TheLaw July 6, 2012 Share TheLaw Member July 6, 2012 Well my account got hacked...nufff said. Well let the long road to recovery begin. Link to comment Share on other sites More sharing options...
JackieChan July 6, 2012 Share JackieChan GC Alumni July 6, 2012 If you have a physical CD Key for one of the games on your steam account, take a picture of that with your log in name written down next to it and they can recover it for you no problem. Same thing happened to me years ago and Valve didn't respond back to me until I did that... Link to comment Share on other sites More sharing options...
TheLaw July 6, 2012 Author Share TheLaw Member July 6, 2012 My Diablo 3 account got hacked but if i steam account did i would be a whole lot more angry at the situation. Link to comment Share on other sites More sharing options...
JackieChan July 6, 2012 Share JackieChan GC Alumni July 6, 2012 Whoops... I'm still getting used to D3 being on top... That's a bummer though... If you do end up calling Blizz, it's going to suck being on hold for hours just to talk to someone for 5-10 minutes. Did you have an authenticator? Link to comment Share on other sites More sharing options...
lousiest July 6, 2012 Share lousiest Member July 6, 2012 sorry to hear that Law Link to comment Share on other sites More sharing options...
TheLaw July 6, 2012 Author Share TheLaw Member July 6, 2012 Well good news got my account back but i lost 100k gold and all of my crafting mats and all of my gems and my 3 legendary items i found woooohoo. Link to comment Share on other sites More sharing options...
lousiest July 6, 2012 Share lousiest Member July 6, 2012 can you report it to bliz and maybe they can return them to you? Link to comment Share on other sites More sharing options...
Flitterkill July 6, 2012 Share Flitterkill GC Board Member July 6, 2012 Still haven't told us if you have a authenticator dongle or smart phone app. You should tell us... Link to comment Share on other sites More sharing options...
samurai nightling July 6, 2012 Share samurai nightling Member July 6, 2012 I wanna know how this is happening. If people dont give out their password, dont do anything like that, how are accounts being hacked? I dont use the smartphone app, i dont use the authenticator dongle, and I dont want to use either of them. How are passwords being cracked? Is it a leak in the system of Blizzard? So far I've been fine not using these authenticators, but I also have never had a reason to even hint at what my passwords might be for anything I use. I just dont get it. If my account ever ends up being hacked, I can guarantee you its a leak in Blizzards security, and not mine. I also won't ever play D3 again if it happens, not worth the stress. Link to comment Share on other sites More sharing options...
TheLaw July 6, 2012 Author Share TheLaw Member July 6, 2012 I don't know how this happened i usually only play by myself or with one of my IRL friends. I have never given out my password to anyone; i now have an authenticator on my phone and blizzard solved everything. I mean it is not really a big deal that i lost all of my gems and crafting items considering i have not really crafted anything with my main lvl 60 wizard. All i can say is be careful out there the internet is a scary place XD Link to comment Share on other sites More sharing options...
lousiest July 6, 2012 Share lousiest Member July 6, 2012 Yea, really not sure why passwords can be cracked. My Aion char was hacked, but this was years after I stopped playing the game. Went back to check my online profile recently when Ebil asked if anyone still plays Aion, and lo and behold, all my items are gone. Maybe they're doing it using a brute force method, cause I didn't use a strong enough password back then. Link to comment Share on other sites More sharing options...
Flitterkill July 6, 2012 Share Flitterkill GC Board Member July 6, 2012 I dont use the smartphone app, i dont use the authenticator dongle, and I dont want to use either of them. Please reconsider. The physical dongle is a couple bucks. The phone app (iPhone, Windows Phone, Android) is *FREE*. After you login in it asks for the 8 digit code from your dongle/app - an additional 10 seconds tops to your login time. All it takes is a skeezy flash ad or bit of javascript, which could slip through to any ad network and any website (popular or otherwise) to start harvesting stuff. If it was truly a serious flaw in Blizzard security there would be a ton more people hacked and complaining, not to mention all the WOW folks who'd be affected too. 1 Link to comment Share on other sites More sharing options...
lousiest July 6, 2012 Share lousiest Member July 6, 2012 I would get the phone app... except that it doesn't accept pre-paid phones... Link to comment Share on other sites More sharing options...
samurai nightling July 6, 2012 Share samurai nightling Member July 6, 2012 I'm not paying for the dongle. And I'm probably getting rid of my smartphone in about a month. I'm done paying for data. I have a kid coming that could use our $60 a month that goes toward data. And I'm not spending money on a dongle, its that easy. I'm prolly done playing for a long time anyway in October. Link to comment Share on other sites More sharing options...
TheLaw July 6, 2012 Author Share TheLaw Member July 6, 2012 yeah a kid sounds more important than some silly old video game. Link to comment Share on other sites More sharing options...
stutters July 6, 2012 Share stutters GC Alumni July 6, 2012 for the love of god, i hope any of you with google accounts are using their two factor authentication. also, blizzard responds to d3 security issues. Link to comment Share on other sites More sharing options...
TheLaw July 6, 2012 Author Share TheLaw Member July 6, 2012 Well more good news you accounts on Diablo III have two roll backs in case this same sort of things happens to any of you guys. " My name is Lady Game Master Betlon for In-Game support. I am contacting you today about the Restoration. I am sorry that I was unable to speak with you personally and apologize for taking so long. I did try to hurry I was able to get your account rolled back to the state previous to the compromise. You will now have all of the gold and/or gear that was removed. Please keep in mind these are very limited. We do what we can for you. I have included a link below that will help with any questions. Best of luck to you" Now that everything is back to normal time to sit back and relax a little bit. 1 Link to comment Share on other sites More sharing options...
lousiest July 6, 2012 Share lousiest Member July 6, 2012 :D Link to comment Share on other sites More sharing options...
JackieChan July 6, 2012 Share JackieChan GC Alumni July 6, 2012 Nightling, the app doesn't need data to function, only when syncing it up for the first time. If you plan on keeping your smartphone around, might as well use it for that since you'd still have it. Link to comment Share on other sites More sharing options...
boiler July 7, 2012 Share boiler Member July 7, 2012 Sorry about the hack, glad you got your stuff back though! I use the smartphone app and it is super easy. takes me an extra three seconds to log in, and provides a little piece of mind. Link to comment Share on other sites More sharing options...
Sky July 7, 2012 Share Sky Member July 7, 2012 The only players who have been hacked are players who were not using an authenticator. http://www.howstrongismypassword.com/ Enter your password, find out its strength. Most users who have had their passwords cracked are participants on third party sites. Using a password with upper and lowercase letters, as well as numbers, and 8 characters or longer are passwords that would theoretically take so much time to crack it wouldn't be worth it. If you want to consider how much more secure your account is with an authenticator, consider that the amount of possible authenticator passwords are 10^8 where that is 100,000,000 possible combinations. While it's possible for an authenticator to be brute-forced, since it's numerical values only and a GPU can brute force 15 * (10^8) possible combinations in the 30 seconds that blizzard claims their authenticator is active for, it's less likely. The downside to the blizzard authenticator system in relation to newer authenticator systems, such as the bioware system, is with the blizzard system, you can reuse the same authenticator key repeatedly for the 30 second period. In SWTOR, once you've used an authenticator key, it becomes invalid, to counter key loggers. Since the blizzard authentication system doesn't work the same way, users who are the victim of key loggers could be susceptible to brute force attacks, although it isn't theoretically brute forcing if you've key logged their password. This means if your password is logged, your authenticator will be logged as well, giving the crackers access to log in to your account during that window, regardless of how strong your initial password is. There are a few things you can do to protect yourself against them: Use an authenticator. Use an password with upper case, lower case, as well as numerical characters, and make sure it's at least 8 characters long. Scan your system regularly, because while you may think you're too smart to download a virus that isn't being detected by your AV (which is relatively easy to program once you understand how AV software works) , the crackers are hoping you'll feel that way, and not run a scan. The best idea is to run different AV softwares to scan your system, since different AV software scans and search for different forms. On the bright side, crackers won't bother going after people with authenticators due to the increased difficulty, unless that account has something that is extremely valuable. The blizzard CSR reps and forum moderators won't go into detail on this because they're posting what they're told to post, they aren't engineers, and don't really understand the field. 1 Link to comment Share on other sites More sharing options...
samurai nightling July 7, 2012 Share samurai nightling Member July 7, 2012 Using a password with upper and lowercase letters, as well as numbers, and 8 characters or longer are passwords that would theoretically take so much time to crack it wouldn't be worth it. Bingo, already do this. Maybe that's why I'm not worried about using an authenticator. Link to comment Share on other sites More sharing options...
JackieChan July 7, 2012 Share JackieChan GC Alumni July 7, 2012 Protip: Blizzard passwords are case insensitive. Link to comment Share on other sites More sharing options...
Sky July 7, 2012 Share Sky Member July 7, 2012 Authenticators are just an added level of security. Crackers (not hackers, there's a difference) prefer to go after the easier targets. Most people don't understand that everyone who's account was brute-forced was using a relatively rudimentary or common password. The problem with attempting to collect data publicly is that anyone who was cracked would never admit to it. I mean, who would admit their password was "abc123" when it's in the top 10 most commonly used passwords. (That's an example) An authenticator grants you extra security in the case that something extreme such as the database comes under attack, where the authenticator has two unique, generated id strings. One is stored in the database, and the other is on your device that holds the authenticator software. the two id strings combine to form the hex of the 10^8 auth key that you see on your screen. It's highly unlikely that a cracker could decipher the other id string based on the first id string, meaning that even with your login information the cracker would be unable to have a hacker log in, because they wouldn't have the auth key. As long as your email account attached to the account doesn't share the same password, they wouldn't be able to password recovery, and thus, wouldn't be able to get in at all keeping your account safe. Unfortunately, the other major statistic is that most people use the same password for everything and in the case where they don't, they generally use the same password when it relates to the same email address, etc, which is just a cracker-hacker groups dream. Of course, you can throw alt-keycode characters into the mix to further increase password security, since a lot of cracking utilities don't attempt to brute force any of the alt-keycodes, since a lot of password systems don't store them. In the case that one does, it wouldn't be a bad idea to implement its usage. 1 Link to comment Share on other sites More sharing options...
stutters July 7, 2012 Share stutters GC Alumni July 7, 2012 Most people don't understand that everyone who's account was brute-forced was using a relatively rudimentary or common password.that's a great argument to use something like 1password. It's highly unlikely that a cracker could decipher the other id string based on the first id string, meaning that even with your login information the cracker would be unable to have a hacker log in, because they wouldn't have the auth key.well, that's mostly true. Unfortunately, the other major statistic is that most people use the same password for everything and in the case where they don't, they generally use the same password when it relates to the same email address, etc, which is just a cracker-hacker groups dream.and again, 1password strongly recommended. oh, and for trivia, the way you do line breaks reminds me way too much of wayfarer (RIP). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now