A FB friend that enjoys forums where people like to hack video games, decided to tell me. If this is possible try to figure out how to put an end to it.
Blues, assemble =\
Hey guys,
We are very aware of these reports and are taking them very seriously. Please keep an eye on the General Discussion forums as Community members will be posting something soon.
If you have been hacked, please contact Customer Service as soon as you can. In addition, using an Authenticator can help secure your account even more.
People are getting their hackers(or the character's they traded the gold too) randomly added to their friends/recently played list. There are many people getting hacked but only a handful of these random friends, meaning it is either a few people or small group of people doing the hacks. This isn't anything surprising, but if it were keyloggers wouldn't this imply that all these people getting hacked visited the same site? If this is the case than pinpointing said sites should be easy considering how many people are complaining about being hacked.
Like others have said, the massive influx of people getting hacked leads me to the obvious conclusion that the problem is server side. Sure there are probably people with keyloggers too, like the user that had the password changed but this backdoor entry into accounts makes much more sense, especially with blizzard telling a lot of people they have no log of their accounts being comprimised. I.E.- The session ID didn't change and the hackers skipped the authentication process. This is also why people with authenticators are getting hacked.
I can't believe how many people this is client side. Like, cmon, really? A massive spike in account hacks (complete with not discriminating against people with authenticators) happen in a 48 hour period, and you people think they are all completely unrelated user errors?
Very very very few people have said they have authenticators, and it's been happening since day one.
Who would have thought that the number of hacked accounts would increase dramatically once the game is released?
If it was server side, they would hack people in inferno, probably the ones getting world firsts, as they have the most gold/items. If it's client side, they hack the ones with no authenticators or those dumb enough to download programs that bypass them. (Very possible)
I'm not saying some kind of issue doesn't exist, my stance is that kids are too lazy/poor to get a free authenticator or one that costs $6 from Blizzard. I don't feel bad for them.
I can't believe how many people this is client side. Like, cmon, really? A massive spike in account hacks (complete with not discriminating against people with authenticators) happen in a 48 hour period, and you people think they are all completely unrelated user errors?
Very very very few people have said they have authenticators, and it's been happening since day one.
Who would have thought that the number of hacked accounts would increase dramatically once the game is released?
If it was server side, they would hack people in inferno, probably the ones getting world firsts, as they have the most gold/items. If it's client side, they hack the ones with no authenticators or those dumb enough to download programs that bypass them. (Very possible)
I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator
and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
I'm not saying some kind of issue doesn't exist, my stance is that kids are too lazy/poor to get a free authenticator or one that costs $6 from Blizzard. I don't feel bad for them.
I'm concerned my sides will rupture from laughter when you get hacked- keep on playing!
and keep on joining public games too man! why not when 100% safe with that authenticator XFD!
I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator
and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.
The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.
I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator
and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.
The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.
I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
It hasn't in this scale. It's not possible in this scale. The logistics involved with having something cause an event this large all on the individual client side level are unbelievably staggering. It's a text book instance of Occams Razor- the simpler explanation is usually the correct one. It's definitely on blizzards end here.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
The problem is between the keyboard and the chair.
That is currently unconfirmed, but if it's true that's pretty genius. Doesn't make a lot of sense though that Blizz would use an unencrypted piece of information that acts like a master key. This isn't exactly their first online game.
Do you have an authenticator? If not, get one. You probably have a security issue, no matter how much you protest.
Blue has confirmed nothing. Until blue posts that they found a problem, I'll believe that it's all client side, like WoW/SC2. And if it's a 'public game' issue as this poster says, why are people getting hacked who were never in a public game? Yeah. It's client-side unless Blizzard says it isn't.
https://us.battle.net/d3/en/forum/topic/5149008932?page=1
Yes, they can be lying about the authenticators, but there are a lot of them. And it is interesting how many people insist it is key loggers at work, well then why the sudden influx of hacked accounts? I really doubt the organizations that installed keylogger programs are more interested in stealing your video game gold than your real banking information.
Please explain how suddenly tens of thousands of people are being hacked, even those with authenticators, in a very short window, can all be attributed to individual cases of user error.
The short answer is: statistically speaking you dont see an overnight spike in hacked accounts and blame individual users. Hundreds of thousands of people dont all suddenly compromise their own account security based on their own individual actions, at the same time. You are a literal retard for even considering this.
Few theads on BNET forums = tens of thousands of people apparently.
Battle.net Profile / Diablo Progress Profile
Started and post capped thread in a single day, multiple gaming sites noting it and writing articles, blizzard ceasing reponses to tickets on the issue and is investigating. Threads about it on every single D3 fansite.
Are you trying to deny there is any issue at all? That the amount of hacked accounts is on the same day to day average as expected?
It must be nice to look at an insurmountable plethora of evidence to the contrary and say "nope, nothings happening here". How was church this weekend? lmao
Blizzard's official position is don't post these concerns in public, please privately e-mail us.
This is from a Blue Poster in response to someone complaining about their account getting hacked.:
As Istreamer mentioned, if you look around Diablo fan sites/reddit, there are a lot of people reporting hacking. And a lot of them have been long time members of the community with lots of previous posting activity before they got hacked, which adds credibility.
Unfortunately, no, it doesn't add credibility.
There are Diablo Fans on this site and there are Diablo Fanboys on this site. There are people who love the games Blizzard makes and there are people who say the sky is only blue if Blizzard tells me it is.
If somebody has built up a reputation over time, they are more credible than somebody who makes his very first posting and has no history. Do you trust somebody more on ebay who has sales under their belt or if it is their first auction? One has a reputation, the other does not.
There are in depth questions and answers with numerous people on other sites who have been hacked and here is the synopsis, based upon multiple q&a with hundreds of people who have been hacked:
Latest update regarding this is that public games have a vulnerability which allows others in the game to snatch a session id and use it to access your account, but there is no official word yet, but I guess you'd want to stay away from public games in the meantime.
Some of the Q&A showed people with multiple characters, but only the characters who played in public games got hacked. There will be more clarity over time, but this is the latest information for now. And having an authenticator made no difference.
There are also some posts, though - not many, but some - from people saying this has happened to them when they have never joined a public game since installing, and that they have never bought or sold anything though the AH. At this point I'm honestly not sure whether to stay logged in and keep an eye on my account or stay logged out in hopes they can't snatch a session ID if I'm not logged in.
Like others have said, the massive influx of people getting hacked leads me to the obvious conclusion that the problem is server side. Sure there are probably people with keyloggers too, like the user that had the password changed but this backdoor entry into accounts makes much more sense, especially with blizzard telling a lot of people they have no log of their accounts being comprimised. I.E.- The session ID didn't change and the hackers skipped the authentication process. This is also why people with authenticators are getting hacked.
Who would have thought that the number of hacked accounts would increase dramatically once the game is released?
If it was server side, they would hack people in inferno, probably the ones getting world firsts, as they have the most gold/items. If it's client side, they hack the ones with no authenticators or those dumb enough to download programs that bypass them. (Very possible)
Battle.net Profile / Diablo Progress Profile
I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator
and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
I'm concerned my sides will rupture from laughter when you get hacked- keep on playing!
and keep on joining public games too man! why not when 100% safe with that authenticator XFD!
The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.
I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
BurningRope#1322 (US~HC) Request an invite to the official (NA) <dfans> Clan
It hasn't in this scale. It's not possible in this scale. The logistics involved with having something cause an event this large all on the individual client side level are unbelievably staggering. It's a text book instance of Occams Razor- the simpler explanation is usually the correct one. It's definitely on blizzards end here.