So all the items in my stash have disappeared...

#1 Posted by deputybrown (3 posts) -

I log on today after yesterdays long ass patch problem and go to check on my stash to see what i can sell on the auction house and well to my "suprise" (sarcasm) everything on my character and in my stash is gone. lol the only thing that stayed in the inventory of my character were a couple of potions and some crafting mats.

Now my question is has this happened to any of you or am I just lucky? I was with someone yesterday who experienced this.

#2 Posted by murisan (1119 posts) -

Do you use an authenticator?

#3 Posted by IAmNotBatman (615 posts) -

@murisan said:

Do you use an authenticator?

#4 Posted by Leekspin (34 posts) -

@murisan: I doubt it or he wouldn't have lost his stash

#5 Posted by DeeGee (2098 posts) -

I am always struck by how nice these people are. They steal all your stuff and your money and just leave?

If I was in the business of hacking Diablo 3 accounts, I'd delete your characters for that extra bit of dickishness. I guess that shows more about me then the hackers though.

#6 Posted by CaptainCody (1504 posts) -

@DeeGee said:

I am always struck by how nice these people are. They steal all your stuff and your money and just leave?

If I was in the business of hacking Diablo 3 accounts, I'd delete your characters for that extra bit of dickishness. I guess that shows more about me then the hackers though.

Well I imagine they can keep tabs on people they have hacked and just do it all over again at some point if you manage to get caught again.

#7 Posted by murisan (1119 posts) -

@deputybrown: Do you use an authenticator? If not, get one. There's an app for smartphones or you can get a physical one for some small amount of money. Seems necessary for Diablo 3.

#8 Posted by Cloudenvy (5890 posts) -

Stuff like this only happens if you play public games, right?

Guess I'm avoiding that forever.

#9 Posted by ReyGitano (2465 posts) -

@DeeGee said:

I am always struck by how nice these people are. They steal all your stuff and your money and just leave?

If I was in the business of hacking Diablo 3 accounts, I'd delete your characters for that extra bit of dickishness. I guess that shows more about me then the hackers though.

YOU FOOL. If you leave them at a high level you can always just come back later when they have more valuable stuff.

#10 Posted by Mnemoidian (947 posts) -

@Cloudenvy: According to Blizzard, that's just a rumor. All compromises so far have been by traditional means (phishing, trojans, using passwords on other sites that have been compromised, in addition to not using a mobile/keyring authenticator)

Random players appearing on players with comrpomised accounts are most likely the characters that said loot was transferred to.

If there was a correlation between public games and players getting hacked, Blizzard would very likely have disabled public games.

#11 Posted by Cloudenvy (5890 posts) -

@Mnemoidian: Of course they would say that. ; )

#12 Posted by SpunkyHePanda (1521 posts) -

Yep, happened to me this morning. It was my fault. I had heard all about the hackings and thought "Eh, I'll probably be fine." Set up the authenticator today and sent a request to have my account rolled back. I want my sick scholarly fez.

Online
#13 Posted by stinky (1545 posts) -

i got my WoW account hacked before. let me tell you how much of a dick they are about it (the hackers not blizzard.)

disenchanted all my items, took all my gold, raided my bank AND put an authenticator on my account preventing me from accessing it.

(was that last bit really necessary?)

my problem, and i'll be honest about it. i bought gold from a seller's website, reused a common password on their site. and i think this was a time when blizzard forced my account name to be my email address. thus the seller's then had all the info they needed. this was also months down the line from me buying gold.

#14 Posted by AlianthaBerries (142 posts) -

@stinky: You are the dick for buying gold, you add to the problem of hacking and the screwed economy. You deserved to be hacked.

#15 Posted by murisan (1119 posts) -

@Cloudenvy: No, really.. there's no issue if you use an authenticator. I think the issue is that people don't realize that Blizzard's account passwords ARE NOT CASE SENSITIVE. This means if you just make your password something like gIanTbOMb3958 normally on case sensitive sites.. it's relatively secure. Far more secure than with Blizzard's systems. I'm betting a lot of people are getting "cracked," not hacked.

#16 Edited by Cloudenvy (5890 posts) -

@murisan: I know it's dumb, but I just hate the idea of having to buy this extra thing to not have my account compromised. Yeah, everyone without an authenticator is not getting "hacked", but I really hate the idea that the solution to this is "Oh, buy this extra thing!".

#17 Posted by envane (1157 posts) -
anyone else killed jay yet ?
#18 Posted by murisan (1119 posts) -

@Cloudenvy: Do you have an Android or iPhone? There's an authenticator app for free.

#19 Posted by Cloudenvy (5890 posts) -

@murisan: I doooooooooooo not.

#20 Posted by Robo (749 posts) -

@Cloudenvy: Why would they lie about it?

The public game session hacking thing is bullshit concocted by people who just refuse to believe/admit they inadvertently handed over their info at some point (maybe even years ago), spread by folks who are quick to repost what they "heard" from some other equally misinformed individual. Blizzard hasn't just said they haven't heard of any cases of session hijacking, they've stated it's technically impossible.

About having to buy an authenticator,

First of all, for the 1,000,000,000th time in response to derisive comments about needing to buy one, you can get the free authenticator app if you're part of the probably 80%+ of people playing this game who have an iOS or Android device. I'm sure Blizz would love to mail out authenticators for free but most companies aren't really in the business of losing money. You're lucky they just sell them barely at cost instead of actually trying to cut a profit.

Secondly, the authenticator isn't your only option, it's just a very good one. You could just try to be more careful and secure. Start with a stronger password unique to battle.net, make sure your antivirus software is up to date and perhaps consider a scan (though it's probably not something as complex as a virus or keylogger), don't follow links from questionable emails or facebook/twitter posts, don't share your account with anyone, etc. If all else fails, get the authenticator.

If all that seems completely ridiculous, realize that Blizzard has had a massive target painted on them for years now. Battle.net accounts - and the items/currency one can collect in games attached to them - can be extremely valuable. Those looking to acquire your info are pretty crafty and experienced now. And D3's real money auction house only inflated that interest. Blizzard keeps shit pretty much locked down on their end, but they can't do much about users being victims of malicious scripting/software or tricked by well done phishing aside from restore their crap and make the same suggestions I just did.

#21 Posted by murisan (1119 posts) -

@Cloudenvy: Gotcha. Well, there's always Bluestacks. http://bluestacks.com/

It's a program that allows you to run Android apps on your PC. You can run the authenticator on your PC this way.

If none of the above, I recommend changing your password to a complex mix of letters, numbers, and punctuation. If you're dedicated to playing Diablo 3, just order the authenticator. Otherwise, be aware that your password is not case sensitive in Diablo 3. Make something very complex, write it down if you have to, and just play.

#22 Edited by Robo (749 posts) -

@murisan: There's also http://code.google.com/p/winauth/

Better than nothing.

Also, I forgot to mention the battle.net SMS protection service if you at least have a so-called "dumbphone." Basically they will text you and notify you of changes and suspicious login attempts/account changes. Also better than nothing.

#23 Posted by Mnemoidian (947 posts) -

@murisan: @Robo: Better than nothing, but not nearly the same level of security.

If your PC becomes compromised, whoever got your password may have access to your authenticator as well. There's a reason why Blizzard doesn't provide a "built in" authenticator into the client :P

Same thing for the SMS/dial up authenticator, lower level of security on those - Blizzard has been making a very clear distinction between the keyring/mobile authenticators and the SMS/Dialup service. They consider the former to be secure, they don't consider the latter to be (as you said, it's more a question of "*shurg*, It's better than nothing".)

And it really sucks that this is a discussion we need to have. About a game. Because people are buying gold.

#24 Posted by Cloudenvy (5890 posts) -

@Robo: You know I just said that as a reference to the Bombcast, right? Hence the winky smiley.

#25 Posted by deputybrown (3 posts) -

Ah super sorry for the late reply everyone.

So here's what has happened since then. I contacted Blizzards support online. It took a couple of days to get a response, but it seems they're pretty busy with similar problems from other people. Anyway, they offer a Roll Back for your character in cases like this, two to be exact, which allows you to get your items back, however everything you did after is lost. So make sure it's worth it.

They rolled mine back to right before I got this awesome wand for my Wizard on the AU so now I'm wand-less and missing a few good items I had found right before the poo hit the fan. I can't complain too much since I have my stash and inventory full again and they did it pretty fast. Everything is all good now. Lol however they don't really tell you when its fixed, at least for me they didn't. I was expecting an email or something, but just went on this morning couple days after I was asked if i wanted the roll back, to find everything fixed.

I now have an authenticator, which btw is a bitch to to get working, and changed my password so hopefully nothing like this will happen again and I hope this doesn't happen to any of you guys either. What a hassle!

p.s. thanks for the info and replies guys see you on Diablo!

#26 Posted by kimj0ngil (7 posts) -

@Robo: It's not at all bullshit, they can spoof your last game session, log in, rob the last character you played and your stash. That is why virtually every report from people with multiple characters are only reporting gear missing from a single character and their stash.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.