Page 1 of 5
1
2
3
... LastLast
  1. #1
    Moderator Fnx-'s Avatar
    Join Date
    Jul 2011
    Location
    Denmark
    Posts
    1,354

    Blizzard Authenticator, useless?

    First of all, I don't blame Blizzard for the way they end up handling this case, but they should maybe still think about how the system works once more.
    I'll make it short and try to leave out too much info that isn't relevant for you in this post

    I recently got my Diablo3 account perm banned without any warning what so ever because of a gap in the security system Blizzard is running. 9 days ago my Diablo account was hacked in a very special way Blizzard apparently never really have seen before, at least the what I got told about my case. So, 9 days ago I was just randomly playing and got disconnected (Yes some people still play D3, no point to ask that) Looked like a normal DC, shit happens. Short after I logged in once again to check something on the AH, but then I noticed both my level 60 was stripped down for any kind of items with high value.

    My password was never changed, neither did I receive a mail about unknown activity on my account (Because I got authenticator battlenet account doesn't lock when a new IP connect) Made a ticket about what happened and all the needed info to recover any lost item/gold, would had called the support but it was closed at that time of the day. Later that day I finally get some feedback on my ticket and it turns out Blizzard perm banned my account because they claim I was involved and it was all a setup to dupe items/gold.

    Blizzard Mail
    After a thorough investigation of your recently reported compromise, it has come to our attention that your ticket was submitted in an attempt to defraud the Game Master Department in order to duplicate items. As a result, the Diablo III license attached to this Battle.net Account has been permanently closed.

    This action was taken in keeping with our Diablo III End User License Agreement http://http://eu.blizzard.com/en-gb/...l/d3_eula.html and will neither be amended nor removed.
    The past 9 days I have been on the phone with countless of supports to solve this but without luck, they would still claim I was involved in this "scam" of a GM. Until today the only thing they would tell me is they had strong evidence against me, but not how and what. My own theory was all the time a proxy had been setup on my own machine to make it look like me, but never found any kind of malmwave etc etc etc. I work daily as PC supports with system recovery, hacking and pretty much any kind of technical PC support so I do have the knowledge to prevent things like that to happen. But as I said I finally got some new info out of the Blizzard staff today, apparently a US IP was online on my account in the time room I said my account was attacked. That should pretty much clear me and and get my account unlocked once more, but that isn't the case.
    The IP from the US was a proxy over there someone connected to my account with, but it gets even better. That kind of don't bypass my authenticator at all, but at the same Blizzard has confirmed the only way it can be bypass is by live hacking. What I mean by live hacking is somebody exactly knew what he was looking for and picked my PC as his target and gave himself access to whatever I did at that time.

    To sum up if it sounds a bit confusing, my PC was controlled as I was online by someone we knew I had a high value Diablo account through a proxy in the US. What I mean by the headline is one of the questions I asked Blizzard witch they agreed with me on. As you might know and I wrote already, battlenet accounts get locked if random IPs try to connect, but if you got an authenticator attach to your account this security is missing.

    Quote from me and Blizzard on phone
    So what you say is my account would still be active and intact if I had no authenticator so the IP check would block the person out?
    Yes, most likely in this case, sorry.
    The reason I was given when I asked how come you not just unban it since it's clearly not me, was they can't be 100% sure when it happens from a proxy since no person is behind that PC at the given time.

    Envy - Kazzak EU (www.envy.si)
    World 4 in SoO (25MAN)
    MY DK

  2. #2
    Authenticators aren't bulletproof. They hold back most hackers. Think of the authenticator like a condom...

    There is no software and never will be software that is 100% safe for a security breach...

  3. #3
    I have got my account blocked for accesing from multiple ips on a travel and i have authentificator, so, you must be wrong on that.

  4. #4
    Not accurate... IP check is still done if you have an authenticator. Difference is that instead of just logging the IP address, then the authenticator would have been requested.
    Last edited by Auton; 2012-12-19 at 04:26 AM. Reason: Clarification

  5. #5
    Moderator Fnx-'s Avatar
    Join Date
    Jul 2011
    Location
    Denmark
    Posts
    1,354
    Quote Originally Posted by exdeath202 View Post
    I have got my account blocked for accesing from multiple ips on a travel and i have authentificator, so, you must be wrong on that.
    I can only tell what Blizzard told me, if you run with authenticator that security don't apply for your account.

    edit;
    Some not so useful info I left out of the first post.

    Since I was able to enter my account short after until they locked it, I could follow my own items be sold on the AH for pretty much nothing, even found one of my items a few days after being flipped on d2jsp.com
    Last edited by Fnx-; 2012-12-19 at 04:30 AM.

    Envy - Kazzak EU (www.envy.si)
    World 4 in SoO (25MAN)
    MY DK

  6. #6
    Quote Originally Posted by exdeath202 View Post
    I have got my account blocked for accesing from multiple ips on a travel and i have authentificator, so, you must be wrong on that.
    Same here. In fact I've had my account locked AFTER I talked to a Blizzard rep about it and having it unlocked by the Blizzard rep because of the change of IP.

  7. #7
    Quote Originally Posted by Fnx- View Post
    I can only tell what Blizzard told me, if you run with authenticator that security don't apply for your account.
    Got blocked twice with an authenticator. Both times it was me moving from one house to another or one city to another.

  8. #8
    In theory it could be a backdoor program at your computer, with a software that installs a new desktop-screen for you, showing you the DCd, fake, D3-window, while they have access to your open D3-window, through your computer.
    That way it would also look like you did it.

    Would be a somewhat nifty program though.
    Everyone has so much to say
    They talk talk talk their lives away

  9. #9
    Moderator Fnx-'s Avatar
    Join Date
    Jul 2011
    Location
    Denmark
    Posts
    1,354
    Quote Originally Posted by Terridon View Post
    In theory it could be a backdoor program at your computer, with a software that installs a new desktop-screen for you, showing you the DCd, fake, wow-window, while they have access to your open wow-window, through your computer.
    That way it would also look like you did it.

    Would be a somewhat nifty program though.
    I ran the needed scans etc short after, the only reason that could be the case is if the program/someone removed it from the outside before I did my scans.
    Found nothing btw.

    Envy - Kazzak EU (www.envy.si)
    World 4 in SoO (25MAN)
    MY DK

  10. #10
    Quote Originally Posted by Fnx- View Post
    I ran the needed scans etc short after, the only reason that could be the case is if the program/someone removed it from the outside before I did my scans.
    Found nothing btw.
    Yeah. I got authenticator a couple of years back because i got my account in wow hacked.
    My password there was unique, consisted of random numbers, big/small letters and a couple of symbols. I only logged on from one computer, so basically they should only have been able to snif the password from that computer.
    Nothing did show up in any scans though. Pretty annoying really. Made me feel like a newbie, getting hacked, and not even being able to find out how >.<

    Hope you get your account back.
    Everyone has so much to say
    They talk talk talk their lives away

  11. #11
    Moderator Fnx-'s Avatar
    Join Date
    Jul 2011
    Location
    Denmark
    Posts
    1,354
    Quote Originally Posted by Terridon View Post
    Hope you get your account back.
    I won't, its lost... So many hours lost to a security mistake. I even went so far to ask Blizzard if I could prof someone had access to my PC from somewhere else, would they roll the ban back, no chance they said. Nothing can prof I didn't do it, not even if I had a cam in my room recording my every move 24/7 - It could be pre recorded they said. No I don't have a cam in my room watching me, but I asked them if the theory would be possible.

    Plan was to call my host and get some info if they had any.

    Envy - Kazzak EU (www.envy.si)
    World 4 in SoO (25MAN)
    MY DK

  12. #12
    Quote Originally Posted by Fnx- View Post
    I won't, its lost... So many hours lost to a security mistake. I even went so far to ask Blizzard if I could prof someone had access to my PC from somewhere else, would they roll the ban back, no chance they said. Nothing can prof I didn't do it, not even if I had a cam in my room recording my every move 24/7 - It could be pre recorded they said. No I don't have a cam in my room watching me, but I asked them if the theory would be possible.

    Plan was to call my host and get some info if they had any.
    That sucks.
    Nothing more to add to it :/
    Everyone has so much to say
    They talk talk talk their lives away

  13. #13
    battlenet accounts get locked if random IPs try to connect, but if you got an authenticator attach to your account this security is missing.
    Not entirely true, even if you have a authenticator they still check your ip and lock it down if the one logging in is different from the normal IP (Not sure if thats 100% or random) For example a friend of mine tried logging into his girls account (They live across the country from each other atm), she gave him the authenticator code and it crashed on loading.
    They did this a good 7 times to no avail, she logged in and everything worked fine. He logged back into his account and it worked fine.
    (This was after the new IP checks i.e. logging in from a new location can cause the authenticator check stuff)

    It doesnt lock the account but it does have sometype of cut off if it finds someone logging in from a different ip.
    Even if he bypassed the authenticator check all together which im not sure is even possible unless like you said the person hijacked your pc an was listening in (Which is pretty rare) it would still check the ip however there are ways to mask the IP to look like your IP..
    My guess is it was someone that knows you personally or a "Friend" you were in a VoiP with. (Certain VoiP's have security holes especially Skype that will show your IP)

    Its not unheard of but its fairly rare.
    Like others have said though no security is bulletproof if there's some value in something people will find a way to steal it.

    Also you could have just been trying to dupe items i mean this is only one side of the story. Im also not saying it's all lies just being honest.
    Im going with that you were hacked however cause PC hijacking to steal things has happened.
    Last edited by Bahska; 2012-12-19 at 05:35 AM.

  14. #14
    Bloodsail Admiral Shadee's Avatar
    Join Date
    Aug 2011
    Location
    Jersey shore night club
    Posts
    1,166
    Sounds like you were trying to dupe items. The game is better off without cheaters like you.

    Please post without calling people names.
    Last edited by Arlee; 2012-12-19 at 05:39 AM.

  15. #15
    Moderator Fnx-'s Avatar
    Join Date
    Jul 2011
    Location
    Denmark
    Posts
    1,354
    Quote Originally Posted by Bahska View Post
    Not entirely true, even if you have a authenticator they still check your ip and lock it down if the one logging in is different from the normal IP (Not sure if thats 100% or random) For example a friend of mine tried logging into his girls account (They live across the country from each other atm), she gave him the authenticator code and it crashed on loading.
    They did this a good 7 times to no avail, she logged in and everything worked fine. He logged back into his account and it worked fine.
    It doesnt lock the account but it does have sometype of cut off if it finds someone logging in from a different ip.

    Like others have said though no security is bulletproof if there's some value in something people will find a way to steal it.
    I have played friends accounts who had authenticator and live in another country just by getting the code, no login issues at all.

    Envy - Kazzak EU (www.envy.si)
    World 4 in SoO (25MAN)
    MY DK

  16. #16
    Mechagnome bloodwulf's Avatar
    Join Date
    Feb 2011
    Location
    End of the Universe
    Posts
    709
    Quote Originally Posted by Fnx- View Post
    I have played friends accounts who had authenticator and live in another country just by getting the code, no login issues at all.
    Well see i can pull the same anecdotal evidence. My friend lived in Pittsburgh PA and myself in southern indiana, and he got a temp ban one day cause he asked me to log in and repost some things cause he had to be away for a week.

    Also as others have said, blizzard still logs and checks IPs regardless of whether or not you have an authenticator. I really feel that we are just getting a partial story that may be missing some key facts here.
    "Allons-y!" - David Tennant - 10th Doctor.
    "Bow ties are cool." - Matt Smith - 11th Doctor.

  17. #17
    This is the first time I've ever seen a Moderator on here Open up a thread telling us about how he got banned because of Blizzards mistake..
    Ha.. guess there's a first for everything.

  18. #18
    Moderator Fnx-'s Avatar
    Join Date
    Jul 2011
    Location
    Denmark
    Posts
    1,354
    Quote Originally Posted by bloodwulf View Post
    Well see i can pull the same anecdotal evidence. My friend lived in Pittsburgh PA and myself in southern indiana, and he got a temp ban one day cause he asked me to log in and repost some things cause he had to be away for a week.

    Also as others have said, blizzard still logs and checks IPs regardless of whether or not you have an authenticator. I really feel that we are just getting a partial story that may be missing some key facts here.
    Nothing is missing in my thread, other than I got directed to some [email protected] mail first by the supporters who should be some kind of senior staff. Took 1 week before they went back to me, telling me they had nothing to do with it.

    Thanks for your patience with regards to the response time.

    This mailing list is intended for concerns on service and feedback on how our organisation can improve, ultimately contracts regarding in-game action need to be addressed with our in-game support staff via the My Support Site system (a ticket created through your Battle.net account).

    I’ve taken a brief look at the reason for your Diablo 3 accounts recent ban application and the reason your account was closed was due to a fraudulent request to our in-game support team concerning a restoration request.

    Thank you for your contact,

    Brendan C.
    Senior Customer Support Representative
    Blizzard Entertainment

    Envy - Kazzak EU (www.envy.si)
    World 4 in SoO (25MAN)
    MY DK

  19. #19
    Most stories like this are told with bits of info left out, maybe you're raging. I can't really tell because it appears like you speak English as a secondary language and barely try. Authentificator? That shouldn't sound right even if you just learned English.

    Anyway, you probably clicked a link you weren't supposed to or do have malware on your computer. Just because a scan didn't reveal something doesn't mean it isn't there. You also might have visited a website that logged sensitive information you didn't want anyone having. You can't throw this up as Blizz's fault, shit happens.

  20. #20
    Herald of the Titans FuxieDK's Avatar
    Join Date
    Apr 2012
    Location
    København
    Posts
    2,607
    I'm still hoping for IP-locked accounts.

    Since (virtually) everyone today have static IP, it would greatly increase security, if we could lock our Battle.Net account to one (or more) specific IPs..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •