DiabloFans

Quote from istreamer

Quote from claven

So is anyone going to post an actual link to an official Blizzard acknowledgment that something is indeed happening or are we just trying on our tinfoil hats?

both of these are already in the topic

No, Blizzard has acknowledged nothing, only that they're looking at something to see if it has any merit.

Quote from claven

So is anyone going to post an actual link to an official Blizzard acknowledgment that something is indeed happening or are we just trying on our tinfoil hats?

istreamer is trying to drown us in tinfoil through sheer weight of posts.

I have 2 full WoW guilds, a meta-guild (multiple games) that I play Rift with, and tons of old D2 friends that are all playing D3, and not one hack among all of us. If this was as widespread as he insists, and a Blizzard issue, someone would have been hacked, and yes, several of them play public games. (I don't, but they do.)

Quote from ScP_Iodine

It doesn't matter how good your mac is or what kind of hardware you're running, it's the way the Mac OSX is running the game. It's the same across the board, everyone is getting very very low fps even when running on the lowest possible setting.

That is not true. My Mac is 3 years old, and I run 60 FPS smoothly on high graphics settings. I don't have an nVidia GPU, though. Mine's an ATI 4870. The client is fine, even on my three year old box. (1920x1080, if anyone wants to know.)

Macs with nVidia GPUs should run Bootcamp to game. That's an Apple/nVidia problem, not a Blizzard issue. Blizzard can only try to work around the mess Apple and nVidia created with nVidia's crappy drivers.

Quote from Khrull777

As Istreamer mentioned, if you look around Diablo fan sites/reddit, there are a lot of people reporting hacking. And a lot of them have been long time members of the community with lots of previous posting activity before they got hacked, which adds credibility.

Unfortunately, no, it doesn't add credibility.

Quote from SnowBro191

Edit- Looks like someone all ready posted this info but I will keep it on

Just read this on official forums. A blue replied but didn't confirm nor deny it. Seems like the issue is on Blizzards end after all.

"an exploit was discovered by duplicating a session ID basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting if you play with people, try not to play in public games bro, only with people you know"

If this is the case we should expect to see servers going down shortly I would think.

This is the thread its in, http://us.battle.net...opic/5149539239 not much else to read though. I just logged in to delete randoms off my friends list, not sure if it would help or not but I just want to be safe as possible lol. I kept getting errors trying to remove people from friends and getting disconnected...

It doesn't explain every hacking incident, like one of the users in here that had their password changed which requires their email be hacked too.

Blue has confirmed nothing. Until blue posts that they found a problem, I'll believe that it's all client side, like WoW/SC2. And if it's a 'public game' issue as this poster says, why are people getting hacked who were never in a public game? Yeah. It's client-side unless Blizzard says it isn't.

Quote from Ethezial

Someone just tried to hack my account just a few minutes ago. I immediately changed my password. Thank God I did it quick enough and signed back on, none of my things are missing. Someone random was added to my friend's list. I reported them and removed them.

Watch out people! I haven't bought any gold or anything else from anywhere, and the only website I've been to D3 related is this one and the official one. So Blizzard needs to check their servers!!!!

Do you have an authenticator? If not, get one. You probably have a security issue, no matter how much you protest.

Quote from falcompsx

Quote from MandyMemory

Quote from mavfin

As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time.

That actually happened in WoW for a while. I think it was a DLL hooked to the exe or something.


That said, I'd suggest turning off the option so that it actually asks you to authenticate every time. I'm sure it's secure, but why risk it when it's such a minor inconvenience?

I remember when that happened, and there was a simple fix implemented. Each code is now only good once. So even if a hacker gets your code, your password and account name and uses it within the 30-45 seconds that the code is good, if you logged in with that code, they won't be able to.

Well, if your machine is compromised, Blizzard never gets *your* data. The hackers get it by redirection, then they use it to log in. But again, that's a lot of trouble to go to when there's all those no-authenticator accounts out there ripe for the picking. Still a client-side issue, though, not server-side. The connection is only as secure as the weakest part.

Quote from falcompsx

I dont get why people don't just use an authenticator. a good antivirus, strong password, and solid web browser are all good ideas, but the authenticator gives 100x more protection then anything else ever will. Multi-factor authentication is the way to go.

Because it's much easier to blame Blizzard when something happens.

Quote from Khrull777

Pretty crazy though that stuff is getting stolen now, before there is a real $ auction house.

IMO, they're stockpiling gold to sell it on RMAH.

This was actually expected. Bunch of people not used to Bnet, didn't have authenticators, and are absolutely 'sure' their stuff was clean. Check closer, and/or stop sharing credentials, or using them on other accounts.

They weren't clean. If Blizzard was broken, you'd have thousands upon thousands of exploits in WoW, SC2, and D3 all at the same time.

As far as getting around an authenticator, it *still* requires the client to be compromised, so that the login credentials can be redirected to the hackers, and the authenticator data is used in real time. So, not likely, but possible. I combed the forums looking at this stuff, and just about anyone *directly asked* if they had an authenticator said no.

I work in IT security, and as I said, I expected a rash of hacking to hit people w/o authenticators. If you're on bnet, get one. It makes you a much harder target if/when you get compromised.

As far as the accusations that it's server-side? That's just people looking for someone to blame. We'd have more problems than a few hundred or even a few thousand D3 hacks if that was the case. (Keep in mind that if you estimate 1 million users, and I think that's low, 1000 is only .1% of the users.)

Edit: To anyone who personally has gotten hacked, I'm not trying to be insulting. Sorry, but, the hole's on your end in some way. You may be rootkitted and not know it. I've seen several of those lately that didn't get caught by some of the better-known (and rather crappy, but I digress) AV packages. If it's Norton or McAfee...replace it. Really.

Please notice that he was

A) respectful about it
didn't demand it; i.e. "Give me my money, you thieves!"
C) acknowledged his own responsiblity

All good things more likely to get you good customer service,

Quote from Zhaph

Yep, that keep serves as the "town" for act III and act IV.

Yeah, wouldn't really make sense story-wise to move the extra followers and the merchants up to corrupted Heaven.

I don't understand the need. You're changing *six* skills, or at most nine including passives. It's not like you're rememberig a WoW or D2 talent tree...

If you can't remember sets of six skills, maybe you're in the wrong game.

That's an internet issue. I haven't had a disconnect at all today.

Probably fixing exploits that people found in beta and didn't report, and started using in Live.