Accounts being hacked on US servers

  • #61
    Quote from istreamer
    I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator

    and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
    It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.

    The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.

    I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
  • #62
    Hey, I know. Let's argue, fight and be nasty about it with each other over something none of us know a damn thing about.
  • #63
    Quote from MandyMemory

    Quote from istreamer
    I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator

    and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
    It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.

    The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.

    I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.


    It hasn't in this scale. It's not possible in this scale. The logistics involved with having something cause an event this large all on the individual client side level are unbelievably staggering. It's a text book instance of Occams Razor- the simpler explanation is usually the correct one. It's definitely on blizzards end here.
  • #64
    I am not great with all the hacking technicalities, but I played a public game today but I have an authenticator via my iPhone. Should I be worried?
  • #65
    Quote from istreamer

    Quote from MandyMemory

    Quote from istreamer
    I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator

    and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
    It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.

    The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.

    I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.


    It hasn't in this scale. It's not possible in this scale. The logistics involved with having something cause an event this large all on the individual client side level are unbelievably staggering. It's a text book instance of Occams Razor- the simpler explanation is usually the correct one. It's definitely on blizzards end here.


    What scale? You don't have any statistics backing your claims, only assumptions.
  • #66
    Quote from teneighty

    I am not great with all the hacking technicalities, but I played a public game today but I have an authenticator via my iPhone. Should I be worried?


    There nothing you can really do, but until we hear otherwise, I personally wouldn't play any public games or start any sessions with someone you do not personally know.
  • #67
    Quote from calpurnia12

    Quote from istreamer

    Quote from MandyMemory

    Quote from istreamer
    I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator

    and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
    It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.

    The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.

    I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.


    It hasn't in this scale. It's not possible in this scale. The logistics involved with having something cause an event this large all on the individual client side level are unbelievably staggering. It's a text book instance of Occams Razor- the simpler explanation is usually the correct one. It's definitely on blizzards end here.


    What scale? You don't have any statistics backing your claims, only assumptions.


    The scale large enough to prompt an announced blizzard "we are actively investigating this issue stay tuned for an update soon", an announcement required by law if they have been compromised. The scale large enough to have twitter, gaming sites, and every fan forum talking about it. The scale large enough to fill multiple topics on official diablo forums to post cap in less than 48 hours.

    That kind of scale.
  • #68
    Quote from ContentsMayVary

    Yes, we've heard all this before with WoW accounts.

    Keylogger ftl.


    Many people on the official forums who have reported this happening to them have authenticators attached to their account. Try again.
  • #69
    Quote from ruksak

    Hey, I know. Let's argue, fight and be nasty about it with each other over something none of us know a damn thing about.


    Unfortunately Blizzard seems to generate a lot of hate. It seems like many people like the thought of them failing as well. I would think this simply comes from them being the most popular. If someone else were then they'd probably be getting the hate instead.

    I have to admit that I initially thought for sure it was a bunch of people that didn't have authenticators. The more I read though the more it's pointing to something else. I guess the thing is... for many years now people have been getting hacked due to their own lack of security or ignorance so it's easy to jump to that conclusion (and I still feel it's a fair assumption to make). Blizzard will have some serious wounds to tend if this does turn out to be a security hole on their side.

    I suppose that Blizzard has to take the good with the bad though. They're reaping the benefits that come from having rabid fans... they're going to be held to a higher standard as a result.
  • #70
    I just read about this on d2jsp (actually my first time going there). They said it was emcor.dll grabbing your authentication token and allowing someone else to login under you, clear your items, and logout. Apparently they can't change your password or re-login... just a one off thing, but that's all it takes.

    Edit regarding: Also read the note from page 3 ""an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know""...

    I haven't been hacked, but I have randomly been assigned to games with chars with chinese symbols, doing nothing in town... makes me wonder. Because yesterday, I got a friend request from a player with a name like "d3-gold.com", or something along those lines. They must be building lists of people.
    SC2 Editor Tutorials: OnetwoSC
    D3 Channel: OnetwoD3
  • #71
    Quote from istreamer

    I'm concerned my sides will rupture from laughter when you get hacked- keep on playing!

    and keep on joining public games too man! why not when 100% safe with that authenticator XFD!


    There is no need to start acting like a jerk over something that hasn't even been confirmed to be true yet. Plenty of people could have already had comprimised accounts and the "hackers" are taking advantage of it now that D3 is out. Could there be a threat? Sure. But there is no need to be little people or laugh at them just because they aren't ranting and raving about it.

    There are plenty of "stupid" people out there that when hacked don't actually understand what happens or how they can be comprimised. There are also plenty of trolls that respond in affirmative that they to have been hacked (with authenticators) when they really haven't.

    If you've followed Blizzard Blue posts for long enough you always see a couple of posts where people report something happening and then the a Blue responds about seeing nothing of the sort happening to that account. Its the internet anything is possible even widespread hoaxes.

    Dismissing them completly is folly, unless proven otherwise. The opposie is just as true. Beliving them without proof has just as much folly. Even if Blizzard came out and stated that the problem isn't what people are saying it is, people will still claim otherwise.

    If anything I would be more likely to believe a man in the middle attack which would be easy to orchestrate given the frequency of disconnects in the first week and the amount of people that another fake disconnect would fool.
  • #72
    Quote from istreamer

    That kind of scale.


    That still means nothing. A hoax no matter how large can still be a hoax. Just because people spread it doesn't make it truth.
  • #73
    Quote from Khrull777

    If somebody is using an authenticator and they still got hacked, it is a server side issue.


    Not necessarily. If they did not require an authenticator code EVERYTIME they log in, then the account could still get hacked.
  • #74
    Quote from Senchean

    Not necessarily. If they did not require an authenticator code EVERYTIME they log in, then the account could still get hacked.


    That really isn't true. Not requiring a Authenticator code every time you log in does nothing to the Security of an Authenticator. Banks use the same "home computer" principle and are secure.

    However it is true that someone getting hacked with an authenticator might not be a server side issue. A man in the middle attack is something on the user's computer that intercepts the authentication code and transmits it to the hackers computer, who then logs in to your account. You get an error message saying "service is down" or something to make you think it hasn't gone through.

    These types of attack can happen, are are the only known cases of the Authenticator being circumvented. They are harder to pull off though.
  • #75
    Quote from rhorle

    Quote from istreamer

    That kind of scale.


    That still means nothing. A hoax no matter how large can still be a hoax. Just because people spread it doesn't make it truth.


    So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?

    Occams razor again man- if you truly believe there is an elaborate hoax going on here to make it look like server side hacking is going on, compared to just server side hacking going on- then may god have mercy on your soul
  • #76
    Quote from istreamer

    So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?


    Repeating something does not mean its true. Provide something that says there are tens of thousands of confirmed cases of this happening. Just because threads reach post limits or people post on fan sites about it doesn't make it automatically true.
  • #77
    Quote from rhorle

    Quote from istreamer

    I'm concerned my sides will rupture from laughter when you get hacked- keep on playing!

    and keep on joining public games too man! why not when 100% safe with that authenticator XFD!


    There is no need to start acting like a jerk over something that hasn't even been confirmed to be true yet. Plenty of people could have already had comprimised accounts and the "hackers" are taking advantage of it now that D3 is out. Could there be a threat? Sure. But there is no need to be little people or laugh at them just because they aren't ranting and raving about it.

    There are plenty of "stupid" people out there that when hacked don't actually understand what happens or how they can be comprimised. There are also plenty of trolls that respond in affirmative that they to have been hacked (with authenticators) when they really haven't.

    If you've followed Blizzard Blue posts for long enough you always see a couple of posts where people report something happening and then the a Blue responds about seeing nothing of the sort happening to that account. Its the internet anything is possible even widespread hoaxes.

    Dismissing them completly is folly, unless proven otherwise. The opposie is just as true. Beliving them without proof has just as much folly. Even if Blizzard came out and stated that the problem isn't what people are saying it is, people will still claim otherwise.

    If anything I would be more likely to believe a man in the middle attack which would be easy to orchestrate given the frequency of disconnects in the first week and the amount of people that another fake disconnect would fool.


    On what grounds do you conclude this entire thing is an un-organized hoax, as opposed to an actual security breach?

    Like you have to have some sort of reason to believe that other than "u cant hack blizzard" or "blizzard is infallible they could never be compromised". Those aren't arguments or reasons, they are unsubstantiated beliefs. Do you have actual reasons you are basing these beliefs on?

    Just, like, on what possible grounds could you deem this a "hoax" as opposed to an actually occurring issue.

    Seriously, please go play as many public games as possible.
  • #78
    So is anyone going to post an actual link to an official Blizzard acknowledgment that something is indeed happening or are we just trying on our tinfoil hats?
  • #79
    Quote from rhorle

    Quote from istreamer

    So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?


    Repeating something does not mean its true. Provide something that says there are tens of thousands of confirmed cases of this happening. Just because threads reach post limits or people post on fan sites about it doesn't make it automatically true.


    And the blizzard response saying they are giving an update on it shortly is just part of the hoax? and many gaming sites writing articles about it who have top staff being affected by the issue are also in on the hoax? The posters saying they were hacked are all just making it up, all tens of thousands of those affected, all just making it up and actually playing diablo 3 at the same time on a dual screen laughing at all the people they've collectively fooled with no organization in the slightest?

    No, someone saying something doesn't make it true. Thousands of people independently reporting the same issue, however, does make something EXTREMELY likely to be true- especially when they come armed with screen shots and evidence.

    I truly pity you and anyone else as myopic as you.
  • #80
    ther new authenticator system requiers your authenticator code everytime you log in from a defrint IP addrsse or a defrint physical location

    ps
    i got a frinde who got hackede he hade 3 "new frindes" added to his account and he never joinede a public game... he is an experincede computer user so he havent to my knowelde klickede eneyting funky
    i apologice for spelling errors i am from denmark and unfortnaly suffer from dyslixa
  • To post a comment, please or register a new account.
Posts Quoted:
Reply
Clear All Quotes