Blizzard Says Battle.Net Hasn’t Been Compromised

As a side topic: I am big fan of 2 Step Authenticator systems. It isn't 100% secure and the biggest issue is if you physically lose the authenticator device but it is a stellar way to defeat most low level hacks. No one should be relaxed on maintenance on this type of sensitive information but 2 Step Authenticators help out.

@jasonefmonk: @jasonefmonk said:

Making the authenticator mandatory would be a stupid decision.

The smartphone apps are free, but not everyone has a smartphone. They could make the authenticator devices free to order, or ship them in the box ... but personally I still wouldn't want to use it. It's just an extra stupid step for those of us that have secure passwords and reliably manage them.

"Making the authenticator mandatory would be a stupid decision." Stupidity taken to another level. Why would this be a stupid decision. There's not a single reason why it should not for safety reasons

@MrOldboy: Finally, someone talking some sense. It SHOULD be required. If nothing else, it should be required for you to use it before you can call Blizzard and report your account stolen. If you aren't taking all the steps necessary to protect your investment of time why should they spend the time it takes to recover an account that 95% of the time was your fault in losing anyway?

@OldManLight: Do you have an authenticator?

@Zomgfruitbunnies: I think we're splitting HARES here (get it?). If there's a compromise on Blizzard's side it needs to be handled, but there's no hard evidence of that yet. So far it's a bunch of people that never took advantage of the authenticator. While yeah, they shouldn't HAVE to get it, it's free and not having it would be like jay-walking on a busy street (referring to the being hit by a drunk driver scenario) or sitting under a tree chock full of crows while you eat your ice cream.

just had my account compromised and my password changed just this morning, recovered my account and had a recent player in my friends list who i've never seen and my quest progress was started over in act 1 ( i was in act 3). accounts are definitely being hacked. signed up for SMS notifications for my battle.net account now. protect your loot duders. Side note, i've played no co-op except for a a brief portion of the end of act 2 with a guy i know IRL who jumped into my game. have not had any public games.

I really don't understand peoples hate about the Blizzard Authenticator. Do you really need to sign into your game so fast that you can't take an extra 15 seconds to push a button and enter a 6 digit code in?

I get the argument for not wanting to spend more money but with a fairly sizeable amount of options available for the authenticator almost everyone probably has at least one way to be able to use it.

I don't believe in the always online DRM stuff, but do think something has to be done about the rampant PC piracy. It's killing what should be the leading graphics platform, in tern holding the progression of games back as developers only invest their time in consoles.

@Napalm Well no, there is nothing unusual going on (blue post from curse/mmo-champion on this).

Hasn't it been confirmed that these hackings are just session identification hijacks? If so, why hasn't Blizzard said anything about it? It just seems like an easy move to say, "our service is completely secure! Nothing wrong on that front!"

I've stayed away from public games. Really want to try out coop, but its hard to get people together that are in the same parts of the story and difficulty. You can do coop at any time, but most people want to go through each part as to level accordingly for the higher difficulties.

Seems like people are still claiming its on blizzard's end looking at forum posts. I am doing the phone authentication thing before I log in each time now.

I have to agree that the authenticator should be mandatory. People bitch all day, but with how dumb a lot of people are and get phished or have easy security questions on their email and the monetary aspects of blizzard games there needs to be added protection. And the only way they can ensure every user uses an authentication tool is to make it mandatory. They should just give them to users with a history of buying and playing blizzard games. Sell them at gamestop for $5 for just Diablo 3 players, and then give them away with WoW sub cards. There is a call in option so people without a smartphone can do that as annoying as that would be. Blizzard should just offer a half-way point of sending the authentication code to your email, have it work for 5 minutes or so. That way a person's email and battle/net account would need to have been compromised, although that's probably easy considering everyone uses the same password.

@Xeirus said:

@LikeaSsur said:

@Xeirus said:

@Rappelsiini said:

@Xeirus I'm on my phone so it's hard to pinpoint what exactly makes his questions stupid.

Then, honestly, why bother. Does it really annoy you so bad you have to go out of your way to make a useless post?

The irony is palpable.

Oh gee, look at another one. Someone has zero sense of irony, maybe you shouldn't use a word you don't understand.

I think he understands the definition quite well. You, however, may want to brush up.

@Toxeia said:

@Zomgfruitbunnies: Fact: People are assholes. Fact: People will be assholes regardless of your actions. Fact(?): Since people are assholes regardless of my actions, it's pointless to do anything to prevent their actions from harming me? That's how I'm reading your argument. I get that Blizzard needs to step up security (if something's really happening here) but until then the only thing that CAN be done is that the user needs to protect his/her own information.

It is not the player's fault if they get hacked due to "weak" security. It is the hacker's fault because he hacked someone's account which he had no business accessing.

It is not the kid's fault if a crow shits on his ice cream cone because he isn't holding an umbrella on a sunny day.

It is not my fault if I get run over by a drunk driver because I decide to walk to work instead of driving a tank to get there or staying at home.

Preventive measures are great, but just because someone didn't take care to reduce the risk of being randomly selected to be a victim of something awful doesn't mean it is all of a sudden their fault for making it happen.

As for those who say you can still get hacked with authenticator attached: The way the modern system works is that if it detects an attempt from an IP-location which the account has never logged into it will challenge with the authenticator. If someone is able to defeat or guess 8 digit response, automatically trigger a "change your password" if it succeeds and kick them out. They would be forced to go to "www.battle.net" where they would be challenged again the authenticator/8 digit response. The system isn't foolproof or bulletproof but it is hard to defeat. It is way more likely someone they know, got access to their home machine and logged into WoW from their own machine (which it wouldn't automatically recheck with the authenticator) and stole items instead of some super hacker in Asia. The sad truth is that many hacks are actually done by acquaintances in familiar settings.

Making the authenticator mandatory would be a stupid decision.

The smartphone apps are free, but not everyone has a smartphone. They could make the authenticator devices free to order, or ship them in the box ... but personally I still wouldn't want to use it. It's just an extra stupid step for those of us that have secure passwords and reliably manage them.

@Obinice: You can go to the site and re-sync it. It's a common problem if you had it for a long time, but the way you have to add it to the account with 2 consecutive numbers makes it pretty accurate for a good while.

@Zomgfruitbunnies: Fact: People are assholes. Fact: People will be assholes regardless of your actions. Fact(?): Since people are assholes regardless of my actions, it's pointless to do anything to prevent their actions from harming me? That's how I'm reading your argument. I get that Blizzard needs to step up security (if something's really happening here) but until then the only thing that CAN be done is that the user needs to protect his/her own information.

@Turambar said:

@BionicRadd said:

@Turambar said:

The idea would be that they can alter account information on the fly as well, just as they have the tools to steal the session identifier. Now, the thing is if what you intend to suggest, that I had my account compromised the old fashion way, it would mean an e-mail would have been sent to me from Blizzard acknowledging that particular password change. That is something I never received. There is of course the chance that the hacker decided to delete it from both my inbox as well as the trashcan, but you'll forgive me if I doubt he would attempt to hide his presence to that degree particularly considering how overt the ultimate goal was.

Why would you ever doubt that? The longer he has a hold of your account, the more he can do with it. A friend mine got his wow account jacked just after Wrath came out. After they finished stripping his 80 and sending all the gold to wherever, they took his Death Knight to Karazhan on multiple occasions and farmed it for whatever he was farming for. Since this particular friend is sometimes not that talkative, the farmer logged in 4 or 5 different times before we figured out what was going on (my friend's wow account wasn't even active at the time). I don't remember your specifics, but if you had a high level D3 character, they would certainly want to mask their actions from you to maximize the amount of time they got to spend farming for rare drops.

I doubt that specifically because he would have had mere minutes to change my password. I had logged into my account about 2 to 3 minutes before being booted off. I would further posit the question to you: can you imagine a way by which I would have had my password stolen? Once again, my internet history essentially only contains Giantbomb, AnimeVice, Wordpress, Blizzard, Gmail, Edgewood College, UW Madison, Wisconsin Department of Education, UW Health, youtube, Dayforce, and various mainstream news sites for the past week. I have not downloaded attachments from any e-mail, nor recieved any such e-mails. My password is over 10 letters, contains capitalization, numbers, and is romanized Chinese. If you have a theory as to how my password would have been stolen in light of that, I would love to hear it.

Have you ever logged in from a public computer? I had my Ebay account hacked that way.

@Turambar said:

@BionicRadd said:

@Turambar said:

The idea would be that they can alter account information on the fly as well, just as they have the tools to steal the session identifier. Now, the thing is if what you intend to suggest, that I had my account compromised the old fashion way, it would mean an e-mail would have been sent to me from Blizzard acknowledging that particular password change. That is something I never received. There is of course the chance that the hacker decided to delete it from both my inbox as well as the trashcan, but you'll forgive me if I doubt he would attempt to hide his presence to that degree particularly considering how overt the ultimate goal was.

Why would you ever doubt that? The longer he has a hold of your account, the more he can do with it. A friend mine got his wow account jacked just after Wrath came out. After they finished stripping his 80 and sending all the gold to wherever, they took his Death Knight to Karazhan on multiple occasions and farmed it for whatever he was farming for. Since this particular friend is sometimes not that talkative, the farmer logged in 4 or 5 different times before we figured out what was going on (my friend's wow account wasn't even active at the time). I don't remember your specifics, but if you had a high level D3 character, they would certainly want to mask their actions from you to maximize the amount of time they got to spend farming for rare drops.

I doubt that specifically because he would have had mere minutes to change my password. I had logged into my account about 2 to 3 minutes before being booted off. I would further posit the question to you: can you imagine a way by which I would have had my password stolen? Once again, my internet history essentially only contains Giantbomb, AnimeVice, Wordpress, Blizzard, Gmail, Edgewood College, UW Madison, Wisconsin Department of Education, UW Health, youtube, Dayforce, and various mainstream news sites for the past week. I have not downloaded attachments from any e-mail, nor recieved any such e-mails. My password is over 10 letters, contains capitalization, numbers, and is romanized Chinese. If you have a theory as to how my password would have been stolen in light of that, I would love to hear it.

Have you ever logged in from a public computer? I had my Ebay account hacked that way.

@Turambar said:

The idea would be that they can alter account information on the fly as well, just as they have the tools to steal the session identifier. Now, the thing is if what you intend to suggest, that I had my account compromised the old fashion way, it would mean an e-mail would have been sent to me from Blizzard acknowledging that particular password change. That is something I never received. There is of course the chance that the hacker decided to delete it from both my inbox as well as the trashcan, but you'll forgive me if I doubt he would attempt to hide his presence to that degree particularly considering how overt the ultimate goal was.

Why would you ever doubt that? The longer he has a hold of your account, the more he can do with it. A friend mine got his wow account jacked just after Wrath came out. After they finished stripping his 80 and sending all the gold to wherever, they took his Death Knight to Karazhan on multiple occasions and farmed it for whatever he was farming for. Since this particular friend is sometimes not that talkative, the farmer logged in 4 or 5 different times before we figured out what was going on (my friend's wow account wasn't even active at the time). I don't remember your specifics, but if you had a high level D3 character, they would certainly want to mask their actions from you to maximize the amount of time they got to spend farming for rare drops.

@Moofey said:

"If the authenticator is the best way to keep an account secure, why not make that a requirement for play?"

Possibly because not everyone has a smartphone nor can they afford to buy the physical authenticator and/or have it sent to them. (Though they could afford to buy the game?)

Not that it affects me, having the android auth app.

Yea, the "cant afford it" argument is pretty weak. Blizzard doesn't require it because then they would have to pack it in with their game and that would just be wasteful. Also, you don't need a smartphone. I used the IOS auth on my ipod touch for a couple of years before I got a smartphone.

"If the authenticator is the best way to keep an account secure, why not make that a requirement for play?"

Possibly because not everyone has a smartphone nor can they afford to buy the physical authenticator and/or have it sent to them. (Though they could afford to buy the game?)

Not that it affects me, having the android auth app.

@Turambar said:

The idea would be that they can alter account information on the fly as well, just as they have the tools to steal the session identifier. Now, the thing is if what you intend to suggest, that I had my account compromised the old fashion way, it would mean an e-mail would have been sent to me from Blizzard acknowledging that particular password change. That is something I never received. There is of course the chance that the hacker decided to delete it from both my inbox as well as the trashcan, but you'll forgive me if I doubt he would attempt to hide his presence to that degree particularly considering how overt the ultimate goal was.

Why would you ever doubt that? The longer he has a hold of your account, the more he can do with it. A friend mine got his wow account jacked just after Wrath came out. After they finished stripping his 80 and sending all the gold to wherever, they took his Death Knight to Karazhan on multiple occasions and farmed it for whatever he was farming for. Since this particular friend is sometimes not that talkative, the farmer logged in 4 or 5 different times before we figured out what was going on (my friend's wow account wasn't even active at the time). I don't remember your specifics, but if you had a high level D3 character, they would certainly want to mask their actions from you to maximize the amount of time they got to spend farming for rare drops.

You really sent them those questions? Jesus.

My friend was hit by whatever this is. He's had the worst luck with this game which is somewhat interesting cause he's the biggest diablo fan out of my circle of friends. Lucky for him he hadn't actually played much because he can only play on my laptop (he's having computer issues, like i said, bad luck). I'm sure someone or some group out there is enjoying his 20k gold and level 20 gear. They hit a real jackpot with him. Luckily they didn't change his password, but I must say they are very rude. I tried to strike up a friendly conversation with them when I saw them on his recently played with list and they instantly logged off -_-. Oh well, live and learn. He has an authenticator now and so do I cause I'd rather not learn the hard way.

@Turambar said:

@BionicRadd said:

@Turambar said:

@mbkish said:

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

I fit all the all the requirements of someone "taking precaution". What now? Am I still at fault?

You had an authenticator and a strong password and used an email that you only use to log in to Battle,net? You did ALL of those things and got compromised? I don't buy it.

Didn't have an authenticator, but yep to all the rest. Here's the running theory on just what is being exploited. Original post can be found here.

You make a credential handshake once in the entire session. This happens at the time of login and this is what gets logged (IPs, account IDs, etc.).

At this point only session identifiers get transferred back and forth for each transaction. A transaction is whenever the state on your account changes. This could be anything from making an AH purchase to picking up some uber sword, or completing a quest, etc..

If I steal your session identifier and send that instead of mine, then I now have access to your account and I completely bypassed the need to login. This could happen in real time. It's possible Blizzard made the system spaz out when it detects multiple detections from the same account ID, so it keeps the most recent one logged in and kicks the old one.

The tools to do this might have also allowed the malicious user to change credentials on the fly. The game client assumes it's not hacked and the session is legit, so it makes the changes live.

While it is a theory and of course Blizzard will never confirm/disclose the specifics of their security flaw, it does a good job explaining the specific circumstances surrounding my hacking: the fact that I was booted off the game while in the middle of browsing the auction house, and the fact that my password was already changed when I tried to log back in mere seconds later. There in lies the rub: of course it is hard to believe what the above is actually happening unless it suddenly happens to you as well.

How did they log in to Battle.net and change your password without knowing your old password? I have never gotten into the account management section of Battle.net without having to login.

@Turambar said:

@BionicRadd said:

@Turambar said:

@mbkish said:

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

I fit all the all the requirements of someone "taking precaution". What now? Am I still at fault?

You had an authenticator and a strong password and used an email that you only use to log in to Battle,net? You did ALL of those things and got compromised? I don't buy it.

Didn't have an authenticator, but yep to all the rest. Here's the running theory on just what is being exploited. Original post can be found here.

You make a credential handshake once in the entire session. This happens at the time of login and this is what gets logged (IPs, account IDs, etc.).

At this point only session identifiers get transferred back and forth for each transaction. A transaction is whenever the state on your account changes. This could be anything from making an AH purchase to picking up some uber sword, or completing a quest, etc..

If I steal your session identifier and send that instead of mine, then I now have access to your account and I completely bypassed the need to login. This could happen in real time. It's possible Blizzard made the system spaz out when it detects multiple detections from the same account ID, so it keeps the most recent one logged in and kicks the old one.

The tools to do this might have also allowed the malicious user to change credentials on the fly. The game client assumes it's not hacked and the session is legit, so it makes the changes live.

While it is a theory and of course Blizzard will never confirm/disclose the specifics of their security flaw, it does a good job explaining the specific circumstances surrounding my hacking: the fact that I was booted off the game while in the middle of browsing the auction house, and the fact that my password was already changed when I tried to log back in mere seconds later. There in lies the rub: of course it is hard to believe what the above is actually happening unless it suddenly happens to you as well.

How did they log in to Battle.net and change your password without knowing your old password? I have never gotten into the account management section of Battle.net without having to login.

@Bunny_Fire: I meant not playing multiplayer... The reports that I have read regarding this situation has stated that most people who have been hacked at this point have recently played multiplayer. I wasn't saying that I play the game offline without a connection, I was using offline to say that I have been playing mostly single player. I should have specified that a little more I guess.

@mbkish said:

Shut up, Asshole!

Can't. Diarrhea.

@Zomgfruitbunnies said:

@mbkish said:

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

You have missed my point completely. Just because shit happens doesn't mean it's up to the everyone to take all of the precautions in the world to prevent said shit from happening to them. Shit happens because there are assholes out there being assholes. People can take all of the precautions they want, but assholes will continue to be assholes because taking precautions does not make the assholes not be assholes.

Blame the assholes, not the people that got shit on by the assholes.

In addition, wearing a stab-vest prevent one from being stabbed in the torso by random guy, but that doesn't mean it's up to people to wear stab-vests so they don't get randomly stabbed.

Shut up, Asshole!

@mbkish said:

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

You have missed my point completely. Just because shit happens doesn't mean it's up to the everyone to take all of the precautions in the world to prevent said shit from happening to them. Shit happens because there are assholes out there being assholes. People can take all of the precautions they want, but assholes will continue to be assholes because taking precautions does not make the assholes not be assholes.

Blame the assholes, not the people that got shit on by the assholes.

In addition, wearing a stab-vest prevent one from being stabbed in the torso by random guy, but that doesn't mean it's up to people to wear stab-vests so they don't get randomly stabbed.

@Turambar said:

@Green_Incarnate said:

My account was hacked a few days back. Don't think it was a problem with key logging/virus/phishing, although the password for it wasn't that impressive. Changed the password and recovered the account. Haven't had a problem since. Don't know what they were going to do with a lv 8 character with no gold.

Did you use the automated account recovery option? Also how long did it take for the issue to be resolved.

Yeah. Took like a minute.

@Turambar said:

@mbkish said:

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

I fit all the all the requirements of someone "taking precaution". What now? Am I still at fault?

You had an authenticator and a strong password and used an email that you only use to log in to Battle,net? You did ALL of those things and got compromised? I don't buy it.

You make a credential handshake once in the entire session. This happens at the time of login and this is what gets logged (IPs, account IDs, etc.).

At this point only session identifiers get transferred back and forth for each transaction. A transaction is whenever the state on your account changes. This could be anything from making an AH purchase to picking up some uber sword, or completing a quest, etc..

If I steal your session identifier and send that instead of mine, then I now have access to your account and I completely bypassed the need to login. This could happen in real time. It's possible Blizzard made the system spaz out when it detects multiple detections from the same account ID, so it keeps the most recent one logged in and kicks the old one.

The tools to do this might have also allowed the malicious user to change credentials on the fly. The game client assumes it's not hacked and the session is legit, so it makes the changes live.

@Turambar said:

@Green_Incarnate said:

My account was hacked a few days back. Don't think it was a problem with key logging/virus/phishing, although the password for it wasn't that impressive. Changed the password and recovered the account. Haven't had a problem since. Don't know what they were going to do with a lv 8 character with no gold.

Did you use the automated account recovery option? Also how long did it take for the issue to be resolved.

Yeah. Took like a minute.

Ever since I was hacked back in 2010, I've used an authenticator.

"I never thought it would happen to me!"

@Turambar said:

@mbkish said:

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

I fit all the all the requirements of someone "taking precaution". What now? Am I still at fault?

You had an authenticator and a strong password and used an email that you only use to log in to Battle,net? You did ALL of those things and got compromised? I don't buy it.

It should be pretty obvious why an authenticator isn't required.

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

@JBG4 said:

Well, at least this is comforting. I have an authenticator and play mostly offline so this isn't huge to me but I do feel bad for anyone who has had their account compromised.

im sorry your playing diablo 3 offline i call HAX you can do no such thing you need a always on connection to play it

@Rappelsiini: No need to be aggressively aggressive bro. And if you aren't being critical to be constructive you're not doing anyone any good. Sorry you're having a bad day though.

Too much editorializing Patrick. I had trouble understanding who was saying what.

My account was hacked a few days back. Don't think it was a problem with key logging/virus/phishing, although the password for it wasn't that impressive. Changed the password and recovered the account. Haven't had a problem since. Don't know what they were going to do with a lv 8 character with no gold.

My account was hacked a few days back. Don't think it was a problem with key logging/virus/phishing, although the password for it wasn't that impressive. Changed the password and recovered the account. Haven't had a problem since. Don't know what they were going to do with a lv 8 character with no gold.

There are a lot of new people and people who haven't played in a long time coming in. It's sad that hackers are taking advantage of this but it will die down once those players get an authenticator. As for should Blizzard make authenticators mandatory, I don't think so. If you have a secure computer you don't need to use it. The thing is that people who think their computer is secure are probably wrong so they get hacked.

@Toxeia: First of all fuck you no need to be passive aggressive and who said it was supposed to constructive criticism? I just might have had a shitty day I this a way for me to let off some steam. But like I stated it before I was at the time using my phone so it would've been pretty difficult for me to elaboreta beyond my main point. It just struck to my eye as something stupid so I commented on that. Anyway it looks like you and I aren't thinking on the same level and I'm not in the mood to explain anything so I'll leave it to that.

@Hockeymask27: Android SDK has an emulator, you can run the authenticator in that. There's also a free dial-in authenticator. On top of that, it's only $7 with shipping for the old keyfob (which I have). If $7 is too much for security there's no reason to be complaining when your shit gets jacked.

@Rappelsiini: If you read a little harder you'd see that the formatting is in what Blizzard had previously released and his question on that subject. It's not stupid, it's how Patrick kept notes on shit he wanted to know. Good on you for wanting to ignore the constructive in constructive criticism.

@Xeirus said:

@LikeaSsur said:

@Xeirus said:

@Rappelsiini said:

@Xeirus I'm on my phone so it's hard to pinpoint what exactly makes his questions stupid.

Then, honestly, why bother. Does it really annoy you so bad you have to go out of your way to make a useless post?

The irony is palpable.

Oh gee, look at another one. Someone has zero sense of irony, maybe you shouldn't use a word you don't understand.

Ha ha, jeez, duder, calm down, it's not that big of a deal. None of us are going to lose sleep over one guy's negative comment.

My wow acount has been stolen for some time now. Just havnt cared cause I'm over wow. I suppose when I get around to buying diablo 3 ill have to get that battle net stuff sorted out.

The whole hacking scenario sounded like a bullshit outcry from the get-go. This doesn't sound any different than the fake account compromise I think 4chan came up with or whatever.

Just a bunch of upset individuals venting in a stupid way. Blizzard finally fixed the lag ( I now have a constant 100 ping insted of 300 ) and now the game is near perfect.

@Zomgfruitbunnies said:

I am disgusted by the amount of victim blaming in here. If duder gets stabbed in the street by random guy, it's his fault for not taking precautions to not getting randomly stabbed, right?

Fuck off.

This is very different than a stabbing specifically because you CAN take precautions. Even without an authenticator, if you have a password containing a-zA-Z0-9 + symbols it will take 91800 years to crack it by brute force. To stay clear of keyloggers; avoid unprotected browsing, unknown sites, and don't run anything you aren't sure is safe.

Yeeah, those questions are pretty dumb.
It's almost like you are one of those European Press people who you guys mock in the bombcast.

Here's a tip for everyone who is concerned about potentially being the victim of an account compromise. Find a secure computer that you trust--this includes non-jailbroken mobile devices that contain a browser--and change the password on the account that you think is compromised, ensuring that you get the confirmation email. If your password for battle.net is the same as any other password, change it to be unique and long.

Until any forensics are completed that substantiate the sessionid spoofing rumor or some other compromise of the service as opposed to a meat and potatoes compromise of an individual's credentials, it's really hard to believe that people aren't just having run-of-the-mill credential compromises, and the Internet echo chamber isn't helping.

If I were in possession of a large number of compromised battle.net ids and passwords, this is exactly what I would have done awaiting the launch of D3--sit on the accounts until this point in time to furiously gather items to prepare for the immediately impending launch of the RMAH. I would then cash out fast in the initial crazy market rush.