Blizzard Authenticator, useless?

[Deleted]

Most stories like this are told with bits of info left out, maybe you're raging. I can't really tell because it appears like you speak English as a secondary language and barely try. Authentificator? That shouldn't sound right even if you just learned English.

Anyway, you probably clicked a link you weren't supposed to or do have malware on your computer. Just because a scan didn't reveal something doesn't mean it isn't there. You also might have visited a website that logged sensitive information you didn't want anyone having. You can't throw this up as Blizz's fault, shit happens.

It's the very first line in.

First of all, I don't blame Blizzard for the way they end up handling this case

Did you read the thread at all?

[Deleted]

It's the very first line in.


Did you read the thread at all?

After a thorough investigation of your recently reported compromise, it has come to our attention that your ticket was submitted in an attempt to defraud the Game Master Department in order to duplicate items.

Why should anyone believe anything you say? You got cought and are now trying to make Blizz look like the villains.
The scenario that you are describing is nigh on impossible.

[Bahska]

I have played friends accounts who had authenticator and live in another country just by getting the code, no login issues at all.

Yeah like i said im not sure if its Random or not and this was more recent maybe something changed? Idk just going off my experiences. That's what happened to him and i may or may not have tried it myself. It allows access to the game but freezes upon load.

But to those saying he had a key logger or a virus those types of hackings would have been caught by the authenticator and are easily recognizable.
So if true and he really got hacked it had to be more than a simple computer virus.

Attention that your ticket was submitted in an attempt to defraud the Game Master Department in order to duplicate items.

That part does make it kind of hard to believe however.^ Very specific wording from there GM team. Says nothing about your hacking and more that you submitted a ticket in a attempt to get the same items, which you would then pass the original gear back to the original toon at a later date. i.e. duping. Blizzard caught the ticket, investigated the situation and determined it was fraud. You used a proxy in a attempt to hide your tracks.
You were banned and now your mad so you make a post on a forum thats not a blizzard enforced forum knowing you will probably get banned on the Official forums for making this post if you aren't already.

[Deleted]

Why should anyone believe anything you say? You got cought and are now trying to make Blizz look like the villains.
The scenario that you are describing is nigh on impossible.

If you knew me you would know I had no intention or reason to do it. I play Blizzard games daily, manly wow and I like what they did in MoP, why would I try to make Blizzard look bad and lie this?

Just doesn't make any sense at all.

[Hanto]

Useless overall? No.

In your predicament?
Looks like it.

PC security starts with the dude sitting at the keyboard. Don't get all up in arms about Blizzard's decision when you don't take the initiative to be cautious yourself. Run regular malware/virus scans and build on your security from there. With the kind of access it sounds like that hacker had, be happy the only thing he hacked was your D3 account.

[Voidgazer]

your ticket was submitted in an attempt to defraud the Game Master Department in order to duplicate items

WTF does that even mean? Like, someone send a ticket to GM asking to restore a "missing" or "accidentaly deleted" item or something? And they permabanned a person for this?

[Deleted]

Yeah like i said im not sure if its Random or not and this was more recent maybe something changed? Idk just going off my experiences. That's what happened to him and i may or may not have tried it myself. It allows access to the game but freezes upon load.

But to those saying he had a key logger or a virus those types of hackings would have been caught by the authenticator and are easily recognizable.
So if true and he really got hacked it had to be more than a simple computer virus.

I did that 3-4 weeks ago, so it's very recent in that case.

---------- Post added 2012-12-19 at 06:58 AM ----------

Useless overall? No.

In your predicament?
Looks like it.

PC security starts with the dude sitting at the keyboard. Don't get all up in arms about Blizzard's decision when you don't take the initiative to be cautious yourself. Run regular malware/virus scans and build on your security from there. With the kind of access it sounds like that hacker had, be happy the only thing he hacked was your D3 account.

As I already wrote I work with PC security/data recovery as my daily job and I still don't blame Blizzard. About what he/she did, well they clearly knew what they came for, just d3 items, not even gold or world of warcraft.

[Mojibake]

The title of this thread is misleading. You chose a very specific case in which there is a possible security bug that will happen to very few people before Blizzard implements something that can fix it and you use that as evidence that authenticators are Useless. Yeah, you got screwed over, but you have no case if you cannot physically prove you weren't on your account at that moment (especially since nothing changed and you could log in shortly after). Either you got targeted by someone who had it in for you and was incredibly smart about it, or you're not telling the whole story. Internet people tend to be cynical.

[Deleted]

If you knew me you would know I had no intention or reason to do it. I play Blizzard games daily, manly wow and I like what they did in MoP, why would I try to make Blizzard look bad and lie this?

Just doesn't make any sense at all.

Sure you do, next you'll tell people you're also secretly Santa.
Ofc you arent going to admit that you're just trying to make them look bad. That would defeat the point of your entire little charade.

[Deleted]

The title of this thread is misleading. You chose a very specific case in which there is a possible security bug that will happen to very few people before Blizzard implements something that can fix it and you use that as evidence that authenticators are Useless. Yeah, you got screwed over, but you have no case if you cannot physically prove you weren't on your account at that moment (especially since nothing changed and you could log in shortly after). Either you got targeted by someone who had it in for you and was incredibly smart about it, or you're not telling the whole story. Internet people tend to be cynical.

It is impossible to prof I wasn't physically on the account at that time, other than Blizzard can see a US ip connected, witch isn't enough prof for Blizzard because it was a proxy.

---------- Post added 2012-12-19 at 07:07 AM ----------

Sure you do, next you'll tell people you're also secretly Santa.
Ofc you arent going to admit that you're just trying to make them look bad. That would defeat the point of your entire little charade.

Why would I make a post in the first place then and put so much effort into it and try reply to every single comment, even as mod in here. Why not just make one on blizz forums then?

[Deleted]

To make Blizz look like the bad guys.

Honestly, do you expect people to believe that some leet hacker singled you out to steal your precious gold? With an authenticator attached to your account?
hackers dont waste time on that, they go for the easy jobs.

[Jokerfiend]

I'm sorry but, why not just have it ask for Authenticator number every time you log in?

Attention that your ticket was submitted in an attempt to defraud the Game Master Department in order to duplicate items.

Sounds like you transferred your D3 items to another battle.net account, your other battle.net account!. Then said, HEY! My account got hacked! Give me back my stuff! They didn't buy it.

So it fills the story well. You have 2 accounts. Then in comes this James Bond proxy hack gig. Where you were on your computer on BOTH ACCOUNTS, at the same time. The items over, then say OH NOES, my account got hacked! Then submitted the ticket, Blizzard didn't buy it.

It makes sense with that single bold statement.

[Boogums]

First of all, I don't blame Blizzard for the way they end up handling this case, but they should maybe still think about how the system works once more.
I'll make it short and try to leave out too much info that isn't relevant for you in this post

I recently got my Diablo3 account perm banned without any warning what so ever because of a gap in the security system Blizzard is running. 9 days ago my Diablo account was hacked in a very special way Blizzard apparently never really have seen before, at least the what I got told about my case. So, 9 days ago I was just randomly playing and got disconnected (Yes some people still play D3, no point to ask that) Looked like a normal DC, shit happens. Short after I logged in once again to check something on the AH, but then I noticed both my level 60 was stripped down for any kind of items with high value.

My password was never changed, neither did I receive a mail about unknown activity on my account (Because I got authenticator battlenet account doesn't lock when a new IP connect) Made a ticket about what happened and all the needed info to recover any lost item/gold, would had called the support but it was closed at that time of the day. Later that day I finally get some feedback on my ticket and it turns out Blizzard perm banned my account because they claim I was involved and it was all a setup to dupe items/gold.

Blizzard Mail


The past 9 days I have been on the phone with countless of supports to solve this but without luck, they would still claim I was involved in this "scam" of a GM. Until today the only thing they would tell me is they had strong evidence against me, but not how and what. My own theory was all the time a proxy had been setup on my own machine to make it look like me, but never found any kind of malmwave etc etc etc. I work daily as PC supports with system recovery, hacking and pretty much any kind of technical PC support so I do have the knowledge to prevent things like that to happen. But as I said I finally got some new info out of the Blizzard staff today, apparently a US IP was online on my account in the time room I said my account was attacked. That should pretty much clear me and and get my account unlocked once more, but that isn't the case.
The IP from the US was a proxy over there someone connected to my account with, but it gets even better. That kind of don't bypass my authenticator at all, but at the same Blizzard has confirmed the only way it can be bypass is by live hacking. What I mean by live hacking is somebody exactly knew what he was looking for and picked my PC as his target and gave himself access to whatever I did at that time.

To sum up if it sounds a bit confusing, my PC was controlled as I was online by someone we knew I had a high value Diablo account through a proxy in the US. What I mean by the headline is one of the questions I asked Blizzard witch they agreed with me on. As you might know and I wrote already, battlenet accounts get locked if random IPs try to connect, but if you got an authenticator attach to your account this security is missing.

Quote from me and Blizzard on phone



The reason I was given when I asked how come you not just unban it since it's clearly not me, was they can't be 100% sure when it happens from a proxy since no person is behind that PC at the given time.

Sounds like you tried Scamming the GM department and they found out. These types of things aren't things Blizzard just does willy nilly. While I know this is never something someone who wants their account back will admit, I don't believe you. That's not to say someone didn't make a mistake, but mistakes like that rarely ever happen (if at all).

---------- Post added 2012-12-19 at 12:11 AM ----------

Why would I make a post in the first place then and put so much effort into it and try reply to every single comment, even as mod in here. Why not just make one on blizz forums then?

Pity, self satisfaction, attention, someone to agree with you so you don't feel so bad, etc.

[Palmatum]

Fnx - You know Danishpsycho, right?

If so, PM me the email you use and I'll see what I can do. No promises but my brother is pretty high on the food chain at Blizzard and has helped me out in a spot like this before.

[Deleted]

Fnx - You know Danishpsycho, right?

If so, PM me the email you use and I'll see what I can do. No promises but my brother is pretty high on the food chain at Blizzard and has helped me out in a spot like this before.

Yes I know her and talk with her daily.

[Yohassakura]

Quote from me and Blizzard on phone

So what you say is my account would still be active and intact if I had no authenticator so the IP check would block the person out?

Yes, most likely in this case, sorry.

The reason I was given when I asked how come you not just unban it since it's clearly not me, was they can't be 100% sure when it happens from a proxy since no person is behind that PC at the given time.

This is how the Authenticator works:

Why didn't I get an authenticator prompt this time?
The authenticator system will now intelligently track your login locations. If you are logging in consistently from the same location, you may not be asked for an authenticator code. This process is designed to make logging in faster when you're at a secure location.

To stop authenticator checks when you log in to Battle.net Account Management, check Remember this computer for 30 days during login. Please do not check this box if you are on a shared or public computer.

If you'd prefer an authenticator code prompt at every login, there is now a check box to enable this feature. Log into Battle.net Account Management, choose Security Options>Authenticator, and check the box next to Require an authenticator code every time you log in to the game.

Basically, when a new IP tries to access the account, the authenticator code is requested.

It's unlikely that someone hacked your authenticator, (assuming you're using the phone version, or the keyring version, not the PC Emulated version) so i'd say that it was one of your friends that you've lent the account to.

You say that "a proxy was setup on my own machine to make it look like me" then you say that they found a US IP address... They wouldn't have been able to setup a proxy without you knowing about it.

The only way to bypass the authenticator is to have it on a trusted IP address, or to man in the middle the authenticator (which isn't likely).

[Mojibake]

It is impossible to prof I wasn't physically on the account at that time, other than Blizzard can see a US ip connected, witch isn't enough prof for Blizzard because it was a proxy.

Exactly. There's nothing you can do about it because of the proxy, thus why I said the person who did it was very smart about it. Blizzard can't choose to make a decision in your favor because you ask them, they can't make a clear distinction between hacking and scamming because its just unclear. There's really no point in beating a dead horse really. The best you can do is take satisfaction in the idea that Blizzard might be preparing a way to fix this problem if it were to happen again.

[Deleted]

Exactly. There's nothing you can do about it because of the proxy, thus why I said the person who did it was very smart about it. There's really no point in beating a dead horse really. The best you can do is take satisfaction in the idea that Blizzard might be preparing a way to fix this problem if it were to happen again.

Thread isn't made to solve the problem anyway, wrote already the account is lost. Tried for 9 days to get it back.

[Baelic]

One thing I don't get...

Just cause the proxy IP is located in the US (sneaky bastards) doesn't automatically mean that someone didn't decide to be smart and run a proxy close to your IP (which means someone knows your IP) and then hack your account.

Unless I'm completely mistaken and you're the one who's behind a proxy, in that case you're kinda boned...

[Mojibake]

Fnx - You know Danishpsycho, right?

If so, PM me the email you use and I'll see what I can do. No promises but my brother is pretty high on the food chain at Blizzard and has helped me out in a spot like this before.

Calling in personal favors. Totally not a way to get him fired, amirite?