Page 1 of 2
1
2
LastLast
  1. #1

    Possible RMAH loophole?

    Basically, with WoW hacking being rather prominent what would happen if you got hacked on your D3 account? Assuming your account is tied to a Paypal account if Blizz doesn't have it so that you have to give your Paypal info every time you buy something using the RMAH a hacker could post something for... say $150 and buy it on the hacked account using your Debit / Credit card.

    With the info we currently have on the process the RMAH goes through could this be a possibility and how would Blizz handle it if it did actually happen?

  2. #2
    This could be fixed by having to type the last 3-4 digits on the card, although blizz would have to come up with a reason for paypal to invest in such software to make it possible i guess.

  3. #3
    That's possible, yes. If your account gets hacked, you're in serious troubles. A good advice is to use a pre-paid credit card on you PayPal account and transfer any decent sum as soon as possible. Never link PayPal to your main card. And of course never link it to your bank account. What worries me most is that Blizzard wont be testing the RMAH on the beta client (unless they plan to release the game by 2013). That would be a great way to find more bugs, loopholes and possible hacks, as it already happened with the current beta.

    Hacks and botting will be reduced (compared to Diablo 2) but considering WoW... they wont disappear completely. My personal opinion is that Blizzard should require RMAH players to link a Battlenet Authenticatior to the account.

  4. #4
    I totally agree on having an (extra) pre-paid credit card for Diablo 3 purposes, it is just too risky in its basic concept. I trust myself enough but I also acknowledge the power of hackers and they will get extra vile when this goes live.
    Does not compute!

  5. #5
    Quote Originally Posted by LoqueNahak View Post
    My personal opinion is that Blizzard should require RMAH players to link a Battlenet Authenticatior to the account.
    This I agree with. If Blizz was able to do this then anyone who is using the RMAH is safe from being hacked and potentially losing a lot of cash. As a general rule of thumb I don't trust the general population (The ones without authenticators or much background in computers) to use a specific card only loaded with $100 for D3. It's these people that would come out the worst from the situation and with such potential for them to be cleaned out of $500 (or more) over night there needs to be some extra layers of protection in place for them. If it was just typing in your Paypal info then that'd be fine.

  6. #6
    The Insane smrund's Avatar
    Join Date
    Aug 2010
    Location
    In the state of Denial.
    Posts
    15,505
    Quote Originally Posted by Haros View Post
    This I agree with. If Blizz was able to do this then anyone who is using the RMAH is safe from being hacked and potentially losing a lot of cash. As a general rule of thumb I don't trust the general population (The ones without authenticators or much background in computers) to use a specific card only loaded with $100 for D3. It's these people that would come out the worst from the situation and with such potential for them to be cleaned out of $500 (or more) over night there needs to be some extra layers of protection in place for them. If it was just typing in your Paypal info then that'd be fine.
    An authenticator is NOT a guarantee that you will not be hacked. Just as anti-virus software is NOT a guarantee that you will never get a virus. It's just REALLY secure, but people with authenticators can and do get hacked. It's just harder.
    Quote Originally Posted by Masark View Post
    People in cars cause accidents. Accidents in cars cause people.
    Sometimes life gives you lemons, other times life gives you boobies. Life is always better with more boobies.
    Blizzard removed my subscription from WoD's features, it'll be added sometime later.
    And thus I give you: MALE contraception!

  7. #7
    There's no need to *require* an authenticator. They're given out for free, and if you're using the RMAH, it's your own responsibility to use one. We know they exist for D3. If you're concerned about it, get one. If you're not, then as the saying goes, a fool and his money are soon parted.

  8. #8
    Quote Originally Posted by smrund View Post
    An authenticator is NOT a guarantee that you will not be hacked. Just as anti-virus software is NOT a guarantee that you will never get a virus. It's just REALLY secure, but people with authenticators can and do get hacked. It's just harder.
    I realise this, but as you say it's more secure and when someone with an authenticator gets hacked at the moment Blizz seems to pay some attention to it. When real money is involved I still think there should be an authenticator on the account. Rather have a steel door on a safe than a wooden one.

  9. #9
    The Patient Blitzdoctor's Avatar
    Join Date
    May 2010
    Location
    The Netherlands
    Posts
    224
    Your money is not taken directly from your bank account, but your blizzard account. Moving money to/from your blizzard account is a separate action, likely with separate authentication.

  10. #10
    Mechagnome Xeroz's Avatar
    Join Date
    Oct 2010
    Location
    Denmark
    Posts
    513
    WTS authenticator maybe? cant hack that one. pretty simple.

    + if you dont trust blizzards way of doing the protection , then dont use the RMAH

  11. #11
    Elemental Lord Duilliath's Avatar
    Join Date
    Apr 2010
    Location
    Moonglade
    Posts
    8,165
    Quote Originally Posted by Xeroz View Post
    WTS authenticator maybe? cant hack that one. pretty simple.

    + if you dont trust blizzards way of doing the protection , then dont use the RMAH
    Read up. People with authenticators can, and do, get hacked. Not that it isn't a good idea to have one, but it's not 100% safe.

    I fully agree with your second recommendation though.

  12. #12
    Authenticator

    nuff said

    ---------- Post added 2011-11-12 at 06:24 AM ----------

    Quote Originally Posted by Duilliath View Post
    Read up. People with authenticators can, and do, get hacked. Not that it isn't a good idea to have one, but it's not 100% safe.

    I fully agree with your second recommendation though.
    Hardly any people with authenticators get "hacked" MITM attacks are few and far between.
    Beta Club

  13. #13
    Elemental Lord Duilliath's Avatar
    Join Date
    Apr 2010
    Location
    Moonglade
    Posts
    8,165
    Hardly any is not the exact same as 'none'. Officer in my guild got hacked - she does have an Authenticator.

  14. #14
    Few and far between is not the same as none.
    Several have posted that authenticators are the solution, when such a statement, and a truthful one at that indicating that authenticators are not 100% secure disproves that arguement.
    Going back on topic we simply don't know enough yet about how the payments or access to the funds will be handled.
    Until we actually know some solid information, then we can't pick fault with non-existent flaws.

  15. #15
    Quote Originally Posted by Duilliath View Post
    Hardly any is not the exact same as 'none'. Officer in my guild got hacked - she does have an Authenticator.
    How is that possible.

  16. #16
    Elemental Lord Duilliath's Avatar
    Join Date
    Apr 2010
    Location
    Moonglade
    Posts
    8,165
    Heck if I know (or she, for that matter). Luckily, it only cost the Gbank 10k gold or so.

  17. #17
    Quote Originally Posted by Sorceress View Post
    How is that possible.
    probably disabled her authenticator for something and bam got hacked....like someone said with an authenticator your less likely to get hacked especially if your smart and dont go clicking on fake blizz emails and entering your pass and email

  18. #18
    Most logical and cost free solution for Blizzard would be to create a pool of money in your battle.net account that only you can re - charge by entering your credit card info etc, this way if you get hacked they can only take the money that is already in said pool in your account ( which won't be much if you want to be careful )

  19. #19
    It would be easier for hackers to just hack paypal directly, than to go through some game.
    You'd need to enter your paypal password, etc, in order to put or take any money to or from your paypal account.,. its not like you can log into D3, and clean out your bank account....


    Quote Originally Posted by Deluhathol View Post
    Most logical and cost free solution for Blizzard would be to create a pool of money in your battle.net account that only you can re - charge by entering your credit card info etc, this way if you get hacked they can only take the money that is already in said pool in your account ( which won't be much if you want to be careful )
    That is exactly what they said they were doing some time before blizzcon even.

    Author of: Goggle Cat Comics.

  20. #20
    Quote Originally Posted by bbr View Post
    That is exactly what they said they were doing some time before blizzcon even.
    Must have missed that memo =P, thumbs up for Blizzard then

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •