Someone told me whats going on with all these hacked accounts, chinese ppl tried to hack Blizzard, they couldnt, then they went for diablofans, yes, this site, because seems like a lot of players share user/password with the blizzard ones.
So, my question is, to ppl who got hacked, do you use the same user and password here and in blizzard's site?
I'm sure that someone is high up the blizzard corporate ladder
Unlikely, I read the same method explained by a hacker/bot user in another topic which had an interview with them, as they botted heavily and made upwards of 60mill gold a day... or something like that.
Didn't you catch the sarcasm toward the OP statement?
"Someone told me"
The reason for all the hacks going is that a new major game was just released. Hackers aren't complete brainless morons, when a new game is released they increase their efforts because they know that this is the time when there are the most amount of vulnerable accounts.
Tell me... oh random person on the internet with perfect security knowledge and insight into Blizzard's systems.... what the REAL reason is?
Oh it's this site? What a let down.
Oh a serious note, if you use LastPass (free for desktop, $1 a month to use it on mobile devices) you can have high entropy, lengthy, random passwords that are unique to every site you visit and you don't need to worry about one site's login compromising another's.
Oh a serious note, if you use LastPass (free for desktop, $1 a month to use it on mobile devices) you can have high entropy, lengthy, random passwords that are unique to every site you visit and you don't need to worry about one site's login compromising another's.
True.
But then, getting a virus on your computer becomes that much more of a problem.
And then you get hacked even with an authenticator ^^
no you don't. obvi you have no idea how an authenticator works, bro.
You can still be hacked even with an authenticator attached to the account. The risk is smaller and most hackers presumably simply cba when they can just hack someone without 'em, but that doesn't remove the risk completely.
On-topic: I use different self-generated passwords for every account I have in any game or forum... it can be annoying to remember 11 different passwords, but I prefer it that way.
I'm pretty sure Blizzard has mentioned on multiple occasions that, so far, none of the compromised accounts have had authenticators attached to them.
I personally think the only reason that no one with an authenticator have had their accounts compromised is solely related to the method used by the hackers. The authenticator simply stops them at the finish line, so to speak.
That still does not make the authenticator a god-given tool. It's great, I must admit and I use it myself. I just want to get rid of the statement that "if you have an authenticator you're safe". The correct statement is that you are more safe.
Also, going around the authenticator requires a completely compromised client, compromised so badly that Blizzard login traffic is sent to the hackers instead. They grab your info, including the authenticator code, and give you an error. Even then, it requires someone to be there and use the authenticator code before it expires in its 30 second window. So, they have to actually compromise the machine's IP stack, and use the information in realtime.
With the above in mind, adding an authenticator to your account changes you from an account where any lapse on your part or on say, Adobe Flash's part can lose you your account whenever the hackers get around to reading the info, to an account where they have to actually be waiting for you to login in real time, and once they do log in, they don't get to 'keep' the account. They just get one session to strip stuff, and that's it.
So, no, it's not foolproof, but, it's a line the hackers usually don't bother to cross. Also, I think since the (very few) compromises involving authenticators (in WoW a few years ago, not in D3) using the man-in-the-middle attack, I think Blizzard has put in some kind of countermeasures to it. Not sure what, exactly, and of course they're not telling. I wouldn't tell, either.
All I said is that the attachment of an authenticator increases the level of security - it does not make your account bulletproof.
The method that hackers have been used has been 'comboing' and therefore consists of alot of different combinations between e-mails and the hacked passwords from the websites. When they get a hit with an authenticator, they will simply meet a brick wall. When they get a hit without an authenticator, it's a jackpot.
I personally think the only reason that no one with an authenticator have had their accounts compromised is solely related to the method used by the hackers. The authenticator simply stops them at the finish line, so to speak.
That still does not make the authenticator a god-given tool. It's great, I must admit and I use it myself. I just want to get rid of the statement that "if you have an authenticator you're safe". The correct statement is that you are more safe.
Of course, you are very much correct. Just felt I had to point it out, to avoid any confusion :Thumbs Up:
But then, getting a virus on your computer becomes that much more of a problem.
Why is it a problem? My passwords are stored out on the internet and I can access them by anything with access to the web. If my computer dies, I haven't lost them.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
So, my question is, to ppl who got hacked, do you use the same user and password here and in blizzard's site?
"Someone told me"
Oh it's this site? What a let down.
Oh a serious note, if you use LastPass (free for desktop, $1 a month to use it on mobile devices) you can have high entropy, lengthy, random passwords that are unique to every site you visit and you don't need to worry about one site's login compromising another's.
True.
But then, getting a virus on your computer becomes that much more of a problem.
I'm pretty sure Blizzard has mentioned on multiple occasions that, so far, none of the compromised accounts have had authenticators attached to them.
Also, going around the authenticator requires a completely compromised client, compromised so badly that Blizzard login traffic is sent to the hackers instead. They grab your info, including the authenticator code, and give you an error. Even then, it requires someone to be there and use the authenticator code before it expires in its 30 second window. So, they have to actually compromise the machine's IP stack, and use the information in realtime.
With the above in mind, adding an authenticator to your account changes you from an account where any lapse on your part or on say, Adobe Flash's part can lose you your account whenever the hackers get around to reading the info, to an account where they have to actually be waiting for you to login in real time, and once they do log in, they don't get to 'keep' the account. They just get one session to strip stuff, and that's it.
So, no, it's not foolproof, but, it's a line the hackers usually don't bother to cross. Also, I think since the (very few) compromises involving authenticators (in WoW a few years ago, not in D3) using the man-in-the-middle attack, I think Blizzard has put in some kind of countermeasures to it. Not sure what, exactly, and of course they're not telling. I wouldn't tell, either.
Of course, you are very much correct. Just felt I had to point it out, to avoid any confusion :Thumbs Up:
Why is it a problem? My passwords are stored out on the internet and I can access them by anything with access to the web. If my computer dies, I haven't lost them.