Hacked diablo 3

[TheLaw]

Well my account got hacked...nufff said. Well let the long road to recovery begin.

[JackieChan]

If you have a physical CD Key for one of the games on your steam account, take a picture of that with your log in name written down next to it and they can recover it for you no problem.

 

Same thing happened to me years ago and Valve didn't respond back to me until I did that...

[TheLaw]

My Diablo 3 account got hacked but if i steam account did i would be a whole lot more angry at the situation.

[JackieChan]

Whoops... I'm still getting used to D3 being on top...

 

That's a bummer though... If you do end up calling Blizz, it's going to suck being on hold for hours just to talk to someone for 5-10 minutes. Did you have an authenticator?

[lousiest]

sorry to hear that Law

[TheLaw]

Well good news got my account back but i lost 100k gold and all of my crafting mats and all of my gems and my 3 legendary items i found woooohoo.

[lousiest]

can you report it to bliz and maybe they can return them to you?

[Flitterkill]

Still haven't told us if you have a authenticator dongle or smart phone app. You should tell us...

[samurai nightling]

I wanna know how this is happening. If people dont give out their password, dont do anything like that, how are accounts being hacked? I dont use the smartphone app, i dont use the authenticator dongle, and I dont want to use either of them. How are passwords being cracked? Is it a leak in the system of Blizzard? So far I've been fine not using these authenticators, but I also have never had a reason to even hint at what my passwords might be for anything I use.

 

I just dont get it. If my account ever ends up being hacked, I can guarantee you its a leak in Blizzards security, and not mine. I also won't ever play D3 again if it happens, not worth the stress.

[TheLaw]

I don't know how this happened i usually only play by myself or with one of my IRL friends. I have never given out my password to anyone; i now have an authenticator on my phone and blizzard solved everything. I mean it is not really a big deal that i lost all of my gems and crafting items considering i have not really crafted anything with my main lvl 60 wizard. All i can say is be careful out there the internet is a scary place XD

[lousiest]

Yea, really not sure why passwords can be cracked. My Aion char was hacked, but this was years after I stopped playing the game. Went back to check my online profile recently when Ebil asked if anyone still plays Aion, and lo and behold, all my items are gone. Maybe they're doing it using a brute force method, cause I didn't use a strong enough password back then.

[Flitterkill]

I dont use the smartphone app, i dont use the authenticator dongle, and I dont want to use either of them.

 

Please reconsider. The physical dongle is a couple bucks. The phone app (iPhone, Windows Phone, Android) is *FREE*. After you login in it asks for the 8 digit code from your dongle/app - an additional 10 seconds tops to your login time.

 

All it takes is a skeezy flash ad or bit of javascript, which could slip through to any ad network and any website (popular or otherwise) to start harvesting stuff. If it was truly a serious flaw in Blizzard security there would be a ton more people hacked and complaining, not to mention all the WOW folks who'd be affected too.

[lousiest]

I would get the phone app... except that it doesn't accept pre-paid phones...

[samurai nightling]

I'm not paying for the dongle. And I'm probably getting rid of my smartphone in about a month. I'm done paying for data. I have a kid coming that could use our $60 a month that goes toward data. And I'm not spending money on a dongle, its that easy. I'm prolly done playing for a long time anyway in October.

[TheLaw]

yeah a kid sounds more important than some silly old video game.

[stutters]

for the love of god, i hope any of you with google accounts are using their two factor authentication.

 

also, blizzard responds to d3 security issues.

[TheLaw]

Well more good news you accounts on Diablo III have two roll backs in case this same sort of things happens to any of you guys.

 

" My name is Lady Game Master Betlon for In-Game support. I am contacting you today about the Restoration. I am sorry that I was unable to speak with you personally and apologize for taking so long. I did try to hurry

 

I was able to get your account rolled back to the state previous to the compromise. You will now have all of the gold and/or gear that was removed. Please keep in mind these are very limited. We do what we can for you. I have included a link below that will help with any questions. Best of luck to you"

 

Now that everything is back to normal time to sit back and relax a little bit.

[lousiest]

:D

[JackieChan]

Nightling, the app doesn't need data to function, only when syncing it up for the first time. If you plan on keeping your smartphone around, might as well use it for that since you'd still have it.

[boiler]

Sorry about the hack, glad you got your stuff back though!

 

I use the smartphone app and it is super easy. takes me an extra three seconds to log in, and provides a little piece of mind.

[Sky]

The only players who have been hacked are players who were not using an authenticator.

http://www.howstrongismypassword.com/

 

 

Enter your password, find out its strength.

Most users who have had their passwords cracked are participants on third party sites.

Using a password with upper and lowercase letters, as well as numbers, and 8 characters or longer are passwords that would theoretically take

so much time to crack it wouldn't be worth it.

 

If you want to consider how much more secure your account is with an authenticator, consider that the amount of possible authenticator passwords

are 10^8 where that is 100,000,000 possible combinations. While it's possible for an authenticator to be brute-forced, since it's numerical values only

and a GPU can brute force 15 * (10^8) possible combinations in the 30 seconds that blizzard claims their authenticator is active for, it's less likely.

 

The downside to the blizzard authenticator system in relation to newer authenticator systems, such as the bioware system, is with the blizzard system, you

can reuse the same authenticator key repeatedly for the 30 second period. In SWTOR, once you've used an authenticator key, it becomes invalid, to counter

key loggers. Since the blizzard authentication system doesn't work the same way, users who are the victim of key loggers could be susceptible to brute force

attacks, although it isn't theoretically brute forcing if you've key logged their password. This means if your password is logged, your authenticator will be logged

as well, giving the crackers access to log in to your account during that window, regardless of how strong your initial password is.

 

There are a few things you can do to protect yourself against them:

 

Use an authenticator.

Use an password with upper case, lower case, as well as numerical characters, and make sure it's at least 8 characters long.

Scan your system regularly, because while you may think you're too smart to download a virus that isn't being detected by your AV (which is relatively easy to program

once you understand how AV software works) , the crackers are hoping you'll feel that way, and not run a scan. The best idea is to run different AV softwares to scan

your system, since different AV software scans and search for different forms.

 

On the bright side, crackers won't bother going after people with authenticators due to the increased difficulty, unless that account has something that is extremely

valuable.

 

The blizzard CSR reps and forum moderators won't go into detail on this because they're posting what they're told to post, they aren't engineers, and don't really understand

the field.

[samurai nightling]

Using a password with upper and lowercase letters, as well as numbers, and 8 characters or longer are passwords that would theoretically take

so much time to crack it wouldn't be worth it.

 

Bingo, already do this. Maybe that's why I'm not worried about using an authenticator.

[JackieChan]

Protip: Blizzard passwords are case insensitive.

[Sky]

Authenticators are just an added level of security. Crackers (not hackers, there's a difference) prefer to go after the easier targets.

Most people don't understand that everyone who's account was brute-forced was using a relatively rudimentary or common password.

The problem with attempting to collect data publicly is that anyone who was cracked would never admit to it.

I mean, who would admit their password was "abc123" when it's in the top 10 most commonly used passwords. (That's an example)

 

An authenticator grants you extra security in the case that something extreme such as the database comes under attack, where the

authenticator has two unique, generated id strings. One is stored in the database, and the other is on your device that holds the

authenticator software. the two id strings combine to form the hex of the 10^8 auth key that you see on your screen. It's highly

unlikely that a cracker could decipher the other id string based on the first id string, meaning that even with your login information

the cracker would be unable to have a hacker log in, because they wouldn't have the auth key. As long as your email account

attached to the account doesn't share the same password, they wouldn't be able to password recovery, and thus, wouldn't be able

to get in at all keeping your account safe.

 

Unfortunately, the other major statistic is that most people use the same password for everything and in the case where they

don't, they generally use the same password when it relates to the same email address, etc, which is just a cracker-hacker groups

dream.

 

Of course, you can throw alt-keycode characters into the mix to further increase password security, since a lot of cracking utilities

don't attempt to brute force any of the alt-keycodes, since a lot of password systems don't store them. In the case that one does,

it wouldn't be a bad idea to implement its usage.

[stutters]

Most people don't understand that everyone who's account was brute-forced was using a relatively rudimentary or common password.

that's a great argument to use something like 1password.

 

It's highly unlikely that a cracker could decipher the other id string based on the first id string, meaning that even with your login information the cracker would be unable to have a hacker log in, because they wouldn't have the auth key.

well, that's mostly true.

 

Unfortunately, the other major statistic is that most people use the same password for everything and in the case where they don't, they generally use the same password when it relates to the same email address, etc, which is just a cracker-hacker groups dream.

and again, 1password strongly recommended.

 

oh, and for trivia, the way you do line breaks reminds me way too much of wayfarer (RIP).