- Dec 25, 2008
- 9,147
- 1,330
- 126
Forbes: The Horror of Being Hacked in Diablo 3
- Thread starter Grooveriding
- Start date
AMDZen
Lifer
- Apr 15, 2004
- 12,589
- 0
- 76
Another great read:
http://www.forbes.com/sites/erikkai...ns-should-stay-angry-about-always-online-drm/
It's scary indeed
http://www.forbes.com/sites/erikkai...ns-should-stay-angry-about-always-online-drm/
It's scary indeed
AMDZen
Lifer
- Apr 15, 2004
- 12,589
- 0
- 76
It amazes me how you and your ilk will vehemently defend Blizzard on things like this, even though this is echoing sentiments of what I can assume are 1,000's of people. You go on any forum and there are stories exactly like this write-up.
I can only hope that the same thing happens to you, and then see how you feel then.
EDIT: His follow up is good as well
http://www.forbes.com/sites/insertcoin/2012/05/31/for-diablo-3-hacking-the-buck-stops-where/
Blizzard fanboys are out of control
Last edited:
- Dec 25, 2008
- 9,147
- 1,330
- 126
Blizzard is really going down the toilet. Whether it is Activision's poor practices towards the consumer having a trickle down effect or them mismanaging their growth and not being prepared to handle their new challenges, who knows.
Something has gone wrong in Irvine.
Something has gone wrong in Irvine.
Barfo
Lifer
- Jan 4, 2005
- 27,539
- 212
- 106
Any "journalist" that uses "begs the question" in that context really has no place as a writer. It doesn't mean that at all.
sactoking
Diamond Member
- Sep 24, 2007
- 7,646
- 2,921
- 136
Hacking does happen, and normal players shouldn't need to use authenticators just to not get hacked.
I use authenticators to access server environments that is hosting business critical data on site at work. I shouldn't need it to shoot an internet dragon.
I use authenticators to access server environments that is hosting business critical data on site at work. I shouldn't need it to shoot an internet dragon.
Those are some really nice assumptions you're making there. I don't give a damn about Blizzard, but I do tire of the endless speculation, emotionally fueled subjectivity and misinformation from people who quite clearly don't have the foggiest idea of what they're talking about.
While the title is appropriate to the content, it reads far more like a blog post than any sort of legitimate article. He spends the majority of the piece talking only about how he feels and how Blizzard has betrayed him and trying to pass this off as being the fault of DRM (Diablo 3 is an MMOG. You are using a client, it requires a server.) It's a martyr piece trying to capitalize on fickle emotions.
All the while he manages to overlook the fact that such problems have plagued WoW and every online title from every other publisher, that many of the most prolific cases of compromise in WoW were a result of loopholes in Flash (or Java, or a browser, etc), that many of those intrusions are not detected/cured by traditional means (because they are built not to cause havoc or take over your computer or do 'traditional' nefarious things, they target games specifically which puts them under the radar of most AV-type programs), that some of those loopholes can be exploited without any sort of user input/action (simply viewing an infected flash ad), that an offline mode would only accelerate and spread the potential for genuine hacks and dupes online. You can go on and on about what he missed, now whether that's because he knew it would undermine his efforts to engender sympathy or because he simply isn't qualified to be writing, who knows.
Last edited:
Golgatha
Lifer
- Jul 18, 2003
- 12,399
- 1,072
- 126
I'm going with Activision rubbing off on their business and both of them will go the way of EA sooner or later.
AMDZen
Lifer
- Apr 15, 2004
- 12,589
- 0
- 76
Good info for anyone concerned on this issue
http://us.battle.net/d3/en/forum/topic/5575470391
As the author of this article indicates, he did nothing wrong and this is a "session" hack where all they need is your battle.net ID. It has nothing to do with your password or your login name/email
I'll be using the authenticator from my iPhone I guess when I get to higher difficulties
So, I got "hacked" a few days ago. I just set up a brand new computer / fresh OS install, I just installed the game for the first time, I updated my account password (what is it, 10 characters maximum or something like that? ridiculous), I don't share my account with anyone, and I don't visit any unscrupulous websites or download anything questionable.
Anyway, I contacted Blizzard to see what could be done. The informed me that there are a LIMITED number of account recoveries that can be performed per account, per LIFETIME. Basically, two recoveries and you're SOL.
Furthermore, they can only recover to a state that was previously saved for recovery purposes, meaning that they may have to roll back significantly further than you want. In my case, I'd be losing several levels, items, etc., despite having played for several solid days before being hacked, and then waiting a couple of days after being compromised (I took a three-day break from the game, and came back to find everything gone).
Finally, they informed me that once you hit your account recovery limit, your account will be permanently banned from the cash auction house. That makes some sense to me - it stops people with poor security practices from constantly causing Blizzard and credit card companies recurring headaches - but it also means that if you just so happen to get hacked twice for no apparent reason, you're SOL once again.
I asked them NOT to roll back my account, given the strict policy, and instead asked them if they could update my secret question (figuring that this could be one avenue for compromises), since they don't allow you to change it yourself. They refused.
Overall, I'm pissed. I'm not pissed about the items and gold that I lost - no big deal. I'm pissed about Blizzard's ridiculous policies. Their games are popular, accounts are tied to other games like WoW, and there's even real life money involved (cash auction house - soon). That makes each and every account a tantalizing target for idiots out there.
Worst of all, I still have no idea how my account got compromised, so I don't even know what to do to prevent it in the future. I've changed my password again, but who's to say that will make a difference?
Anyway, I contacted Blizzard to see what could be done. The informed me that there are a LIMITED number of account recoveries that can be performed per account, per LIFETIME. Basically, two recoveries and you're SOL.
Furthermore, they can only recover to a state that was previously saved for recovery purposes, meaning that they may have to roll back significantly further than you want. In my case, I'd be losing several levels, items, etc., despite having played for several solid days before being hacked, and then waiting a couple of days after being compromised (I took a three-day break from the game, and came back to find everything gone).
Finally, they informed me that once you hit your account recovery limit, your account will be permanently banned from the cash auction house. That makes some sense to me - it stops people with poor security practices from constantly causing Blizzard and credit card companies recurring headaches - but it also means that if you just so happen to get hacked twice for no apparent reason, you're SOL once again.
I asked them NOT to roll back my account, given the strict policy, and instead asked them if they could update my secret question (figuring that this could be one avenue for compromises), since they don't allow you to change it yourself. They refused.
Overall, I'm pissed. I'm not pissed about the items and gold that I lost - no big deal. I'm pissed about Blizzard's ridiculous policies. Their games are popular, accounts are tied to other games like WoW, and there's even real life money involved (cash auction house - soon). That makes each and every account a tantalizing target for idiots out there.
Worst of all, I still have no idea how my account got compromised, so I don't even know what to do to prevent it in the future. I've changed my password again, but who's to say that will make a difference?
Last edited:
sactoking
Diamond Member
- Sep 24, 2007
- 7,646
- 2,921
- 136
Actually, no. It's correct to everyone who is not engaged in pedantic logic exercises. That a statement is ripe for a follow-up question is a valid observation. The construction of the observation that the statement "begs the question" is proper.
"Are you a virgin?"
"Well, you know, I've never had sex with someone who was not a pre-pubescent Tongan beauty queen named 'Chuck'."
"Since you opened that door..."
"As a follow-up..."
"That answer is just begging me to ask..."
"That answer begs for the question..."
"That begs the question..."
Are all valid responses.
IAteYourMother
Lifer
- Nov 3, 2004
- 10,491
- 22
- 81
Is the password for your Diablo III account unique to that account, or is it shared across some other accounts (forums, other websites)
It's unique to that account, and it's a fairly strong password given the limited number of characters that they allow.
thespyder
Golden Member
- Aug 31, 2006
- 1,979
- 0
- 0
Hacking does happen. And it is just a game. Probably people are getting all worked up as if, oh, say their bank accounts got hacked, which is just CRAZY.
But, what I find quite telling is that the 'Always online DRM' was intended specifically to avoid this type of thing. Yet (seemingly) it is so rampant. Talk about an epic FAIL on the part of DRM. And it proves that the consumer once again pays the price in having to play always online, but to no significant benefit other than the publishers now get the opportunity to generate micro-transactions.
No, it's still wrong. The common usage argument would lead to the acceptance of "U" in place of you and "2" instead of to as well. I'm done discussing this here as this isn't the time, nor the place, but when your job is writing, you really should write properly.
I love the authenticator, it really is a must have. From playing WoW I have experienced the below over the last couple years:
I got hacked initially, ended up changing my pw and getting the authenticator, was fine for 6 months. My phone broke right before I went on vacation so I had to cancel the authenticator until I got a new phone. I ended up getting my new phone on vacation and wasn't able to set the authenticator up on my account.
Guess what happened, I came back and was hacked within a week, pw was different, computer was clean. I've played MMOs and games for years, WoW was not my first MMO or video game. I put the authenticator back on my account and haven't had any issues in WoW or D3 yet.
Take it from me, get the authenticator now and you will be fine. This is a blizzard problem, my friends have played EQ, FFXI, EnB, Star Wars, none of them have experienced the hacking that Blizzard games have.
I got hacked initially, ended up changing my pw and getting the authenticator, was fine for 6 months. My phone broke right before I went on vacation so I had to cancel the authenticator until I got a new phone. I ended up getting my new phone on vacation and wasn't able to set the authenticator up on my account.
Guess what happened, I came back and was hacked within a week, pw was different, computer was clean. I've played MMOs and games for years, WoW was not my first MMO or video game. I put the authenticator back on my account and haven't had any issues in WoW or D3 yet.
Take it from me, get the authenticator now and you will be fine. This is a blizzard problem, my friends have played EQ, FFXI, EnB, Star Wars, none of them have experienced the hacking that Blizzard games have.
Last edited:
To be fair, D3 already has more players than all of those games put together ever had, probably by a factor of 2-3. A tiny percent of a much larger player base is going to seem much more prominent.
And it's definitely been an issue in FFXI and FFXIV, at least in the past. In fact both games over the last year or two have required all users to "roll" their old accounts into new ones simply called "Square Enix Accounts" (essentially an analogue to BattleNet accounts), largely for purposes of security.
With the hackers not changing the passwords to lock users out of their accounts and with only stealing stuff from one character, it really does look like a session hack and not an account hack. Or maybe it is not a hack at all. Maybe there is a bug that is causing all your items to just disappear. So, when you log out and it saves your character it fails to save your inventory for some reason. Both of which point to Blizzard and not the user.
Didnt they have this issue with WoW at one point? I remember something like that. Where people were somehow able to logon to the servers without a password and only using a logon name.
Gunslinger08
Lifer
- Nov 18, 2001
- 13,234
- 2
- 81
I've stayed out of this before because I have no skin in the game, but I'm going to throw in my two cents. I haven't been hacked. I use the mobile authenticator.
I have heard this "session ID" thing thrown around a lot, but I've yet to see any actual proof. Where are the youtube videos of some white-hat hacking his friend's account with this method? I don't believe it until I have actual proof.
To the people complaining about needing an authenticator for a game, get over it. "I should only need an authenticator for major financial and business systems." Believe it or not, D3 is a huge financial system for the gold farmers. I saw guys selling 1 million gold for $29 in general chat. You steal 100k from 10 players with some bots/scripts and you've made $29 for very little work. Most of these people are probably in China, where $29 goes a lot further than America. You need an authenticator not based on the type of system you're accessing - you need it because of the number of people trying to attack the system. If you don't have a smart phone and can't afford the physical authenticator, use the Android emulator for Windows.
My assumption at this point is that people who are "hacked" had their password compromised in one of the many possible ways. You have the traditional "I downloaded something sketchy" issues. You have phishing/scam sites. You have other hacked sites where you used the same email address and password combination. You have exploits and vulnerabilities in every piece of software installed on your computer. Even if you keep everything up to date and don't visit sketchy sites, you can still get stung by flash/script/iframe ads using 0-day exploits. Even people who think they've done everything they can to protect themselves (probably most people on this forum) probably have some vulnerability on their system that will be taken advantage of if they hit the wrong site or banner ad.
I have heard this "session ID" thing thrown around a lot, but I've yet to see any actual proof. Where are the youtube videos of some white-hat hacking his friend's account with this method? I don't believe it until I have actual proof.
To the people complaining about needing an authenticator for a game, get over it. "I should only need an authenticator for major financial and business systems." Believe it or not, D3 is a huge financial system for the gold farmers. I saw guys selling 1 million gold for $29 in general chat. You steal 100k from 10 players with some bots/scripts and you've made $29 for very little work. Most of these people are probably in China, where $29 goes a lot further than America. You need an authenticator not based on the type of system you're accessing - you need it because of the number of people trying to attack the system. If you don't have a smart phone and can't afford the physical authenticator, use the Android emulator for Windows.
My assumption at this point is that people who are "hacked" had their password compromised in one of the many possible ways. You have the traditional "I downloaded something sketchy" issues. You have phishing/scam sites. You have other hacked sites where you used the same email address and password combination. You have exploits and vulnerabilities in every piece of software installed on your computer. Even if you keep everything up to date and don't visit sketchy sites, you can still get stung by flash/script/iframe ads using 0-day exploits. Even people who think they've done everything they can to protect themselves (probably most people on this forum) probably have some vulnerability on their system that will be taken advantage of if they hit the wrong site or banner ad.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter