New wave of hacks

[Keosen]

Ιs page broken after mygodman's post for anyone else or just for me?

[Howard Moon]

I really don't get why people don't just use the authenticator. It's free, easy, and safe.

---------- Post added 2012-06-01 at 11:32 AM ----------

Ιs page broken after mygodman's post for anyone else or just for me?

Me too. mygodman, what kind of evil signature do you have? ^_^

[Talyrius]

Yes, it's broken. It appears someone has found a bug. The website administrators should be informed.

[Vespian]

There is no way Blizzard would be able to hide a massive hack assault, we're talking about millions of accounts spreading through all Blizzard game, WoW, SC2 and Diablo 3.

You think or know? Because just like how you end your comment, what numbers do we have?

[Deleted]

Ιs page broken after mygodman's post for anyone else or just for me?

Yes it broke me as well.

There's no new wave of hack probably, the human mind is simply "good" at weaving connections between events.
Probably compromises of accounts continue on a regular basis and at the same pace, is just that after a specific event it hit much much more the imagination and everything seems bigger than it actually is.

Let's say that there're 1000 comromised account a day everyday. (I like making numbers up!)
After a patch there are still the usual 1000 compromises. but hey *after a patch* omg something's wrong

[Repefe]

Thing is mobile authenticator does not support all mobiles and physical authenticator cost 10 euros. My bank account is more secure for fraction of that price.

[Deleted]

Thing is mobile authenticator does not support all mobiles and physical authenticator cost 10 euros. My bank account is more secure for fraction of that price.

that's also because your bank also keep all your money and if the bank goes in bankrupt you're very very much screwed up since guess, you will have exactly 0 money.

apples and oranges

[Keosen]

You think or know? Because just like how you end your comment, what numbers do we have?

6.5mil accounts according to the sales Diablo made so far.
If a DB was hacked and/or there was some kind of hack beside the traditional ones do you honestly think that all that would happen is a couple of
"I lost my gold and gear" topic every day?

Conspiracy theories are fun but if we deliberately skipping logic there is not much to discuss really.

[Deleted]

Completely impossible.

The Ministry of Defence can not even keep their computers 100% virus free.

Me, you, and every other home user have 0% chance eliminating the most advanced viruses if we were to ever get infected.



Makes no difference if its a digital or physical authenticator if you get infected with a decent keygen virus.

As soon as you type in the authenticator keycode, the virus will intercept the login information, prevent your computer from logging on and immediatly log the hackers computer into your account.

If you get infected by this type of virus, authenticators offer 0% protection to your account. Physical or digital makes no difference.



Yep agree here, a very good extra layer of security system.



Agree.


You missed out the most important thing though.

Never use your wow username and password for ANYTHING else, INCLUDING MMO CHAMPION LOGIN credentials.

So many people use the same username and password for multiple websites, and then wonder why they got hacked.

This is true, but the gold farmer hackers would not make any profit if they used super advanced hacks as it is simply to time consuming, but if some super elite hacker decides he wants to hack you it's probably going to be difficult to protect your computer even if you have taken most security precautions.

[Vespian]

6.5mil accounts according to the sales Diablo made so far.
If a DB was hacked and/or there was some kind of hack beside the traditional ones do you honestly think that all that would happen is a couple of
"I lost my gold and gear" topic every day?

What I meant is this;

What numbers do we really have on how many accounts were hacked and what percentage they represent of total people that do not have an authenticator? Not to mention that such a percentage could/should grow, since that seems to be the current flow of things.

If it (it being hacked accounts) comes close to the 100% of the people that do not have an authenticator (which is hopefully only a few percent of those 7mil), how likely would it be that more than just the amount of unprotected accounts have had their information leaked? Pretty likely, in that specific case.

The actual hack-attempts would then only succeed on unprotected accounts.

[Repefe]

that's also because your bank also keep all your money and if the bank goes in bankrupt you're very very much screwed up since guess, you will have exactly 0 money.

apples and oranges

The point is 10 euros is pretty steep price for security measure that can be and should be provided by Blizz for free. Coin lock that Rift uses for example is simple mail based security measure that everyone can use without need of glorified key chain or a smart phone.

[Aran]

again, zero proof except for random people posting on Blizz forums claiming to be hacked etc. Again, no authenticators.

[Deleted]

Hasn't Blizzard already confirmed that anyone to date who has been hacked, has been because of the usual issues related to account security, and not any new "super hack".

If you don't want to get hacked, get an authenticator. While nothing is 100% safe, it is an almost perfect system.

[Deleted]

The point is 10 euros is pretty steep price for security measure that can be and should be provided by Blizz for free. Coin lock that Rift uses for example is simple mail based security measure that everyone can use without need of glorified key chain or a smart phone.

the "Coin lock" is already present on Blizzard game and it is the Battle.net secure mail that you receive for the exact same reason of the coin lock and that instead lock your *entire* B.Net account unless you perform a password reset. I had it sent to me a couple of time when try to play from a friend place or when on holiday somewhere (yes I'm a nerd olololol)

This is again another *layer* of security but is not the holy saviour of account security because the only thing that I need to do at that point is to simply get your e-mail password that, if you have a keylogger on your PC, is as easy as getting your account password

[Deleted]

Apparently it is easier to nerdrage and blame somebody else. Every topic on this issue goes through the same loops. Expect "The authenticator should be free" demands soon.

Aye. The sad part is that Blizzard has already said that the cost of the Authenticator is exactly the cost it takes to manufacturer and ship it. It gives them no profit, and the mobile phone version is free, which also cost development time.

100% of these "I've been hacked" cases are the same as always. You visited a porn site, downloaded something, or just generally are terrible at account security. Blizzard can't prevent stupidity...

[Keosen]

What I meant is this;

What numbers do we really have on how many accounts were hacked and what percentage they represent of total people that do not have an authenticator? Not to mention that such a percentage could/should grow, since that seems to be the current flow of things.

If it (it being hacked accounts) comes close to the 100% of the people that do not have an authenticator (which is hopefully only a few percent of those 7mil), how likely would it be that more than just the amount of unprotected accounts have had their information leaked? Pretty likely, in that specific case.

The actual hack-attempts would then only succeed on unprotected accounts.

Your way of thinking it's valid and i can't really respond to it without having the actual ratio of compromised accounts with/wo authenticator.
On the other hand we have Blizzard's response that every compromised account
1) Didn't had an authenticator attached
2) Happened via traditional methods
3) It's technically impossible to compromise an account via other means beside the known ones.

So the solutions is either buy and authenticator or be more careful on what you're clicking or both.

The fact is that there is a widespread misconception about how your account could be compromised and people without authenticator and with poor protection they would just avoid playing public games (because they turned out to be the backdoor) and feel safe to keep googling "Diablo 3 cheats", "Diablo 3 duped items", "Buy Diablo 3 gold"

People should understand that they are solely responsible for their account loss and try to protect it, there is no magic hack, there is nothing fancy going on get over it.

[Deleted]

Yes, it's broken. It appears someone has found a bug. The website administrators should be informed.

Ill see if i can clean the post up and fix it. (I thought it was just me).

Its probably because i made a post from my office computer which uses a remote desktop PC linked to HQ servers. Something somewhere went screwy along the data lines.

[Howard Moon]

Thing is mobile authenticator does not support all mobiles and physical authenticator cost 10 euros. My bank account is more secure for fraction of that price.

Wasn't it 6 Euro? That's how much it was last year, price might have gone up I guess.

I also can't imagine a lot of phones not supporting the mobile authenticator. My phone is an ancient piece of shit, and it supports it. I don't have the free one available to iPhones etc, but I think mine cost like 50 cents to download into my phone.

[Repefe]

the "Coin lock" is already present on Blizzard game and it is the Battle.net secure mail that you receive for the exact same reason of the coin lock and that instead lock your *entire* B.Net account unless you perform a password reset. I had it sent to me a couple of time when try to play from a friend place or when on holiday somewhere (yes I'm a nerd olololol)

This is again another *layer* of security but is not the holy saviour of account security because the only thing that I need to do at that point is to simply get your e-mail password that, if you have a keylogger on your PC, is as easy as getting your account password

So does this mean that if I login to my D3 acc from different IP it will be locked till I do a password reset ?

[Vespian]

Your way of thinking it's valid and i can't really respond to it without having the actual ratio of compromised accounts with/wo authenticator.
On the other hand we have the Blizzard response that every compromised account
1) Didn't had a nauthenticator attached
2) Happened via traditional methods
3) It's technically impossible to compromise an account via other means beside the know ones.

So the solutions is either buy and authenticator or be more careful on what you're clicking or both.

The fact is that there is a widespread misconception about how your account could be compromised and people without authenticator and with poor protection they would just avoid playing public games (because it's they turned out to be the backdoor) and feel safe to keep googling "Diablo 3 cheats", "Diablo 3 duped items", "Buy Diablo 3 gold"

People should understand that they are solely responsible for their account loss to try to protect it, there is no magic hack, there is nothing fancy going on get over it.

I do not concern myself with responses from companies, unless those companies have no reason to possibly safe skin. In this case Blizzard has quite a few reasons to downplay any possible breach, hence I'm staying on my side and not on Blizzards or protestors. Any PR department would do the same as Blizzard did. If EA said it, no one would believe it. I have no real reason to mistrust Blizzard, but I don't have any reason to trust them either.

Hence, I'm just stating from a hypothetical view.

Obviously, many of the hacked accounts should normally be due to bad user/personal security, perhaps even all, but that's no reason to assume that Blizzard is somehow infallible.