There's a lot of terms being thrown around by people who don't know what they mean. Even if exactly what the thread claimed was happening was true, that's still not server side.
I disagree on the first point, because from what I see it's about 1 in every 3 had an authenticator
and again, it is simply impossible for this level of increase of hacked accounts in this small a window to say they are unrelated instances of user error. Like impossible impossible. If you have any understanding of statistics this is glaringly obvious. I can't stress how impossible it is for it to be client side.
It could be Blizzard's problem and still be client side. The forums (Or some popular website) could have something malicious embedded in it. It's happened before.
The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.
I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
I can't believe how many people this is client side. Like, cmon, really? A massive spike in account hacks (complete with not discriminating against people with authenticators) happen in a 48 hour period, and you people think they are all completely unrelated user errors?
Very very very few people have said they have authenticators, and it's been happening since day one.
Who would have thought that the number of hacked accounts would increase dramatically once the game is released?
If it was server side, they would hack people in inferno, probably the ones getting world firsts, as they have the most gold/items. If it's client side, they hack the ones with no authenticators or those dumb enough to download programs that bypass them. (Very possible)
Well, if your machine is compromised, Blizzard never gets *your* data. The hackers get it by redirection, then they use it to log in. But again, that's a lot of trouble to go to when there's all those no-authenticator accounts out there ripe for the picking. Still a client-side issue, though, not server-side. The connection is only as secure as the weakest part.
I agree completely that it is a client side problem, but it has happened. I think it was an addon that had the maninthemiddle attack in it.
There's no addons for D3, so if you managed to get something like that, you would have to be trying to do something that would get you banned anyways.
As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.
That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.
That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
http://www.diablofans.com/blizz-tracker/topic/224290-battlenet-account-security-diablo-iii/
The client sending out session ids that you can use to bypass log in could be possible, but as someone said before, this isn't Blizzard's first game.
I'd still avoid public games until they release a statement though. I'm fairly sure the AH would be fine.
Who would have thought that the number of hacked accounts would increase dramatically once the game is released?
If it was server side, they would hack people in inferno, probably the ones getting world firsts, as they have the most gold/items. If it's client side, they hack the ones with no authenticators or those dumb enough to download programs that bypass them. (Very possible)
There's no addons for D3, so if you managed to get something like that, you would have to be trying to do something that would get you banned anyways.
That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?