Account Security and Public Games, Hardcore Hell, Diablo 3 API, Blue Posts

Also Today: Diablo 3 Patch 1.0.2.9749 Coming Soon
Update: added new blue on account security and updated old with Bashioks post.

Accounts Not At Risk in Public Games
Updated Reports have been coming in that hackers are able to get session IDs from public games and access your accounts via this method as seen in this thread. However Bashiok has just posted saying at this time all accounts that they have looked at have been compromised in traditional means. Meaning the above method is not something to worry about at this time.

Originally Posted by Blizzard (Blue Tracker / Official Forums)

We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.

If your account has been hacked, please view the previous post for information on contacting our support department.

It was Wayyyy too many at once and at the same time. It seems the attack was very orchestrated
It seems to me like it's the most logical way to go about it. Build up a list of accounts and passwords, and then hit them in a rapid succession before word can spread and people can change their passwords, add an authenticator, etc.




Battle.net® Account Security & Diablo® III

Originally Posted by Blizzard (Blue Tracker / Official Forums)

We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. Historically, the release of a new game -- such as a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III. We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well. You can read about ways to help keep your account secure, along with some of the internal and external measures we have in place to help us achieve our security goals, at our account security website here: www.battle.net/security.

We also wanted to reassure you that the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises, and we encourage everyone to take advantage of them. In addition, we also recently introduced a new service calledBattle.net SMS Protect, which allows you to use your text-enabled cell phone to unlock a locked Battle.net account, recover your account name, approve a password reset, or remove a lost Authenticator. Optionally, you can set up the Battle.net SMS Protect system to send you a text message whenever unusual activity is detected on your account, keeping you aware of important (and possibly unwanted) changes.

For more information on the Authenticator, visit http://us.battle.net...thenticator-faq

For more on the Battle.net Mobile Authenticator, visit http://us.battle.net...thenticator-faq

For more on Battle.net SMS Protect, visit http://us.battle.net...net-sms-protect

We also have other measures built into Battle.net to help protect players. Occasionally, when Battle.net detects unusual login activity that differs from your normal behavior -- such as logging in from an unfamiliar location -- we may prompt you for additional information (such as the answer to one of your security questions) and/or require you to perform a password reset through the Battle.net website. World of Warcraft players might be familiar with this security method already, and Diablo III players may begin to encounter it as well.

As always, if you think you've been the victim of an account compromise, head to the "Help! I've Been Hacked!" tool athttp://us.battle.net/en/security/help for assistance.




Hardcore Hell Cleared
Some serious 'hardcore' Hardcore players have cleared Hell on hardcore. Develina sent in this great video of the fight.





Diablo 3 Hero API Closer Than Ever
We reported a few months back that we should be seeing the API by the end of the year, it looks like its not too far off now as we now have a preview of what it should look like.

Originally Posted by Blizzard (Blue Tracker / Official Forums)

With the release of Diablo 3, we are working hard to make career and hero profiles available to the community. With career and hero profiles, we are excited to also release a set of API resources specific to Diablo 3 for community fansites and developers to consume. I’d like to take this opportunity to give a preview of the progress we’ve made to the community and open up discussions around what data will be available.

Please keep in mind that this is an early preview and there will likely be many changes to the D3 API by the time it is released. Also note that we haven’t finalized several key pieces of information including artisan recipes, hero and follower spells and powers and achievements.

Career Profile

The career profile API provides top level (account) career information. This API resource is meant to provide a way to discover the heroes associated with an account as well as the artisan and game progression information for the account. To use the career profile API resource, a URL containing a battletag is crafted and a request is made. An example request for the Battletag “Straton#1” would be:

/api/d3/account/Straton/1

The following data structure is then returned:
[Click to see]

As you can see, there are several account specific data points to reference. The heroes attribute contains a list of all of the active heroes for the account. This list does not include fallen heroes. The artisans dataset includes a list of the artisans and the id, label, level and progression of each. Next are several progression attributes that can be used to determine the highest difficulty boss for each act. Last are several stats on the number of monsters and elites killed.

Hero Profile API

Hero profile API resources provide hero specific information including basic information like the name, class, gender and level as well as more complex information like follower information, hero statistics, active skills/powers and items. Unlike the career profile API resource, a hero id is used to craft a URL instead of a battletag. An example for hero 182 would be:

/api/d3/hero/182

The following data structure is then returned:
[Click to see]

The first set of information provided includes the name, level and class information. Following that is a list of the hirelings the hero has unlocked. Lastly, a block of statistics is returned that includes stats, resistances and kills

FAQ

Q: Will the AH have API access in a similar manner to WoW?
A: There are no plans to create an AH API (even read-only) for gold, hardcore gold or real money.

Q: What about achievements?
A: We do plan on providing all achievement information much like we do with the WoW API. The difference being that achievements are account bound.

Q: How will the request limits work? Is the "~3000" requests per day going to be shared between the D3 API and the WoW API?
A: The same as with the WoW API. The requests per-day limits will be shared between the APIs as most fansites and applications are game specific (with a few exceptions).

Will the AH have API access in a similar manner to WoW?
There are no plans to create an AH API (even read-only) for gold, hardcore gold or real money.

Please consider providing read-only Auction House access, at least for normal mode gold.
Building D3 AH APIs is not something that we will be dedicating resources to at this time.

How will the request limits work? Is the "~3000" requests per day going to be shared between the D3 API and the WoW API?
The same as with the WoW API. The requests per-day limits will be shared between the APIs as most fansites and applications are game specific (with a few exceptions).

Displaying Item Information.
Items and how they will be represented is still on the drawing board. When we make more progress and have a rough prototype, I'll be sure to update the community.

Any plans for a search API? Any way we could crawl for accounts to do aggregate statistics?
We haven't really come up with a good way to provide an index that doesn't compromise privacy or data that we don't want to expose. This is something we are thinking about though.

Any plans for giving us information about quest completion? Like how long it took them to clear a quest, perhaps including historical data if they've done a quest multiple times, and including party members involved in the kill?
I believe that this information will or should be available with achievement data and statistics.

What about events like "Killed Belial (Inferno) on "?

This data will also likely be made available with achievement data and statistics.




Diablo III Soundtrack Now on iTunes

Originally Posted by Blizzard (Blue Tracker / Official Forums)

Want the sounds of Sanctuary to accompany you wherever you go? The Diablo III Soundtrack is now available for purchase directly from iTunes! The new album features 23 tracks that score your journey through Sanctuary and beyond, from the familiar guitar that greets you in New Tristram to the epic orchestral arrangements that see you through your trials in the Burning Hells.

Also up on iTunes today: The Music of Diablo 1996-2011, a 17-track collection of some of the series' most memorable musical moments, put together to celebrate Diablo's 15-year anniversary in late 2011. Grab both of these albums, and bask in the hellish harmony.

Diablo III Soundtrack on iTunes
The Music of Diablo 1996-2011 on iTunes




Global Play Reminder: RMAH
With the RMAH coming soon, Blizzard is giving a quick reminder that the RMAH will only work in your default/home region.

Originally Posted by Blizzard (Blue Tracker / Official Forums)

Now that Global Play is live, players can create characters, set up friends lists, gather items, and use the gold-based auction house in every region where Diablo III is available. To access another region, simply click on the “Options” button from the login screen, select the “Account” tab, and then choose which region you want to play in from the “Regions” drop-down.

As a reminder: please note that once the real-money auction house is available, players will only be able to access it in their home region. This means that, for characters outside of your home region, items cannot be bought or sold in any real-money auction house. To provide an example, if your home region is the Americas, you will not be able to access the real-money auction house on characters you create in Europe or Asia.

The focus of Global Play is simply to give you the ability to play Diablo III together with your friends in any region. For more information on Global Play in Diablo III, see the FAQ.




Blue Posts

Originally Posted by Blizzard (Blue Tracker / Official Forums)

Weak Legendaries
1027.2 DPS 1hand MAGIC weapon on the AH. over 300 more DPS than the best, perfect Legendary 1h. Intended?
Legendaries are not automatically better than other items. Most are designed to be very good at a specific job.(Source)
However, I am getting lots of reports of weak legendaries. We will look into this. (Source)

PvP
Anyway we can get a hint of what pvp will be? Objective/arena based? Objective-based sounds a ton more fun than arena based.
PVP has not changed from what we've always promoted: team deathmatch in arenas. No ETA. Done when it's done. (Source)

Make Games Private
i meant like "limited to X number of players" i was playing a game with public off, and all my friends join whenever theywant
as I said, turn off the 'allow quick join' option in the social tab. No one can join your game without an invite. (Source)

Difficulty
D3 is really fun but huge let down on difficulty. Never lie about your games being "impossibly hard" again..
I wouldn't personally call death flopping to a boss the antithesis of difficulty, but whatevs. (Source)

Potion Cooldowns
Then mission accomplished. Blizzard probably wanted us to think about survivability in terms deeper than "God, I need to chug more potions!"
Bingo. (Blue Tracker / Official Forums)

General D3 Topic
Simple Solution: Almost all melee activated abilities should have a passive defensive included in the core ability. That is, while the wizard is forced to use an entire skill slot for Diamond Skin, the Barbarian (for example) should have diamond skin built into one of its abilities say... Revenge.
Monk and barbarian take 30% less damage base, than demon hunter, witch doctor or wizard. The melee classes also have passives and abilities which provide significant defensive bonuses.

Elites/Champions: The biggest problem here is not how hard they hit, but the fact that Blizz did not institute a way to avoid the damage like they did with the Act bosses. For example. Why can the "Jailer" automatically encase everyone without missing but Diablo seems to suffer from Down's syndrome when trying to trap people?
Because those fights are where you'll generally score the best loot, they are also intended to be some of the most challenging experiences in the game.

We didn't want 'boss farming' to become the goal of Diablo III the way it was in DII. We like that getting the best items is more of a treasure hunt, where finding and slaying those champion packs is what drives players to adventure through the levels. It's also a good thing that those are thrilling and difficult fights once you find them. Sometimes they're brutal, but this is Diablo III on a difficulty titled 'Hell'. Sometimes brutal is okay.

Act Bosses: Seriously, the act bosses should not be easier than the elites/champions. The fact that this is currently the case is inexcusable.
Answered above.

You do realize he just explained WHY they want you farming elites. A boss is a guaranteed spot everytime. Elite packs are everywhere, Caves, in the open, in dungeons, etc. This is their solution to getting you to participate in more content.
This is the heart of the design decision, yes. It's more engaging to get into a level, explore the randomly spawned caves, and go poking around in the nooks and crannies.

If you've ever done boss speed runs in DII for hours on end, then you might get a glimpse of why this was preferable.

This design choice goes hand-in-hand with D3's loot system, where like we're seeing random champions become more powerful than main bosses we're seeing Rares and Magics outshine Legendaries
The stats and affixes on all items are randomly generated, which means that some items will have more ideal stats than others. That said, an ideal rare is always going to be better than an ideal item of lower quality at the same item level. I think that players are seeing magic items that have higher ideal stats than a random rare (or a rare of lower level), but having more affix slots means that those rares have higher potential.

A good example: you might have a normal item with a couple of very high base attribute affixes, which is great. An ideal rare might have those same high base attributes, but also have magic find, plus crit, chance to blind, +% damage to a class ability, etc. (Blue Tracker / Official Forums)

Comments

  • #1 Sojourna
    Good thing I haven't joined a single public game since release. Hope the security issue is quickly resolved.
  • #2 Molster
    offical blue post on it has been posted, updating
  • #3 Eaglehorn101
    Even if you have an authenticator, seriously how?
  • #4 Puttah
    Ok I'm scared now :(
  • #5 Banquetto
    So are the people who cleared Hell in Hardcore brave enough to face Inferno yet? :S
  • #6 duckwilliamson
    Quote from Banquetto

    So are the people who cleared Hell in Hardcore brave enough to face Inferno yet? :S


    I just cleared normal with my group, and we were very cautious lol. I assume it'll be awhile before they get into Inferno as they'll probably want as good of gear as the guys who corpse jumped through A4 inferno, before they even start.

    As for the hacks, so many disappointments Blizzard! This just adds to the list ...

    Speaking of disappointment, since I finally cleared normal (we're doing HC-only), man was the story ever disappointing and predictable. And the Diablo fight was terrible (multiple silly phases in different areas). They did so much stuff right with the story (talking on the go, lore books, etc) yet they still fail to put quality writing into the thing. I'll have to go find a topic to contribute to, there's probably lots rofl.
  • #7 Artrey
    Quote from Banquetto

    So are the people who cleared Hell in Hardcore brave enough to face Inferno yet? :S

    Very careful only. ;-) 4 affix champs that hit like trucks in narrow cellar rooms are not a joke. But yeah, gear is improving slow and steady.
  • #8 Roachz
    Hack through public games.. You've got to be shitting me man, all this weird bugs and stuff.. keep getting worse. This just adds up the frustration I got already.
  • #9 Molster
    Bashiok has just posted confirming that they have yet to see any accounts comprised other than normal means. updating that section to match his new post
  • #10 Jaerin
    Or you can get a free Open Source Windows Authenticator...

    http://code.google.com/p/winauth/

    If you prefer you can use these instructions to run the official Blizzard java authenticator on a Java emulator as well.

    http://alfred.co.in/how-to/blizzard-authenticator-pc-version-how-to/

    Two FREE options to have an authenticator on your account. 99% of the time it doesn't ask you for the code because unless you login from somewhere else it remembers that you entered a code recently. Is this option as secure as the other mobile authenticator or the dongle? No, but I ensure you the hackers have MUCH lower fruit to exploit than to try and see if you have a PC authenticator on your machine.



    There is NO legitimate reason to not have an authenticator on your account at all times. It's not Blizzard's responsibility to secure your account credentials. Having an authenticator is not making up for a shortcoming of Blizzard security nor some way to exploit money out of you. If you have an authenticator you will not be hacked. PERIOD.
  • #11 lllNuggetslll
    Maintenance from 1am - 9am = when I fuckin' get home from work! What a shit week I'm having!
  • #12 SnowBro191
    "Bashiok has just posted confirming that they have yet to see any accounts comprised other than normal means. updating that section to match his new post"

    Blizzard has been telling people that their accounts have not been compromised despite their gold and gear disappearing and random new people added to their friends list. They are still offering these people rollbacks to my knowledge.

    Blizzard isn't lying when they say no accounts have been compromised other than normal means because most of the "hacked" accounts weren't compromised just accessed through an exploit. In other words the hackers/exploiters don't have any information about the account and can't access it without you all ready being in game and through the authentication process. After reading the battlenet forums off and on over the last 6 hours or so it appears that the majority of the people making these claims have had their characters cleaned but still have access to their accounts. Relatively, there are very few people who are claiming that their account and/or email passwords have been changed, which is common practice when phising or keyloggers are in use.

    Legally Blizzard is only obligated to announce their security measures have been breached if personal information was gained by the parties that broke through their system. Why would Blizzard announce to the world that they have a faulty security setup if they don't need to? Considering the RMAH that is set to release in a week the answer should be fairly obvious -- They wouldn't announce it. I probably wouldn't make a public statement about it either if I was in their shoes.

    Of course this could possibly be wrong, but I am not making any of this up as it has all been gathered first hand from the battlenet forums. Take a look at the blue topics tracker in the top left corner or at the battlenet forums and you will see that this is a very hot topic. I have never seen this big of an increase in "hacked" accounts with any releases of other Blizzard games and they all use the same authentication setup. The shear number of people getting simultaneously hacked suggests that the problem isn't everyone visiting the same lame phising site.
  • #13 EnDscx
    Good job on those ppl clearing Hell in HC mode. Like they said bosses are a joke compared to the mob packs. I'm on Hell in softcore mode right now and although I'm being very careful I got jailed by an elite between 2 arcane rope/laser and a pool of poison below me... needless to say I died quick enough even with a pot, diamond skin and a 24k HP pool... HC is not for me :P

    Even more props for doing it with laggy servers. I've had the occasional 1000ms lag spike that teleported me and almost got me killed in the middle of a kiting session against crazy mobs. Def not trying HC until this is completely fixed on Blizzard's end. Losing hours of work because of a lag spike would just be too frustrating.
  • #14 Deventh
    Hell has been cleared on hardcore at least from 2 days now by other people.
  • #15 Nanaki
    Quote from SnowBro191

    Legally Blizzard is only obligated to announce their security measures have been breached if personal information was gained by the parties that broke through their system. Why would Blizzard announce to the world that they have a faulty security setup if they don't need to? Considering the RMAH that is set to release in a week the answer should be fairly obvious -- They wouldn't announce it. I probably wouldn't make a public statement about it either if I was in their shoes.


    Enter the Patriot Act, addresses are considered personal information. Not to mention a lot of people have credit cards on their bnet accounts.
    So yes they are legally obligated to come forward. But they wont....
  • To post a comment, please or register a new account.
Posts Quoted:
Reply
Clear All Quotes