I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator
and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.
The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.
I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
It hasn't in this scale. It's not possible in this scale. The logistics involved with having something cause an event this large all on the individual client side level are unbelievably staggering. It's a text book instance of Occams Razor- the simpler explanation is usually the correct one. It's definitely on blizzards end here.
What scale? You don't have any statistics backing your claims, only assumptions.
I am not great with all the hacking technicalities, but I played a public game today but I have an authenticator via my iPhone. Should I be worried?
There nothing you can really do, but until we hear otherwise, I personally wouldn't play any public games or start any sessions with someone you do not personally know.
I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator
and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.
The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.
I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
It hasn't in this scale. It's not possible in this scale. The logistics involved with having something cause an event this large all on the individual client side level are unbelievably staggering. It's a text book instance of Occams Razor- the simpler explanation is usually the correct one. It's definitely on blizzards end here.
What scale? You don't have any statistics backing your claims, only assumptions.
The scale large enough to prompt an announced blizzard "we are actively investigating this issue stay tuned for an update soon", an announcement required by law if they have been compromised. The scale large enough to have twitter, gaming sites, and every fan forum talking about it. The scale large enough to fill multiple topics on official diablo forums to post cap in less than 48 hours.
Hey, I know. Let's argue, fight and be nasty about it with each other over something none of us know a damn thing about.
Unfortunately Blizzard seems to generate a lot of hate. It seems like many people like the thought of them failing as well. I would think this simply comes from them being the most popular. If someone else were then they'd probably be getting the hate instead.
I have to admit that I initially thought for sure it was a bunch of people that didn't have authenticators. The more I read though the more it's pointing to something else. I guess the thing is... for many years now people have been getting hacked due to their own lack of security or ignorance so it's easy to jump to that conclusion (and I still feel it's a fair assumption to make). Blizzard will have some serious wounds to tend if this does turn out to be a security hole on their side.
I suppose that Blizzard has to take the good with the bad though. They're reaping the benefits that come from having rabid fans... they're going to be held to a higher standard as a result.
I just read about this on d2jsp (actually my first time going there). They said it was emcor.dll grabbing your authentication token and allowing someone else to login under you, clear your items, and logout. Apparently they can't change your password or re-login... just a one off thing, but that's all it takes.
Edit regarding: Also read the note from page 3 ""an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know""...
I haven't been hacked, but I have randomly been assigned to games with chars with chinese symbols, doing nothing in town... makes me wonder. Because yesterday, I got a friend request from a player with a name like "d3-gold.com", or something along those lines. They must be building lists of people.
I'm concerned my sides will rupture from laughter when you get hacked- keep on playing!
and keep on joining public games too man! why not when 100% safe with that authenticator XFD!
There is no need to start acting like a jerk over something that hasn't even been confirmed to be true yet. Plenty of people could have already had comprimised accounts and the "hackers" are taking advantage of it now that D3 is out. Could there be a threat? Sure. But there is no need to be little people or laugh at them just because they aren't ranting and raving about it.
There are plenty of "stupid" people out there that when hacked don't actually understand what happens or how they can be comprimised. There are also plenty of trolls that respond in affirmative that they to have been hacked (with authenticators) when they really haven't.
If you've followed Blizzard Blue posts for long enough you always see a couple of posts where people report something happening and then the a Blue responds about seeing nothing of the sort happening to that account. Its the internet anything is possible even widespread hoaxes.
Dismissing them completly is folly, unless proven otherwise. The opposie is just as true. Beliving them without proof has just as much folly. Even if Blizzard came out and stated that the problem isn't what people are saying it is, people will still claim otherwise.
If anything I would be more likely to believe a man in the middle attack which would be easy to orchestrate given the frequency of disconnects in the first week and the amount of people that another fake disconnect would fool.
Not necessarily. If they did not require an authenticator code EVERYTIME they log in, then the account could still get hacked.
That really isn't true. Not requiring a Authenticator code every time you log in does nothing to the Security of an Authenticator. Banks use the same "home computer" principle and are secure.
However it is true that someone getting hacked with an authenticator might not be a server side issue. A man in the middle attack is something on the user's computer that intercepts the authentication code and transmits it to the hackers computer, who then logs in to your account. You get an error message saying "service is down" or something to make you think it hasn't gone through.
These types of attack can happen, are are the only known cases of the Authenticator being circumvented. They are harder to pull off though.
That still means nothing. A hoax no matter how large can still be a hoax. Just because people spread it doesn't make it truth.
So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?
Occams razor again man- if you truly believe there is an elaborate hoax going on here to make it look like server side hacking is going on, compared to just server side hacking going on- then may god have mercy on your soul
So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?
Repeating something does not mean its true. Provide something that says there are tens of thousands of confirmed cases of this happening. Just because threads reach post limits or people post on fan sites about it doesn't make it automatically true.
I'm concerned my sides will rupture from laughter when you get hacked- keep on playing!
and keep on joining public games too man! why not when 100% safe with that authenticator XFD!
There is no need to start acting like a jerk over something that hasn't even been confirmed to be true yet. Plenty of people could have already had comprimised accounts and the "hackers" are taking advantage of it now that D3 is out. Could there be a threat? Sure. But there is no need to be little people or laugh at them just because they aren't ranting and raving about it.
There are plenty of "stupid" people out there that when hacked don't actually understand what happens or how they can be comprimised. There are also plenty of trolls that respond in affirmative that they to have been hacked (with authenticators) when they really haven't.
If you've followed Blizzard Blue posts for long enough you always see a couple of posts where people report something happening and then the a Blue responds about seeing nothing of the sort happening to that account. Its the internet anything is possible even widespread hoaxes.
Dismissing them completly is folly, unless proven otherwise. The opposie is just as true. Beliving them without proof has just as much folly. Even if Blizzard came out and stated that the problem isn't what people are saying it is, people will still claim otherwise.
If anything I would be more likely to believe a man in the middle attack which would be easy to orchestrate given the frequency of disconnects in the first week and the amount of people that another fake disconnect would fool.
On what grounds do you conclude this entire thing is an un-organized hoax, as opposed to an actual security breach?
Like you have to have some sort of reason to believe that other than "u cant hack blizzard" or "blizzard is infallible they could never be compromised". Those aren't arguments or reasons, they are unsubstantiated beliefs. Do you have actual reasons you are basing these beliefs on?
Just, like, on what possible grounds could you deem this a "hoax" as opposed to an actually occurring issue.
Seriously, please go play as many public games as possible.
So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?
Repeating something does not mean its true. Provide something that says there are tens of thousands of confirmed cases of this happening. Just because threads reach post limits or people post on fan sites about it doesn't make it automatically true.
And the blizzard response saying they are giving an update on it shortly is just part of the hoax? and many gaming sites writing articles about it who have top staff being affected by the issue are also in on the hoax? The posters saying they were hacked are all just making it up, all tens of thousands of those affected, all just making it up and actually playing diablo 3 at the same time on a dual screen laughing at all the people they've collectively fooled with no organization in the slightest?
No, someone saying something doesn't make it true. Thousands of people independently reporting the same issue, however, does make something EXTREMELY likely to be true- especially when they come armed with screen shots and evidence.
I truly pity you and anyone else as myopic as you.
ther new authenticator system requiers your authenticator code everytime you log in from a defrint IP addrsse or a defrint physical location
ps
i got a frinde who got hackede he hade 3 "new frindes" added to his account and he never joinede a public game... he is an experincede computer user so he havent to my knowelde klickede eneyting funky
Rollback Post to RevisionRollBack
i apologice for spelling errors i am from denmark and unfortnaly suffer from dyslixa
So is anyone going to post an actual link to an official Blizzard acknowledgment that something is indeed happening or are we just trying on our tinfoil hats?
So is anyone going to post an actual link to an official Blizzard acknowledgment that something is indeed happening or are we just trying on our tinfoil hats?
istreamer is trying to drown us in tinfoil through sheer weight of posts.
I have 2 full WoW guilds, a meta-guild (multiple games) that I play Rift with, and tons of old D2 friends that are all playing D3, and not one hack among all of us. If this was as widespread as he insists, and a Blizzard issue, someone would have been hacked, and yes, several of them play public games. (I don't, but they do.)
So is anyone going to post an actual link to an official Blizzard acknowledgment that something is indeed happening or are we just trying on our tinfoil hats?
both of these are already in the topic
No, Blizzard has acknowledged nothing, only that they're looking at something to see if it has any merit.
There's a lot of terms being thrown around by people who don't know what they mean. Even if exactly what the thread claimed was happening was true, that's still not server side.
And the blizzard response saying they are giving an update on it shortly is just part of the hoax?
Saying they are invetigating reports of a breach and will comment on it "soon" is in no way a confirmation of a breach. It merely confirms that Blizzard is taking any and all reports of threats seriously even if it is something on the user's side.
Just because gaming sites have people hacked doesn't mean anything other then they got hacked. It could be for various reason. Most of the time when someone gets hacked the automatically blame Blizzard because they think there is no way they could have been hacked otherwise. A gaming site having members hacked could merely mean the way to gain access to the accounts is from popular gaming sites, and not from Blizzard.
I'm not saying that it can't be a problem on Blizzard's end. I'm just saying it isn't the only possible reason. But you seem to be seeing nothing but Blizzard is at fault. Excluding everything else just for your own personal crusade is folly. Its funny you call me myopic when you are the one showing the signs of that.
I'm saying that nothing has been confirmed to be Blizzard and it could be other things. You are saying it is 100% Blizzard and 100% "session ID's" just because it was posted on the internet in a lot of places. Which one is being shortsighted? The one saying more then one thing is possible, or the one saying only one thing is possible?
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
What scale? You don't have any statistics backing your claims, only assumptions.
There nothing you can really do, but until we hear otherwise, I personally wouldn't play any public games or start any sessions with someone you do not personally know.
The scale large enough to prompt an announced blizzard "we are actively investigating this issue stay tuned for an update soon", an announcement required by law if they have been compromised. The scale large enough to have twitter, gaming sites, and every fan forum talking about it. The scale large enough to fill multiple topics on official diablo forums to post cap in less than 48 hours.
That kind of scale.
Many people on the official forums who have reported this happening to them have authenticators attached to their account. Try again.
Unfortunately Blizzard seems to generate a lot of hate. It seems like many people like the thought of them failing as well. I would think this simply comes from them being the most popular. If someone else were then they'd probably be getting the hate instead.
I have to admit that I initially thought for sure it was a bunch of people that didn't have authenticators. The more I read though the more it's pointing to something else. I guess the thing is... for many years now people have been getting hacked due to their own lack of security or ignorance so it's easy to jump to that conclusion (and I still feel it's a fair assumption to make). Blizzard will have some serious wounds to tend if this does turn out to be a security hole on their side.
I suppose that Blizzard has to take the good with the bad though. They're reaping the benefits that come from having rabid fans... they're going to be held to a higher standard as a result.
Edit regarding: Also read the note from page 3 ""an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know""...
I haven't been hacked, but I have randomly been assigned to games with chars with chinese symbols, doing nothing in town... makes me wonder. Because yesterday, I got a friend request from a player with a name like "d3-gold.com", or something along those lines. They must be building lists of people.
D3 Channel: OnetwoD3
There is no need to start acting like a jerk over something that hasn't even been confirmed to be true yet. Plenty of people could have already had comprimised accounts and the "hackers" are taking advantage of it now that D3 is out. Could there be a threat? Sure. But there is no need to be little people or laugh at them just because they aren't ranting and raving about it.
There are plenty of "stupid" people out there that when hacked don't actually understand what happens or how they can be comprimised. There are also plenty of trolls that respond in affirmative that they to have been hacked (with authenticators) when they really haven't.
If you've followed Blizzard Blue posts for long enough you always see a couple of posts where people report something happening and then the a Blue responds about seeing nothing of the sort happening to that account. Its the internet anything is possible even widespread hoaxes.
Dismissing them completly is folly, unless proven otherwise. The opposie is just as true. Beliving them without proof has just as much folly. Even if Blizzard came out and stated that the problem isn't what people are saying it is, people will still claim otherwise.
If anything I would be more likely to believe a man in the middle attack which would be easy to orchestrate given the frequency of disconnects in the first week and the amount of people that another fake disconnect would fool.
That still means nothing. A hoax no matter how large can still be a hoax. Just because people spread it doesn't make it truth.
Not necessarily. If they did not require an authenticator code EVERYTIME they log in, then the account could still get hacked.
That really isn't true. Not requiring a Authenticator code every time you log in does nothing to the Security of an Authenticator. Banks use the same "home computer" principle and are secure.
However it is true that someone getting hacked with an authenticator might not be a server side issue. A man in the middle attack is something on the user's computer that intercepts the authentication code and transmits it to the hackers computer, who then logs in to your account. You get an error message saying "service is down" or something to make you think it hasn't gone through.
These types of attack can happen, are are the only known cases of the Authenticator being circumvented. They are harder to pull off though.
So that is whats going on then? A tens of thousands of people are all in on some elaborate hoax to make it look like server side hacks are occurring? Really dude?
Occams razor again man- if you truly believe there is an elaborate hoax going on here to make it look like server side hacking is going on, compared to just server side hacking going on- then may god have mercy on your soul
Repeating something does not mean its true. Provide something that says there are tens of thousands of confirmed cases of this happening. Just because threads reach post limits or people post on fan sites about it doesn't make it automatically true.
On what grounds do you conclude this entire thing is an un-organized hoax, as opposed to an actual security breach?
Like you have to have some sort of reason to believe that other than "u cant hack blizzard" or "blizzard is infallible they could never be compromised". Those aren't arguments or reasons, they are unsubstantiated beliefs. Do you have actual reasons you are basing these beliefs on?
Just, like, on what possible grounds could you deem this a "hoax" as opposed to an actually occurring issue.
Seriously, please go play as many public games as possible.
And the blizzard response saying they are giving an update on it shortly is just part of the hoax? and many gaming sites writing articles about it who have top staff being affected by the issue are also in on the hoax? The posters saying they were hacked are all just making it up, all tens of thousands of those affected, all just making it up and actually playing diablo 3 at the same time on a dual screen laughing at all the people they've collectively fooled with no organization in the slightest?
No, someone saying something doesn't make it true. Thousands of people independently reporting the same issue, however, does make something EXTREMELY likely to be true- especially when they come armed with screen shots and evidence.
I truly pity you and anyone else as myopic as you.
ps
i got a frinde who got hackede he hade 3 "new frindes" added to his account and he never joinede a public game... he is an experincede computer user so he havent to my knowelde klickede eneyting funky
both of these are already in the topic
istreamer is trying to drown us in tinfoil through sheer weight of posts.
I have 2 full WoW guilds, a meta-guild (multiple games) that I play Rift with, and tons of old D2 friends that are all playing D3, and not one hack among all of us. If this was as widespread as he insists, and a Blizzard issue, someone would have been hacked, and yes, several of them play public games. (I don't, but they do.)
No, Blizzard has acknowledged nothing, only that they're looking at something to see if it has any merit.
Saying they are invetigating reports of a breach and will comment on it "soon" is in no way a confirmation of a breach. It merely confirms that Blizzard is taking any and all reports of threats seriously even if it is something on the user's side.
Just because gaming sites have people hacked doesn't mean anything other then they got hacked. It could be for various reason. Most of the time when someone gets hacked the automatically blame Blizzard because they think there is no way they could have been hacked otherwise. A gaming site having members hacked could merely mean the way to gain access to the accounts is from popular gaming sites, and not from Blizzard.
I'm not saying that it can't be a problem on Blizzard's end. I'm just saying it isn't the only possible reason. But you seem to be seeing nothing but Blizzard is at fault. Excluding everything else just for your own personal crusade is folly. Its funny you call me myopic when you are the one showing the signs of that.
I'm saying that nothing has been confirmed to be Blizzard and it could be other things. You are saying it is 100% Blizzard and 100% "session ID's" just because it was posted on the internet in a lot of places. Which one is being shortsighted? The one saying more then one thing is possible, or the one saying only one thing is possible?