Hmm I haven't played for two days so hopefully I'm not at risk but I have a feeling this is a server side glitch more than anything. Why do so many people think it's a hack,..?

@Pinworm45 said:

@JoeyRavn said:

@Pinworm45 said:

I'm not convinced that this is a "hack" but is rather simple phishing, such as the WoW emails I get 20 of each day, that people got hit by, but the phishers saved them for D3. I mean, instead of stealing your account a month ago, they waited until now.

Makes more sense to me than an account stealing virus in the first week. But who knows.

This has already been discussed. Do you really think that ALL these people have been victims of phising? At the same time? Even an Eurogamer editor? It's no virus either: it's obviously on the part of Blizzard, not the user, probably because people have been able to somehow get into the authentication system.

The timing is completely irrelevant, there's nothing to stop phishers from having phished a long time ago and saved all the account info until now. In fact, this is evidence in favor of it - What's more likely, tons of accounts that were phished over the course of a year (we already know this happens, WoW is notorious for having accounts stolen, even from the techsavvy and people smart enough not to open those emails), and they were saved until now, when they can be used on Diablo 3 quickly and easily before blizzard can react, or, a group of people came up with a way to get into accounts within a week of release, and then somehow managed to get into thousands of accounts within that time frame?

It's absolutely a viable answer. It may not be THE answer, but it could easily be

Except phishing does nothing to explain people with authenticators getting their accounts hacked.

@Lagaroth said:

@Pinworm45 said:

@JoeyRavn said:

@Pinworm45 said:

I'm not convinced that this is a "hack" but is rather simple phishing, such as the WoW emails I get 20 of each day, that people got hit by, but the phishers saved them for D3. I mean, instead of stealing your account a month ago, they waited until now.

Makes more sense to me than an account stealing virus in the first week. But who knows.

This has already been discussed. Do you really think that ALL these people have been victims of phising? At the same time? Even an Eurogamer editor? It's no virus either: it's obviously on the part of Blizzard, not the user, probably because people have been able to somehow get into the authentication system.

The timing is completely irrelevant, there's nothing to stop phishers from having phished a long time ago and saved all the account info until now. In fact, this is evidence in favor of it - What's more likely, tons of accounts that were phished over the course of a year (we already know this happens, WoW is notorious for having accounts stolen, even from the techsavvy and people smart enough not to open those emails), and they were saved until now, when they can be used on Diablo 3 quickly and easily before blizzard can react, or, a group of people came up with a way to get into accounts within a week of release, and then somehow managed to get into thousands of accounts within that time frame?

It's absolutely a viable answer. It may not be THE answer, but it could easily be

Except phishing does nothing to explain people with authenticators getting their accounts hacked.

Ah okay, I read all the posts earlier in the thread going on about how everyone needs an authenticator and assumed no one with an authenticator was hit. In that case, yes, I'm wrong.

@Pinworm45 said:

@JoeyRavn said:

@Pinworm45 said:

I'm not convinced that this is a "hack" but is rather simple phishing, such as the WoW emails I get 20 of each day, that people got hit by, but the phishers saved them for D3. I mean, instead of stealing your account a month ago, they waited until now.

Makes more sense to me than an account stealing virus in the first week. But who knows.

This has already been discussed. Do you really think that ALL these people have been victims of phising? At the same time? Even an Eurogamer editor? It's no virus either: it's obviously on the part of Blizzard, not the user, probably because people have been able to somehow get into the authentication system.

The timing is completely irrelevant, there's nothing to stop phishers from having phished a long time ago and saved all the account info until now. In fact, this is evidence in favor of it - What's more likely, tons of accounts that were phished over the course of a year (we already know this happens, WoW is notorious for having accounts stolen, even from the techsavvy and people smart enough not to open those emails), and they were saved until now, when they can be used on Diablo 3 quickly and easily before blizzard can react, or, a group of people came up with a way to get into accounts within a week of release, and then somehow managed to get into thousands of accounts within that time frame, while still keeping the method low-key enough for no one to know what it is yet?

It's absolutely a viable answer. It may not be THE answer, but it could easily be

We're talking about a game that came out 6 days ago, not 8 years ago. Many, if not most, of the people affected by this did not play the beta or WoW, so their accounts were freshly new. And even if they had played WoW, their characters have not been touched. Evidence seems to point at this being a Diablo III-specific problem. If the whole Battle.net account had been compromised or could be accessed at will, not just while the game is running and the session is logged on, they could have targeted a more substantial reward, i.e. a WoW account.

Is it a viable answer? Maybe. But the massive phishing explanation is far more complicated and less grounded in reality than a simple exploit, which, given what we know, seems to be the correct answer.

@endless_void said:

Hmm I haven't played for two days so hopefully I'm not at risk but I have a feeling this is a server side glitch more than anything. Why do so many people think it's a hack,..?

When we say "hack" we mean "exploit", really. It's likely that the people behind this were able to exploit a flaw in Blizzard's security, but not really created an actual program to hack the game. Besides, when I created this post some hours ago, people didn't really have much of an idea of what was happening. The exploit scenario is the most likely now.

I can only imagine a bunch of sleeve-rolled-up Blizzard programmers frantically trying to plug whatever hole there is in their system.

@JoeyRavn said:

@Pinworm45 said:

@JoeyRavn said:

@Pinworm45 said:

I'm not convinced that this is a "hack" but is rather simple phishing, such as the WoW emails I get 20 of each day, that people got hit by, but the phishers saved them for D3. I mean, instead of stealing your account a month ago, they waited until now.

Makes more sense to me than an account stealing virus in the first week. But who knows.

This has already been discussed. Do you really think that ALL these people have been victims of phising? At the same time? Even an Eurogamer editor? It's no virus either: it's obviously on the part of Blizzard, not the user, probably because people have been able to somehow get into the authentication system.

The timing is completely irrelevant, there's nothing to stop phishers from having phished a long time ago and saved all the account info until now. In fact, this is evidence in favor of it - What's more likely, tons of accounts that were phished over the course of a year (we already know this happens, WoW is notorious for having accounts stolen, even from the techsavvy and people smart enough not to open those emails), and they were saved until now, when they can be used on Diablo 3 quickly and easily before blizzard can react, or, a group of people came up with a way to get into accounts within a week of release, and then somehow managed to get into thousands of accounts within that time frame, while still keeping the method low-key enough for no one to know what it is yet?

It's absolutely a viable answer. It may not be THE answer, but it could easily be

We're talking about a game that came out 6 days ago, not 8 years ago. Many, if not most, of the people affected by this did not play the beta or WoW, so their accounts were freshly new. And even if they had played WoW, their characters have not been touched. Evidence seems to point at this being a Diablo III-specific problem. If the whole Battle.net account had been compromised or could be accessed at will, not just while the game is running and the session is logged on, they could have targeted a more substantial reward, i.e. a WoW account.

Is it a viable answer? Maybe. But the massive phishing explanation is far more complicated and less grounded in reality than a simple exploit, which, given what we know, seems to be the correct answer.

Yeah I already realized I'm wrong, especially since people with authenticaters were apparently hit.

I still stand by my thoughts that the various groups that phish wow accounts probably saved them up until D3 hit so they could fuck around with that though. I gaurantee that happened, even though that's probably completely unrelated to this.

So apparently a virus on the diablowiki website has caused this? This is what I've read on numerous forums, not sure if it's bs though.

It seems more likely to be connected to public games though.

There is a post on reddit about this. It appears that everyone that has been hacked as been playing in public games.

It is unconfirmed, but I would avoid public games until it is fixed.

I just wanna play! I had to leave on the 17th for two weeks with no laptop that can play the game! aljfhalkjfd

Oh the delicious, delicious irony.

@familyphotoshoot: Its like rain on your wedding day.

Or perhaps a free ride when you are already late.

@Cataphract1014: Actually it's more like you paying Blizzard $60 to shit in your mouth.

@Aelric: This doesn't sound in game related then, I'd check your comp for a key logger or something.

@Bobby_The_Great said:

That's why I have an Authenticator on my account.

Mhm, at least have the mobile authenticator, it's free.

@Irvandus: People with authenticators are being hit. This has nothing to do with passwords or phishing -- there's an exploit that takes advantage of session IDs allowing hijacking of accounts.

Man, Im glad i didn't buy this peace of shit.

Whoa. This is crazy, weird how not all the major sites are reporting the fuck out of this...especially right on the heels of that disaster launch and how huge this game is. Glad I havent been playing public games

My client is acting wierdly right now. Booting me. Crapping out my Firefox browser. Just hoping no malicious interwebs dark magic user goes and fucks with my Demon Hunter. That'd be a bummer.

How has Blizzard not said anything about this yet? I'm nervous to play Diablo III once I get home tomorrow, as I don't want my 30+ hours of progress just vanishing. I've seen plenty of reports of people with authenticators getting hacked, too, so I'm not really sure what can be done right now other than wait.

There's been six seven horus since they promised their CMs would "soon" make a statement in the US general D3 discussion forum. Makes me think this is

1) a huge exploit they can't simply shut the servers down for (mega-global reroll to Saturday would be the best case, but their character backups don't work that way)

2) a problem because they're a traded company, wouldn't want this to tarnish their image

Few things:

- Vivendi (Blizzard's owners) were the ones who bought Activision, not the other way around. People often think that way.

- Diablo 2 account fuckery (because that's what it was, forcing your way into other peoples private parts) was very easy, and took years until it was discovered and taken care of

- People experienced massive desyncs in anything from achievements to active loot to temporary "you got disconnected" rollbacks removing equipment they had from the last time they were saved since before this

- Torchlight 2 is freaking awesome, fast action, and it doesn't look like a blurry muddy mess though still admittedly bright and colourful cartoony and fluffy. Highly recommended if you want a reason to roll more than one of each character class ever, and if what you want is more of the Diablo 2 kind of gaming. They're Blizzard North's greatest after all.

This problem probably wont exist with Torchlight II.

Good thing you guys caught this before the real money trading started.

Last time I buy anything from Blizzard.

@RadixNegative2 said:

Last time I buy anything from Blizzard.

Agreed. This bridge is burnt down.

Come on, Runic!

Blizzard took eight nine hours to do it but they posted something about it.
 
http://us.battle.net/d3/en/forum/topic/5149619846
 
And it has nothing to do with the business at hand of public IDs being nabbed, bypassing authenticators and passwords, but directing you to the page you go to when you believe your account has been compromised, which is hasn't if it's gotten hit by this.
 
1) The hacker takes your session ID and hijacks it
2) You get booted out from logging out from another place
3) The hacker takes the character you were on, because that's what they've got access to into a muling game and dumps all the goods, sometimes they don't bother going to act1 new tristram for it for the sake of the mule lv1s
4) By this time you've probably received an alert from Blizzard, changed your password and prepared to log on again
5) Your character is naked, your friends wonder wtf happened
 
Blizzard cannot find any proof of a compromised account because they were never on your account. What they can do is to roll you back. Something which for many, has taken them back to last Tuesday.
 
 

F-

well im glad i haven't joined any public games (or any games for that matter) but still pretty scary shit. i will have to keep an eye my character 

It really took them eight hours to come up with that? I could have written that PR response in 5 minutes. 
 
Edit: Oh, for added hillarity. Battle.net passwords aren't case sensitive. I know brute force hacking is no where near as big a threat as keyloggers/phishing, but it is still adding fuel to the fire of the hate train.

@Lagaroth: Yeah, seriously. What a lame response.

@SomeJerk said:

http://us.battle.net/d3/en/forum/topic/5149619846

And it has nothing to do with the business at hand of public IDs being nabbed, bypassing authenticators and passwords, but directing you to the page you go to when you believe your account has been compromised, which is hasn't if it's gotten hit by this.

That's pretty shitty. I dunno if it's OK to play the game or not, mostly because I don't know exactly what the hell's going on. Some folks are talking about session IDs, others talking about bugs, others still are talking about keyloggers.

https://us.battle.net/d3/en/forum/topic/5149619846

It's practically an advertisement for the authenticator...which is funny because people with it are still having the same issues.

This is an unfortunate issue. I've been loving the game and it sucks that scumbags out there have to ruin it for everyone else. Also it's pretty shitty that the anti Blizzard/Diablo crowd is almost gleeful about this because of the whole "always online" thing. You people are just as bad.

I started playing again little earlier today and just got disconnected twice in a row. Both times I logged back in to see if I had lost anything, but I hadn't. I'm kind of paranoid to play now though until people figure out what's going on.

Just played a 2 hour session with some people on my friends list. No issues at all and they haven't had any either. I'm really curious just how many people have actually gotten hacked. This is the internet so naturally things are exaggerated.

Regardless Blizzard needs to be providing constant updates. Even if there isn't a fix in sight just yet, they need to tell their customers SOMETHING. Can't just leave them hanging like that.

That blue post says absolutely nothing. Terrible move by Blizzard. All this does is put the blame on the users and further fuel posts like this one:

Posted by TuroviK
lol @ ppl who blamed Blizzard.

Nothing's wrong with Blizzard! Let the circlejerk continue!

@whyareyoucrouchingspock said:

This problem probably wont exist with Torchlight II.

Insightful as always.

We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.

If your account has been hacked, please view the previous post for information on contacting our support department.

http://us.battle.net/d3/en/forum/topic/5149619846?page=29#571

Alright, I think I'll go play some Diablo 3 now.

edit: Server maintenance! CURSES!!!

@Dagbiker said:

Man, Im glad i didn't buy this peace of shit.

same here, man. fuck activision-blizzard!

@JoeyRavn: Is it circle jerking if it is true?

@TentPole: Based on many users' group mentality of "if you got hacked it's because you tried to cheat, you stupid fuck", yes, it's pretty much circle jerking. Of course, it can be all a spoof to get more clicks created by Eurogamer, but given the circumstances, plainly refusing to even admit that all this sounds extremely suspicious is retarded.

@JoeyRavn: This game has enough real issues to harp on I don't know why you have to cling to this bullshit.

@TentPole: It's not that I'm "clinging to this bullshit". I'm giving the benefit of the doubt to both parties. I see no reason why so many users at the same time (including a Eurogamer editor) would claim their accounts have been accessed without them knowing if it wasn't true, knowing that Blizzard can easily detect if they tried to cheat. And, again, why is it that WoW accounts had not been touched if there was some sort of phising involved? Battle.net accounts cover both games, not just Diablo 3, and I'm pretty sure that WoW is a bigger market than D3.

Now, what really bothers me is the blind fanboyism and completely douchery of many users in the D3 community. Instead of accepting that something may have been wrong on Blizzard's part, they actually attack the users whose accounts have been compromised and dismiss anything that doesn't make them look guilty of trying to cheat or exploit the game. You know, typical Internet stuff.

I just changed my pass to be sure, i have an authenticator but not taking any risks. If they can acces my D3 account, they can access my SCII and WoW accounts too :(

@JoeyRavn said:

@TentPole: It's not that I'm "clinging to this bullshit". I'm giving the benefit of the doubt to both parties. I see no reason why so many users at the same time (including a Eurogamer editor) would claim their accounts have been accessed without them knowing if it wasn't true, knowing that Blizzard can easily detect if they tried to cheat. And, again, why is it that WoW accounts had not been touched if there was some sort of phising involved? Battle.net accounts cover both games, not just Diablo 3, and I'm pretty sure that WoW is a bigger market than D3.

Now, what really bothers me is the blind fanboyism and completely douchery of many users in the D3 community. Instead of accepting that something may have been wrong on Blizzard's part, they actually attack the users' whose accounts have been compromised and dismiss anything that doesn't make them look guilty of trying to cheat or exploit the game. You know, typical Internet stuff.

With the Real Money Auction House, you'd think Diablo 3 would be a higher priority target than WoW. Stealing gold and items from users to then sell them later on for real money on the official RMAH is a reasonable motive.

This thing is a train wreck. and its great, I mean not for the people that got hacked, But in a sense that it never stops.

Fucking Hell, 8 hour maintence now, from 1am to 9am. I think I picked the wrong game to play with me working the graveyard shift and having mon-tues nights off, this is getting to be a common occurence although 8 friggin hours is a bit much.

Things have been really screwy with D3 lately though and this 8 hour maintenence right around the time of all these hacked account reports are unlikely coincidental. Bah, I just wanted to level my DH :(

Asking questions like "Are you sure you setup your side correctly?" is not automatically an attack or a defense of Blizzard. If you have played MMOs for any length of time, there is something familiar about these "reports". A common element seems to be someone thought they were secured but actually messed up and exposed their accounts their accounts months or years ago. These guys build up a giant list of compromised accounts where they actually favor inactive or lightly used accounts then spring on them en mass right at major events so it seems like a systemic problem.

I still wonder about the veracity of the claims. I have multiple game feeds in my reader, several who are MMO and multiplayer only, and none of them have had these problems. The only mentions are coming from "blue trackers" on sites like MMO-Champion.com which was also mentioned that Hardcore Hell has been cleared.

@EXTomar said:

A common element seems to be someone thought they were secured but actually messed up and exposed their accounts their accounts months or years ago. These guys build up a giant list of compromised accounts where they actually favor inactive or lightly used accounts then spring on them en mass right at major events so it seems like a systemic problem.

Wow, as logical and blatantly obvious that it seems, I hadn't thought about that until just now.

While people's accounts getting hacked is no joke, Blizzard games are probably the number one target for hackers. Of course you're going to see more people getting their accounts compromised in the grand scheme of things. Torchlight 2 isn't going to have these problems because hackers don't care about Torchlight.

With the real money AH coming, the game will be the prime target for anyone trying to make a quick buck.  Going to be a mess and we'll probably see stuff like this for a long time.  Blizz don't know what kind of shit storm they will be starting but I'll be having fun reading about it.

I checked my character this morning, everything was fine.

Then I checked out the auction house, closed the game and went to work. This was the first time I had been on the AH.

Came home just now, all but a handful of items have gone and my character is naked. I also have a friend called Dinwiddi. I haven't played multiplayer at all.

EDIT: I just got a response to my support ticket. I found it quite hilarious. I'll spoiler block it because it's quite long, but I'll summarise afterwards:

So it's apparently MY fault I was hacked. Despite never playing in a public game, using a unique to battle.net password and an authenticator, it's my fault.

EDIT 2: Because I just can't help myself, here's my response to their "answer."

I find your response unacceptable. It reads like my account hack was somehow my fault.

Let me be clear. The password I used was unique to battle.net and indeed still is. My account was not compromised as I was still able to access it. I don't want a "limited restoration," I want my account back the way it was this morning when I hadn't lost all my stuff, as well as a promise that this issue is being looked into seriously. I find it unacceptable that you are placing the blame onto myself and other users for what is clearly a widespread issue. If anything this highlights the need for, at least, a complete offline play option so that characters/accounts that have not and will never be played online with others won't be affected by this.

I just cancelled my order for this game because I don't feel like dealing with this kind of bullshit. Blizzard had plenty of time to clean out the bugs and issues but I guess money and greed got to them first.

@dekkadekkadekka: You used an authenticator and never played in any public games yet you got compromised? This is not good. Kind of glad I purchased Max Payne 3 instead of this at launch. I hope this get sorted out for you and all affected users. I will buy Diablo 3 soon enough, but not at this state.