Hacked account?

#1 Posted by svxtc (91 posts) -

Not sure if this is a thing or someone hacked my account. I signed in last night to play a bit and noticed that all my gold was gone. Has anyone had this happen? Or was my account hacked. The one thing that makes me think it was hacked is that I looked at the friends list and noticed that there was someone in my recently played list. I haven't played with anyone. Thoughts?

#2 Posted by RedRavN (397 posts) -

There have been a lot of these account compromises happening. You need to change your password asap because someone has access to your account now. I lost all my gold and items last week while playing single player. Scary thing is I was playing and became disconnected while someone jacked my account. I had to change my pword to log back in and by then everything was gone.

These guys can get you just from scripts running on websites. They could have your info from years ago or they could have gotten it recently. The best thing you can do is get an authenticator because I doubt Blizz will do anything to fix their incredibly crappy account system.

#3 Posted by Dagbiker (6938 posts) -

Yes, your account was hacked.

#4 Posted by Maginnovision (483 posts) -

There is nothing wrong with their account system. It's just a large target because certain WoW, and diablo people seem oblivious to the fact that what they're doing isn't good. For instance, how many different passwords do you have? Your account wasn't hacked, someone had your password and email because you gave it away.

#5 Posted by ajamafalous (11802 posts) -

Do you have an authenticator?

#6 Posted by ajamafalous (11802 posts) -
@RedRavN said:

These guys can get you just from scripts running on websites. They could have your info from years ago or they could have gotten it recently. The best thing you can do is get an authenticator because I doubt Blizz will do anything to fix their incredibly crappy account system.

What part of you getting a keylogger or phished is Blizzard's fault?
#7 Posted by RedRavN (397 posts) -

@ajamafalous:

Considering that I've never had this happen in any other game, including multiple MMOs pretty much logically concludes that blizzards IT department has failed to some extent. There are multiple posts on every diablo forum about people being compromised. I never had a problem even having played diablo 2 for years and even wow. Care to explain why Blizzard is the only company that sells authenticators to everyone? Maybe because they are they have the most users.

My original point was that the OP should get an authenticator if they really want to prevent a compromised account and that Blizzard should also be investing into security and working to fix the problem. Or they should just lay off their entire IT department and continue to blame end users for the widespread account issues.

#8 Posted by EarlessShrimp (1631 posts) -

Happened to me just the other day, except all my non-account bound stuff is gone (at least I still have a staff of herding...). Just submit a ticket, wait, and have your account restored. also GET AN AUTHENTICATOR. This is a life lesson. Hope all goes well! :3

#9 Posted by ajamafalous (11802 posts) -
@RedRavN said:

@ajamafalous:

Considering that I've never had this happen in any other game, including multiple MMOs pretty much logically concludes that blizzards IT department has failed to some extent. There are multiple posts on every diablo forum about people being compromised. I never had a problem even having played diablo 2 for years and even wow. Care to explain why Blizzard is the only company that sells authenticators to everyone? Maybe because they are they have the most users.

My original point was that the OP should get an authenticator if they really want to prevent a compromised account and that Blizzard should also be investing into security and working to fix the problem. Or they should just lay off their entire IT department and continue to blame end users for the widespread account issues.

They can't prevent you from getting a keylogger. There is literally nothing on their end they can do to prevent that. The thing they can do is provide an authenticator (free of charge if you have a smartphone) so that every time you go to log in it asks you for a generated code, thereby preventing someone from being able to access your account solely from a username and password that they keylogged or phished from you. If you have a problem with the way Blizzard handles this then you should by extension have a problem with the way every other service secures accounts (probably even moreso, considering that most other services don't offer authenticators).
#10 Posted by Robo (770 posts) -

I'm not normally one to jump to the defense of a company, but people are being a little too quick to grab the pitchforks and torches calling for Blizzard blood and too slow to accept personal responsibility for the security (or lack thereof) of their account.

@RedRavN said:

@ajamafalous:

Considering that I've never had this happen in any other game, including multiple MMOs pretty much logically concludes that blizzards IT department has failed to some extent. There are multiple posts on every diablo forum about people being compromised. I never had a problem even having played diablo 2 for years and even wow. Care to explain why Blizzard is the only company that sells authenticators to everyone? Maybe because they are they have the most users.

My original point was that the OP should get an authenticator if they really want to prevent a compromised account and that Blizzard should also be investing into security and working to fix the problem. Or they should just lay off their entire IT department and continue to blame end users for the widespread account issues.

Blizzard got the idea from Google, PayPal, and a few banking websites. They offer authenticators and free authenticator apps because Battle.net accounts are just as prime of targets now for this sort of thing. Especially with the D3 RMAH.

Your logical conclusion is based on an awful lot of assumption. You assume the folks doing the phishing had any interest in your account for any other MMO, WoW, or Diablo 2. More importantly, you assume that there is some sort of measure they can realistically take to prevent people simply being tricked into handing over their battle.net info (or info for another service that happens to be the same). In this case it's difficult to fault Blizzard. They do just about everything they can on their end to prevent this sort of thing (including offering an authenticator) short of being annoying to all the folks who haven't been compromised. When you consider their immense popularity and the massive database of credit card info they're sitting on it's pretty hard to claim their security isn't top notch.

The 'widespread' (again, an assumption) nature of this means nothing. If someone was clever enough to set up even a simple phishing scheme that worked, it wouldn't have been that difficult for them to automate the process and get it out to a very large pool of targets.

#11 Edited by Toxeia (728 posts) -

Guys, Blizzard's running those chinese gold sites. It makes sense, they already have your password!

@RedRavN: How many other MMOs were as big a deal to gold sellers though? WoW gold is big business. Look up the stories about the gold farms in China. Diablo's not going to be much better, but the RMAH is a step in the right direction - assuming people keep their account secure by 1) using a decent strength password 2) not using the same password for EVERYTHING, which I'm guilty of 3) using an authenticator, free or otherwise 4) protecting themselves from phishing scams and keyloggers.

I'm still keeping my fingers crossed on my account getting hacked. I want to know it's more than just people being lax about their computer security. Until there's a real confirmed case of someone having an authenticator when their account is compromised I can't believe that it's on Blizzard's end. Biggest crime Blizzard's guilty of is making you have your WoW and Diablo accounts tied and being vulnerable if anything was given out way back when.

#12 Posted by Jayesslee (105 posts) -

Shoot customer support an email, they should be able to roll you back.

#13 Posted by DrRandle (1202 posts) -

@RedRavN: Actually it does happen in other games. Quite often. I've seen it happen in Champions and City of Heroes. The problem is those games aren't as big so they're not targeted. Blizzard has the largest MMO base and it is the most targeted. They have not, as of yet to date, been compromised. You'll also note that the CE of FF12 (or was it 14? I don't pay attention to their numbers anymore) came with an Authenticator. Star Wars TOR also comes has a mobile authenticator that you can download for your phones. They did this because they saw Wow, and they saw that people always in their infinite arrogance and stupidity think they are safer than an entire company that rests millions if not billions of dollars on their security people being able to do their job better than anyone else.

#14 Posted by RedRavN (397 posts) -

It would be cool if Blizzard had an optional random "captcha" or something imbedded into the UI of the game. That seems like it would prevent people from logging in using your username and password because it would be random at each login so even if they did log the captcha they would not be able to use it to login. But like I said before, I'm no expert and maybe Blizzard is doing their best. My biggest issue is that I don't have a smartphone so I cant get a mobile authenticator to work. I dont really like the idea of having to buy a game and a seperate physical device just to have a secure account. I wish Blizzard would include optional secondary security options in the game that you could activate, or just make it impossible to transfer items and money to characters that are not owned by the same account.

But I get what you guys are saying. If there was a way to take responsibility for my security that was free I probably wouldn't be complaining.

#15 Posted by buft (3300 posts) -

@RedRavN said:

It would be cool if Blizzard had an optional random "captcha" or something imbedded into the UI of the game. That seems like it would prevent people from logging in using your username and password because it would be random at each login so even if they did log the captcha they would not be able to use it to login. But like I said before, I'm no expert and maybe Blizzard is doing their best. My biggest issue is that I don't have a smartphone so I cant get a mobile authenticator to work. I dont really like the idea of having to buy a game and a seperate physical device just to have a secure account. I wish Blizzard would include optional secondary security options in the game that you could activate, or just make it impossible to transfer items and money to characters that are not owned by the same account.

But I get what you guys are saying. If there was a way to take responsibility for my security that was free I probably wouldn't be complaining.

they have a telephone number you can call, not sure how capta would work unless all the people involved with stealing accounts cant read

#16 Posted by ajamafalous (11802 posts) -
@RedRavN said:

or just make it impossible to transfer items and money to characters that are not owned by the same account.

I hate to nitpick a single line in your post because you seem to have come around, but this line jumped out at me too harshly and I'm interested in your defense of it: in order to solve security issues you want them to eliminate all trading?
#17 Posted by IBurningStar (2160 posts) -

The fact that Blizzard even offers an authenticator makes Battle.net more secure than most services. They can't prevent users from falling into traps or mishandling their account info.

#18 Posted by DillonWerner (1522 posts) -

Submit a ticket yo, Blizzard will usually give you all of your goodies back.

#19 Posted by Cataphract1014 (1313 posts) -

You use my old avatar so I thought for some reason I made a post about getting hacked and didn't remember it.

#20 Edited by Mnemoidian (955 posts) -

@svxtc: Here's what you need to know (Blizzard's site about what to do, if you find your account compromised):

US: http://us.battle.net/en/security/help

EU: http://eu.battle.net/en/security/help

And, to make it less likely for it to happen again, if you have a smartphone (iOS, Android, Blackberry, Zune), you may want to consider picking up either:

US: https://us.battle.net/account/support/mobile-auth-download.html

EU: https://eu.battle.net/account/support/mobile-auth-download.html

(I think it's the same links, but included both to make sure)

There's also a keyring-authenticator available from Blizzard's store, if you don't have a smartphone:

US: http://us.blizzard.com/store/search.xml?q=authenticator

EU: http://eu.blizzard.com/store/search.xml?q=authenticator

Hope that helps!

#21 Posted by Bakumatsu (352 posts) -

What I don't understand is it seems to me that since Diablo III lauched, the Blizzards accounts are more easy to hack than with WOW. Also, Blizzard should make change the way you insert the password, with a virtual keybord and a security question or something. Think about it: You access your account by inserting a password with a virtual keybord and then have to answer a question that only you know the answer. That would get some protection barriers up.

#22 Posted by RedRavN (397 posts) -

@ajamafalous: Just to clarify, I meant have no trading either be optional or just for single player only. Since I play single player most of the time, I have no use for the trading system aside from the auction house. Clearly, most people would want trading to be enabled but it would be cool if the option was there for people to use. But since this game seems designed with multiplayer in mind I'm not sure if thats really on the table.

#23 Posted by CornBREDX (4752 posts) -

Based on all these hacking/compromised account reports I've been seeing- I've been wondering how many are people who were hacked on WoW well before and either never knew (I was hacked once on WoW when I wasn't even playing for several months) or never did anything about it. Since the login is the same, I suspect this may be the actual problem and not actually any compromise on Diablo 3 itself.

So what I recommend is if you played WoW once and haven't played in a while change your account info (password and/or UN) to something more secure before playing Diablo 3. If you don't feel bright enough to protect yourself (not being mean, not everyone is savy) get an authenticator.

Just my advice on that though.

Online
#24 Posted by fox01313 (5061 posts) -

Bet if you jot down when you played it last few times then contact customer support they can look up to see if someone else was playing on your acct at another time. Agreed with others on getting the authenticator as they're cheap & work on all blizz games.

#25 Posted by stinky (1543 posts) -

@Bakumatsu said:

What I don't understand is it seems to me that since Diablo III lauched, the Blizzards accounts are more easy to hack than with WOW.

its the same account. it therefore can not be more or less easily hacked.

#26 Posted by Bakumatsu (352 posts) -

@stinky: I know but what I mean is since Diablo's launch, the accounts seem easier to hack. I don't recall so many people saying their account got hacked when they were only playing wow.

#27 Posted by Leekspin (34 posts) -

@Bakumatsu said:

What I don't understand is it seems to me that since Diablo III lauched, the Blizzards accounts are more easy to hack than with WOW. Also, Blizzard should make change the way you insert the password, with a virtual keybord and a security question or something. Think about it: You access your account by inserting a password with a virtual keybord and then have to answer a question that only you know the answer. That would get some protection barriers up.

A virtual keyboard would only stop a physical key logger that is between the keyboard and the computer, a virus that logs keystrokes will still log a virtual keyboard

#28 Edited by EXTomar (4444 posts) -

Uh...Diablo 2 was one of the most hacked online games ever to grace a network where saying that Diablo 3 is more vulnerable is laughable.

#29 Edited by Pinworm45 (4088 posts) -

@Bakumatsu said:

@stinky: I know but what I mean is since Diablo's launch, the accounts seem easier to hack. I don't recall so many people saying their account got hacked when they were only playing wow.

Several reasons for this. One, it's a new game, and that means that lots of news sites are going to report this. It's going to seem larger than it is, because no news site is going to report "HOLY SHIT, 7 YEARS LATER SOME GUYS WOW ACCOUNT GOT STOLEN". It still happens, at the same pace, but it's old news. With Diablo 3, it's new news, even though it's the exact same account.

Also, people who steal accounts likely saved up. Why use their stolen accounts a month or two ago, when they can use them now and get not only WOW stuff, but Diablo 3 stuff? They saved them up so they could steal more quickly once Diablo 3 was released and get a head start.

And finally, you'll just see it more with a game like this. With an MMO, everyone is bitching about every class being overpowered, content, etc etc etc. With a story/co op only campaign game like this, there's going to be less things being discussed, and thus account thefts stand out more.

#30 Posted by ioftd (5 posts) -

My account got hacked sometime last night. The only computer I've played from is at my work, which is behind a couple firewalls and all the antivirus and malware software I have says the computer is clean. I'm almost certain that I didn't get phished, at least not for my battle.net account, which has a unique password and was newly created two weeks ago. I really don't think that someone hacked or phished my email, and out off all the passwords and credit card numbers and whatever else valuable info I'm sure is buried in there, they chose to hack my diablo account and take maybe 200,000 gold's worth of items.

I won't say im sure that it's on Blizzard's end, but I try to take my online security seriously, and I have a hard time believing that I somehow gave away the password in the last couple weeks...

What makes it worse is that I contacted blizzard to notify them and have my account get rolled back and I got a reply saying "You didn't get hacked so we didn't do anything". ummm...

I suppose I'll get the authenticator app once my account (hopefully) gets restored, but first time I've heard about such a thing is when I search the forums AFTER I've been hacked and lots of people saying OF COURSE I should have had an authenticator. If its that important, they should make a bigger deal out of using it during the install or the first login or something.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.