Forbes: The Horror of Being Hacked in Diablo 3

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

PowerYoga

Diamond Member
Nov 6, 2001
4,603
0
0
OK, so you have a bunch of people having an issue, who most likely end up having the "mob mentality".

Again, show me the evidence.

Note, I'm not saying there isn't an issue here, but I want someone to show me the evidence that it's some sort of session hack. There are a multitude of reasons that this can be happening, including, but not limited to, weak passwords/brute force hacking, flash injections, scripting/botting, and yes possibly even session hacks.

Considering there isn't one ounce of proof for sessions hacks minus a lot of people having "similar" issues and speculating on how the sessions hacks are working, I find it hard to believe. Consider it is session hacking - you don't think someone who knows how to do it wouldn't try and sell how to do it somewhere, or that it would be findable?

The internet is a bunch of people talking about their experiences. If you choose not to believe them then what am I supposed to tell you? I can get hacked tomorrow, make a post, and it'll fall under your "people having an issue" "mob mentality" reasoning. You want a youtube video of people not being able to log in, and 5 seconds later log into a naked character? You want me to reproduce the hack for you or send you instructions and/or links, which would be against forum policies?

Don't be ridiculous.
 

gothamhunter

Diamond Member
Apr 20, 2010
4,466
6
81
The internet is a bunch of people talking about their experiences. If you choose not to believe them then what am I supposed to tell you? I can get hacked tomorrow, make a post, and it'll fall under your "people having an issue" "mob mentality" reasoning. You want a youtube video of people not being able to log in, and 5 seconds later log into a naked character? You want me to reproduce the hack for you or send you instructions and/or links, which would be against forum policies?

Don't be ridiculous.

If you get hacked and immediately go "oh, I got session hacked, add me to the list because all these other people also did!" then yes, you're under the mob mentality because you completely ignore any possiblity that it might have been your own fault somehow, some way. That's what the majority of these people are doing. Again, I'm not saying that the session hack doesn't exist; it's entirely possible just like any other methods, but that doesn't mean that it's the cause for everyone being hacked that is complaining about it.

If you get hacked and think through all possiblities - is my password really secure, did anyone somehow get my ID, did I recently install/download anything, etc...and use your brain, then it's possible it's a bigger picture scenario and you're one of the few that have actually thought it through.

And no, I'm not asking you to send me instructions on how to recreate the session hack. I'm saying that if this was the majority of the reason, or any reason at all, some sort of how to on how to do it would exist somewhere, most likely with someone trying to sell it with their own video proof of the session hack existing. That's how it works - you find an exploit, you sell it to others, and profit. I have seen NO INFORMATION besides end-user speculation regarding session hacks. I might as well start saying that people are getting hacked by them starting Diablo 3 and it talks to the Battle.net servers but someone put a hack on your ISP which actually reroutes it to their own server and emulates it and you end up giving them your information. Sounds legit, right?
 
Last edited:

Aikouka

Lifer
Nov 27, 2001
30,383
912
126
I would actually like to see the instructions to see how it's done. Frankly, on one side, you've got Blizzard saying it isn't possible, and on the other, you have random people (that I don't know), telling me that it is. At this point, I'm going to put my money on the slightly less faceless corporate entity that is Blizzard Entertainment than the completely faceless stranger telling me it is possible.

If you can show me a method that works, then I will have much more evidence to believe said faceless forum poster. Until then, I will have my reservations.
 
Last edited:

gothamhunter

Diamond Member
Apr 20, 2010
4,466
6
81
I would actually like to see the instructions to see how it's done. Frankly, on one side, you've got Blizzard saying it isn't possible, and on the other, you have random people (that I don't know), telling me that it is. At this point, I'm going to put my money in the slightly less faceless corporate entity that is Blizzard Entertainment than the completely faceless stranger telling me it is possible.

If you can show me a method that works, then I will have much more evidence to believe said faceless forum poster. Until then, I will have my reservations.

I agree with this. Also, just like people claimed they were hacked with an authenticator and Blizzard called them out on it (they didn't have authenticators), some people will cry wolf just to watch Blizzard burn too.
 

Anubis

No Lifer
Aug 31, 2001
78,716
417
126
tbqhwy.com
this reminds me of people bitching that they would not play MW3 because its bascially MW2.5 and then seeing that screen shot of them all online playing MW3
 

Grooveriding

Diamond Member
Dec 25, 2008
9,107
1,260
126
this reminds me of people bitching that they would not play MW3 because its bascially MW2.5 and then seeing that screen shot of them all online playing MW3

Not so sure, Blizzard seems to be in trouble on this title. Never mind the poor management of so many facets of the release, but there is a lot of dissatisfaction with the quality of the game.

The only positive reviews have been from the shill sites like IGN and gamespot. The hot youtube/social media type reviewers that gamers watch are all lambasting the game for being horrible. One of the biggest, Totalbiscuit, won't even cover the game at all. There are always complaints at a game's launch, but looking at the official forums for the game and fan sites, it's getting roasted over the coals and a lot of people are taking advantage of getting a refund in the 30 day window.

Blizzard really struck out on this title. I'm not really surprised. They sort of tried to create a whole new game in D3. They haven't done that since the original WoW, since then they've been building on the existing framework and following the formula. Now they've tried to do something new without all the talent of Blizzard North that was lost in 2005, the creators of the Diablo IP, it's starting to show that they really were gutted of their core talent with the departure of the Blizzard North group.

I think they're in serious trouble in terms of creating new compelling IPs. Milking an already established franchise is one thing, but they've made nothing new since losing Blizzard North until Diablo 3, which is a large departure from the core elements of the original Diablo 1 & 2.

The game sold oodles on release day hype and marketing, but no one had actually played it. Now that it's out and in gamer's hands, it's getting a luke warm reception and is easily the worst title Blizzard has ever released. This only bodes very poorly for any success they had planned for the Real Money Auction House feature for continued revenue. Selling all those copies day one on hype is one thing, but with such a poor reception killing the game's longevity, the real money auction system is not going to be very successful.
 
Last edited:

blastingcap

Diamond Member
Sep 16, 2010
6,654
5
76
Blizzard is really going down the toilet. Whether it is Activision's poor practices towards the consumer having a trickle down effect or them mismanaging their growth and not being prepared to handle their new challenges, who knows.

Something has gone wrong in Irvine.

+1

Blizz became just another money-grubbing company after Activision bought it. And no it wasn't a merger of equals; look at who is ultimately in charge. Look at their org chart. The answer is clear. Blizzard answers to Activision, which answers to Wall Street, which only cares about profit, not gamers.

Valve hasn't gone down the Blizzard road because they own a de facto game distribution monopoly that has made Gabe a billionaire, not that he seemed to care that much about money in the first place having quit Microsoft to found a gaming company. Say what you will of Valve, but its private ownership by an owner with zero money problems means independence from Wall Street, unlike Activision and EA, both of which answer to Wall Street.

http://www.google.com/finance?q=ea

http://www.google.com/finance?client=ob&q=NASDAQ:ATVI

http://www.gameinformer.com/b/featu...sound-off-on-upcoming-activision-lawsuit.aspx

I won't even bother posting specific stories about EA's asshattery. I think this "award" says it all:

http://consumerist.com/2012/04/congratulations-ea-you-are-the-worst-company-in-america-for-2012.html
 
Last edited:

crownjules

Diamond Member
Jul 7, 2005
4,858
0
76
I won't even bother posting specific stories about EA's asshattery. I think this "award" says it all:

http://consumerist.com/2012/04/congratulations-ea-you-are-the-worst-company-in-america-for-2012.html

That EA beat out BoA is testament to just how stupid the average video gamer really is (because who else is voting for that result?). That or they are so wrapped up in their virtual realities that they have no idea about the terrible things BoA does that makes it far more deserving of that award. But now we're getting off topic...
 

PowerYoga

Diamond Member
Nov 6, 2001
4,603
0
0
If you get hacked and immediately go "oh, I got session hacked, add me to the list because all these other people also did!" then yes, you're under the mob mentality because you completely ignore any possiblity that it might have been your own fault somehow, some way. That's what the majority of these people are doing. Again, I'm not saying that the session hack doesn't exist; it's entirely possible just like any other methods, but that doesn't mean that it's the cause for everyone being hacked that is complaining about it.

If you get hacked and think through all possiblities - is my password really secure, did anyone somehow get my ID, did I recently install/download anything, etc...and use your brain, then it's possible it's a bigger picture scenario and you're one of the few that have actually thought it through.

And no, I'm not asking you to send me instructions on how to recreate the session hack. I'm saying that if this was the majority of the reason, or any reason at all, some sort of how to on how to do it would exist somewhere, most likely with someone trying to sell it with their own video proof of the session hack existing. That's how it works - you find an exploit, you sell it to others, and profit. I have seen NO INFORMATION besides end-user speculation regarding session hacks. I might as well start saying that people are getting hacked by them starting Diablo 3 and it talks to the Battle.net servers but someone put a hack on your ISP which actually reroutes it to their own server and emulates it and you end up giving them your information. Sounds legit, right?

No because I work in the it industry and would know you're full of shit. ;) Either way at this point it's all he-said-shesaid, and I'm not motivated enough to to look up the hack myself. If you really want evidence of it then you should look it up yourself, I'm busy playing the actual game regardless of all the cries about hacks.
 

-Slacker-

Golden Member
Feb 24, 2010
1,563
0
76
Iz okay guyze, cuz this happens with taht other mmorpg, WoW, so u can rest eezy now. What do u meen "then they had plenty of time and know-how to prevent it from happening in D3, since they are a multi-billion dollar corporation"? Son u just a h8er bro!!!111
 

Wreckem

Diamond Member
Sep 23, 2006
9,458
987
126
Sorry about that, it was kind hard to understand your post.

It's not a bug due to loss because people actively see the hack in progress. (character logged in, you try to log in it doesn't let you, etc). You can read the battlenet forums for more detailed information, but all signs point to a session hack and not a compromised account.

The scenario you are talking about is more of an investigation for tracing gold sellers as opposed to an active recovery process... so irrelevant to what we're talking about here.

You keep thinking its a bug but you're only partially right. The bug is on Blizzard's side which allows accounts to be compromised with just a battle.net id. All evidence points to it, but somehow the authenticator prevents it which is why I have one.

Is this what the message a long the lines of "you have been logged out of your account because another computer has logged into your account"? That is not the exact wording. I was booted with that message. Logged back in and nothing was gone. I did change my password
 

rchiu

Diamond Member
Jun 8, 2002
3,846
0
0
If you get hacked and immediately go "oh, I got session hacked, add me to the list because all these other people also did!" then yes, you're under the mob mentality because you completely ignore any possiblity that it might have been your own fault somehow, some way. That's what the majority of these people are doing. Again, I'm not saying that the session hack doesn't exist; it's entirely possible just like any other methods, but that doesn't mean that it's the cause for everyone being hacked that is complaining about it.

If you get hacked and think through all possiblities - is my password really secure, did anyone somehow get my ID, did I recently install/download anything, etc...and use your brain, then it's possible it's a bigger picture scenario and you're one of the few that have actually thought it through.

And no, I'm not asking you to send me instructions on how to recreate the session hack. I'm saying that if this was the majority of the reason, or any reason at all, some sort of how to on how to do it would exist somewhere, most likely with someone trying to sell it with their own video proof of the session hack existing. That's how it works - you find an exploit, you sell it to others, and profit. I have seen NO INFORMATION besides end-user speculation regarding session hacks. I might as well start saying that people are getting hacked by them starting Diablo 3 and it talks to the Battle.net servers but someone put a hack on your ISP which actually reroutes it to their own server and emulates it and you end up giving them your information. Sounds legit, right?

Who cares about the details of the "hack". All these would not happen if Blizzard didn't force everyone to go online, and have our saved data somewhere "in the cloud", instead of some save files on my desktop.

It's very simple, Blizzard forced everyone to be online, even for people just want to play solo. But at the same time, cannot give users a stable, secure online environment. Why do fanboys think we got nothing better to do then complaining if everything is peachy and dandy? It is what it is, Blizzard policy to force people on line sucks, and the inability to provide a secure and stable online system multiplied that suckiness.
 
Last edited:

shortylickens

No Lifer
Jul 15, 2003
82,854
17,365
136
Forbes knows as much about video games as Anand knows about politics.
Some, but not enough they should be writing articles or anyone should read them.


Anyway, Blizzard could have solved about half their problems by letting people play SP offline.
I wont be getting any more games from them. They are now number 3 behind EA and Ubi.
 

DAGTA

Diamond Member
Oct 9, 1999
8,175
1
0
The 'hacks' are not bugs. After being cleaned out, you can see new names in your recent list of people. If you then join a game hosted by that name, you can watch as other people are cleaned out in act 1 on Normal.
 

crownjules

Diamond Member
Jul 7, 2005
4,858
0
76
This has been going on for at least 2 weeks now, right? Someone out there has got to have figured out the tactic for hacking if it's something other than simply stealing/guessing passwords. Especially if the hackers were doing it a week after launch.
 

Anubis

No Lifer
Aug 31, 2001
78,716
417
126
tbqhwy.com
i doubt they just figured it out. they have prob know about it since the beta, and were sitting on it for the game to go live
 

DrunkenSano

Diamond Member
Aug 8, 2008
3,892
490
126
This has been going on for at least 2 weeks now, right? Someone out there has got to have figured out the tactic for hacking if it's something other than simply stealing/guessing passwords. Especially if the hackers were doing it a week after launch.

What a lot of people miss is that since it is a battle.net account, it means many of the compromised accounts were probably from WoW. People with compromised computers didn't even know they were compromised, since they stopped playing WoW. The gold sellers smartly waited and stay dormant until the huge D3 game opened.

Also, people's computers being compromised isn't from Blizzard, it is from an external source. Whether it is visiting the wrong site, being hit by a compromised banner, or a regular everyday program for Microsoft not being updated for security holes. It isn't hackers hacking Blizzard, it is hackers hacking other easier hacked stuff, using it as a backdoor to gain your information.
 

Genx87

Lifer
Apr 8, 2002
41,095
513
126
From my understanding, Blizzard doesn't know how its happening, so the authenticator was the only way to put a stop to it.

I also had my WOW account hacked...it came out of the blue as well; I don't do anything shady, have my mal ware (things like no script) and AV up to date always, and while my passwords aren't the strongest, they are hard to pick out (think of seemingly unrelated random words) and were unique to WOW at the time.


Go figure.

Somebody attempted to take both of my WoW accounts as well. And it came out of the blue about a year ago. I had not played the game for about 6 months and suddenly I am getting password reset request and account reset emails. But I never logged into the game to verify if they are stripped or deleted. My passwords were 10 character complex passwords.
 
Last edited:

ibex333

Diamond Member
Mar 26, 2005
4,086
119
106
Dude, it's just a game, no need to get all worked up ;)

I hate it when people say that.

NO, it's NOT just a game. It stops being "just" a game when someone dedicated many hours of their life to this, sometimes days... months.. years... Money, physical and mental effort, etc etc. People "pay" for this with their health and days of their life... Health and time that will never come back. IMO, that's a lot more valuable than any amount of money.

Thank god I am NOT playing Diablo III now, but I did play Diablo II back in the day for years.

Although individuals spending so much time and effort on games may be wrong, misguided, whatever, it is stupid and wrong to laugh at them and say "Dude, it's just a game!"

Having been in these shoes, I simply feel sorry for anyone who gives more than a few hours of their time and energy to Diablo III per day, and even that may be overdoing it, when there are so many other great games out there that give plenty of enjoyment without such a large time investment. I just hope such people will eventually find their way like I did and say "NO" to Blizzard.
 

PowerYoga

Diamond Member
Nov 6, 2001
4,603
0
0
Gaming is a hobby like many things. So while saying "it's just a game" is understandable to some, I can say "it's just a car, who cares about a little scratch or a scrape" to someone else and they'd get offended.
 

DAGTA

Diamond Member
Oct 9, 1999
8,175
1
0
What a lot of people miss is that since it is a battle.net account, it means many of the compromised accounts were probably from WoW. People with compromised computers didn't even know they were compromised, since they stopped playing WoW. The gold sellers smartly waited and stay dormant until the huge D3 game opened.

Also, people's computers being compromised isn't from Blizzard, it is from an external source. Whether it is visiting the wrong site, being hit by a compromised banner, or a regular everyday program for Microsoft not being updated for security holes. It isn't hackers hacking Blizzard, it is hackers hacking other easier hacked stuff, using it as a backdoor to gain your information.

I never played WoW. My battle.net account was created two weeks ago when I bought Diablo 3.

It was an old email / password combo that I had used years ago, so my guess is that was somehow compromised, but that would mean someone sat on that information for a long time.