New wave of hacks

[Matchu]

If it is wide spread.. a theory would also be.. that blizz themselves are hacking ? .. probably not.. that would be kinda weird to hack the live servers.. but still.. just a thought.. hacking to prevent hacking kinda idea here..

That makes so little sense that it almost comes back around again.

[Deleted]

Apparently, after patch 1.0.2a maintenance, a lot of people found themselves robbed of anything valuable on their characters/were getting intrusive disconnects with words like "your account was logged from another PC".

This issue is quite widespread, and touches all kinds of people (not speaking of authenticators here), playing in public games or completely avoiding them, having new and clean computers (can't really believe that so many people would be outright lying at once), etc.

Tin-foil hat theory time. Blizzard keeps postponing RMAH, might it have connection to those hacks? They know that they can't really release something like this, having security flaws in their system, which they most likely seem to have with D3. Because as of now - hackers just hack accounts in waves, picking absolutely random people, which wasn't happening even in WoW. With security flaws on their side and RMAH on live - they will have to stand trial.

I believe this my thread might get locked. But I went to official forums to see why there are so many Errors 3007 and achievements bugs (tbh - completely missing achievements) after Eu maintenance, and there is a number of threads about hacks (both on Eu and Us). I think it wouldn't be bad to raise awareness about this issue. Did anyone got hacked after this maintenance? Also with so many hacks flying around, what is general people's opinion about RMAH?

P.S.: How fun that some people were defending Blizzard's online DRM earlier on these forums, saying that one of reasons is so there would be no hacking in game. Ironically, all that it did lead to is to massive hack waves where you can't be even sure if you are safe or your account was just skipped by hackers for now.

Prove that this has happened, at all.
The only thing I've seen is talk, and this being the internet I know how little talk can be trusted.
Show a source, show some proof. These are extraordinary claims, so they need extraordinary evidence.

Nor has it been adressed wether, if true, these hacked accounts had some complete nitwits behind the keyboard. Hacks are in most cases caused by an intrusion on your PC by malware or a trojan. It's not Blizzards fault when that happens.

I'm no Blizzard fanboy, I hate a lot of things they've done and are doing, especially with D3.

---------- Post added 2012-06-01 at 08:33 PM ----------

If it is wide spread.. a theory would also be.. that blizz themselves are hacking ? .. probably not.. that would be kinda weird to hack the live servers.. but still.. just a thought.. hacking to prevent hacking kinda idea here..

Hackception?!

[alturic]

The point is 10 euros is pretty steep price for security measure that can be and should be provided by Blizz for free. Coin lock that Rift uses for example is simple mail based security measure that everyone can use without need of glorified key chain or a smart phone.

So because people can't be assed to learn how to secure their computers a company should give away a free product (which they do by the way by means of digital authenticator AND SMS protect) to satisfy the dumb people? The coin lock that Rift uses, how does that work? If I have your email account, I'm assuming I just have to go there and copy/paste the code?

[ASO]

Horse beaten to death. You assume too much. While I'm not on either side of the fence (see link), assuming one thing and entirely ignoring another, is never a good way to approach anything. Open mind. Keep it.

That said, the points you mentioned are only relative safety and only protect against client side hacks/keyloggers etc.

If all players that do not have an authenticator get hacked, what does that say about the security of your account? Think about it. Because reversed, if that were the case, it will probably also mean that all people that do have an authenticator have also been compromised, they just can't be hacked due to the authenticator. In other words, the authenticator is a good measure, but it also completely hides any issue on Blizzards side. For all you know, they have their databases leaking all their info, because the authenticator will still stop others from logging in on your account.
- In case you want to reply with "how impossible" this scenario is; it's an IF SOMETHING == TRUE { RESULT } equation, where SOMETHING = all players that do not have an authenticator, get hacked.

There is no open mind to be kept, and there is nothing either "better" or "worse" about the state of Blizzard's security. Usernames and passwords are now an insecure system alone, especially when it's all that keeps an attacker from gaining access to goods they can move with little effort and without attracting attention from law enforcement.

It's actually great that Blizzard has authenticators because that shows that want to help people secure their account.

Getting the token reduces the chances you will be hacked to almost zero. Almost, because no system is 100% impossible to break.

And even if their database are somehow compromised (and they're not), then the authenticator is still your best line of defense. If you have one, you can literally take out billboards of your username and password and remain uncompromised.

So because people can't be assed to learn how to secure their computers a company should give away a free product (which they do by the way by means of digital authenticator AND SMS protect) to satisfy the dumb people? The coin lock that Rift uses, how does that work? If I have your email account, I'm assuming I just have to go there and copy/paste the code?

That's exactly how it works. It's a less secure system because people have a tendency to use the same username and password for multiple accounts. It's better than nothing, but it's noticeably less secure than an authenticator, not only for that reason, but because it's not true 2 factor authentication.

[alturic]

There is no open mind to be kept, and there is nothing either "better" or "worse" about the state of Blizzard's security. Usernames and passwords are now an insecure system alone, especially when it's all that keeps an attacker from gaining access to goods they can move with little effort and without attracting attention from law enforcement.

It's actually great that Blizzard has authenticators because that shows that want to help people secure their account.

Getting the token reduces the chances you will be hacked to almost zero. Almost, because no system is 100% impossible to break.

And even if their database are somehow compromised (and they're not), then the authenticator is still your best line of defense. If you have one, you can literally take out billboards of your username and password and remain uncompromised.

Oh my, someone else who actually "get's it". At least there are some of us left.

[hythos]

"And even if their database are somehow compromised (and they're not), then the authenticator is still your best line of defense. If you have one, you can literally take out billboards of your username and password and remain uncompromised."
Oh my, someone else who actually "get's it". At least there are some of us left.

This is still the best arguement that supports an internal conspiracy to force / boost Authenticator sales and WoW resub's. Even if someone won't come back to their current games but may plan to for future products, if they want to protect their Battle.net account someone would still need an authenticator now.

It's exceedingly suspicious, not to mention aggrivating; considering that I've "done all I can do" (litterally a dedicated computer only for worldofwarcraft.com, battle.net, swtor.com, with very few other websites, WoW, and SWTOR; and with Googleapps.com blocked for good measure), and my account was hit. Can't get any more 'secure' than that, save using an authenticator....

[Matchu]

This is still the best arguement that supports an internal conspiracy to force / boost Authenticator sales and WoW resub's. Even if someone won't come back to their current games but may plan to for future products, if they want to protect their Battle.net account someone would still need an authenticator now.

It's exceedingly suspicious, not to mention aggrivating; considering that I've "done all I can do" (litterally a dedicated computer only for worldofwarcraft.com, battle.net, swtor.com, with very few other websites, WoW, and SWTOR; and with Googleapps.com blocked for good measure), and my account was hit. Can't get any more 'secure' than that, save using an authenticator....

They're free with pretty much every smartphone and Blizzard loses money everytime they sell you a physical one. If you don't want to protect your account, don't blame anyone but yourself when it's stolen.

[alturic]

This is still the best arguement that supports an internal conspiracy to force / boost Authenticator sales and WoW resub's. Even if someone won't come back to their current games but may plan to for future products, if they want to protect their Battle.net account someone would still need an authenticator now.

It's exceedingly suspicious, not to mention aggrivating; considering that I've "done all I can do" (litterally a dedicated computer only for worldofwarcraft.com, battle.net, swtor.com, with very few other websites, WoW, and SWTOR; and with Googleapps.com blocked for good measure), and my account was hit. Can't get any more 'secure' than that, save using an authenticator....

So you spent an absurd (compared to the price of an authenticator) amount of money, in hopes to "bypass" needing to spend $6.50 (free if you have a smartphone/iPod) in hopes of achieving more success then what $6.50 could?

I can't believe people think a game company would (follow me for a second) "strip" everything from your account in the hopes of you paying $6.50 (which is at cost for them) for an authenticator? Especially considering the fact that they just give you everything back they "stripped" from you in the first place.

---------- Post added 2012-06-01 at 03:44 PM ----------

This is still the best arguement that supports an internal conspiracy to force / boost Authenticator sales and WoW resub's. Even if someone won't come back to their current games but may plan to for future products, if they want to protect their Battle.net account someone would still need an authenticator now.

It's exceedingly suspicious, not to mention aggrivating; considering that I've "done all I can do" (litterally a dedicated computer only for worldofwarcraft.com, battle.net, swtor.com, with very few other websites, WoW, and SWTOR; and with Googleapps.com blocked for good measure), and my account was hit. Can't get any more 'secure' than that, save using an authenticator....

Also, since you said you use the "dedicated computer" for WoW/BNet/ToR/Few other sites, you have 3+ different email accounts, all with different providers, all with different passwords? I'm going to assume you will say yes to that, but I hope you see my point. You went through all the trouble of doing everything you've "done", to get back to something that would have protected you much more, all for $6.50.

[Deleted]

considering that I've "done all I can do" (litterally a dedicated computer only for worldofwarcraft.com, battle.net, swtor.com, with very few other websites, WoW, and SWTOR; and with Googleapps.com blocked for good measure), and my account was hit. Can't get any more 'secure' than that, save using an authenticator....

So you'd rather spend several hundred bucks to buy and run a completely separate computer, instead of forking out a measly ten or twenty bucks for an authenticator, and you're crying how there's a "conspiracy" to "take your money"?

Really.

[Vespian]

There is no open mind to be kept, and there is nothing either "better" or "worse" about the state of Blizzard's security. Usernames and passwords are now an insecure system alone, especially when it's all that keeps an attacker from gaining access to goods they can move with little effort and without attracting attention from law enforcement.

It's actually great that Blizzard has authenticators because that shows that want to help people secure their account.

Getting the token reduces the chances you will be hacked to almost zero. Almost, because no system is 100% impossible to break.

And even if their database are somehow compromised (and they're not), then the authenticator is still your best line of defense. If you have one, you can literally take out billboards of your username and password and remain uncompromised.

The open mind concerns how companies in general relate to the public in general and visa versa. I'm a firm believer of truths being mostly in the middle, somewhere. Besides that, I would have expected a moderator to read a topic or at least appear informed, but I'll say it again. I'm not arguing against the authenticator, I even underline what you are saying, namely that it is thanks to Blizzard authenticator that we wouldn't even know if we would have gotten compromised. Which is both a good and bad point, because on one side, our account is secure, but on the other side we'll never know how secure Blizzards back-end is.

As I mentioned before, this actually results in a focus on having those authenticators, which you still should, but takes away our attention from possible leaks. Once more, Blizzard is a company, who's stocks are currently well.. not going all that well due to the current media fuzz about *possible hacks* and any company would have reason enough, to downplay any issue concerning their database security. I'm not saying they are, I'm not saying they are not. Blizzard is not my god, they are a company that thrives on profit. I'm simply objectively saying that I would do the same and most PR divisions would do the same in case of shit hitting the fan.

There's also this myth about *it being the law to report any breaches*, which is true. But the context of such a law often allows companies to withhold such information for lengthy periods of time, for as long as there is no conclusive proof to whether or not a database has or hasn't been compromised. A famous example given by many people is Sony, but Sony didn't report jack shit until their data started leaking from sources unknown, or rather anonymous. Once more, not saying this is happening, not saying that it isn't.

But, if it turns out that all people that do not have an authenticator get hacked, be it now, or in the future, which would make 'all' close to 90+% of the 'population that does not have an authenticator', we would theoretically be looking at a very plausible case in which all data is compromised and the authenticator being the only thing that keeps us all from being hacked, virus or no virus on personal PC.

Any person saying that Blizzard has a foolproof defence is wrong, any person stating that Blizzard always speaks the truth is wrong, as has been proven time after time after time, any person saying that all the raving lunatics on the forums, about how their protected accounts got stolen, are right, are wrong. Any person stating that Blizzards databases have not been compromised can not proof that to be true or false. Hence, we do not know.

One of the many things it takes to be a moderator, is being able to objectively view a situation. I'm sorry to say, but you lack objectivity. Even though I'm 100% with you on any statements that contain "very unlikely", you cannot say "impossible".

That's exactly how it works. It's a less secure system because people have a tendency to use the same username and password for multiple accounts. It's better than nothing, but it's noticeably less secure than an authenticator, not only for that reason, but because it's not true 2 factor authentication.

True and false. The system is quite secure. The user, mostly not. But it works as a second or third layer protection and those that played Rift for some time know how it saved Rift from hackers entirely. Well, for 1.5 weeks at least. Took them that long to find the 'how' and fix it.

Edit: Plus, Rift has both an authenticator and Coin Lock in place now, so which is more secure is not an actual argument. Rift would win, having first, second and third layer protection. (password[mandatory] -> Auth[voluntarily] -> coin Lock[mandatory])

[Shinzai]

Meh. I've played WoW for about 5 years now and I've been playing Diablo 3 too. Never been 'hacked' once. Though I do actually keep a tab on what's running on my computer and make sure that suspect programs won't gain access in the first place. I also don't visit any websites of a questionable nature as to how they're coded, etc etc. Also I don't deal with gold sellers or such. I do receive a lot of spam e-mails to one of my e-mail accounts though, often telling me that there are security breaches with my blizzard account that require me to follow the link that goes to notbattle.net and enter my details. I just report them as spam.

In fact, thinking about it, I've been using the internet since 1995 and I've never had any of my e-mail accounts, programs or games hacked ever. Play safe, use absurdly strong passwords and profit.

[Vespian]

Meh. I've played WoW for about 5 years now and I've been playing Diablo 3 too. Never been 'hacked' once. Though I do actually keep a tab on what's running on my computer and make sure that suspect programs won't gain access in the first place. I also don't visit any websites of a questionable nature as to how they're coded, etc etc. Also I don't deal with gold sellers or such. I do receive a lot of spam e-mails to one of my e-mail accounts though, often telling me that there are security breaches with my blizzard account that require me to follow the link that goes to notbattle.net and enter my details. I just report them as spam.

In fact, thinking about it, I've been using the internet since 1995 and I've never had any of my e-mail accounts, programs or games hacked ever. Play safe, use absurdly strong passwords and profit.

Question is, are you using an authenticator ?

[Shinzai]

Question is, are you using an authenticator ?

Nope, never saw a need for one.

[Twiddly]

Fear mongering is fun, isn't it?

[Salech]

• Learn how to keep your computer 100% virus free - something an unbelievable number of people think they've mastered but fail at miserably.
• Get a physical authenticator and set it so you're asked the code each and every time you log in.
• Enable the SMS protect service.
• Never allow anyone to use your account under any circumstances whatsoever.

Get these points down and you can stop worrying about your account safety.

I do these steps, except the fucking authenticator, never been hacked.

[artem123]

The point is 10 euros is pretty steep price for security measure that can be and should be provided by Blizz for free. Coin lock that Rift uses for example is simple mail based security measure that everyone can use without need of glorified key chain or a smart phone.

So you want a company, to basically spend about 1-2$ atleast for a physical authenticator, adding in ALL their subscribers and etc.
That's easily over 9mil of extra money having to be spent, Because here, You dont need an authentictor if you have half a decent brain computer wise.
PS authenticators dont mean you wont be hacked, if you did the things as before you can still get hacked.
and im pretty sure people who have authenticators have been hacked on this

[Triggered Fridgekin]

Nothing is 100%. It's why household cleaners kill 99.999% of germs and servers rely on the 9s system.

Certainly uncertain.

[Nerraw]

I do these steps, except the fucking authenticator, never been hacked.

A lot of people said the same thing a few years ago. Then the flash player vulnerability happened.

[PhilCosby]

Fear mongering is fun, isn't it?

It's probably one of humanity's greatest weaknesses. LOL.

"Hacking" someones mind, if you will. Exploiting vulnerabilities in the brain. Haha. I can go on all day. Setting up a MITM implant within a thought process.

A lot of people said the same thing a few years ago. Then the flash player vulnerability happened.

Haha. Flash/Adobe/Java have historically been vulnerable. I always recommend caution when using these products. Noscript/flashblock/adblock allll dayyyy.