awesome... all gold is gone and my best gems too from my stash. Also 4 legendary items from my stash. so much for my witch doctor character.

have an authenticator?

I don't believe in using an authenticator.

Quick I'll write a GUI interface in Visual Basic to trace his IP!

@TentPole said:

I don't believe in using an authenticator.

O kay then your begging to be hacked

@BD_Mr_Bubbles said:

@TentPole said:

I don't believe in using an authenticator.

O kay then your begging to be hacked

I like the danger. It gets me hot.

@TentPole said:

@BD_Mr_Bubbles said:

@TentPole said:

I don't believe in using an authenticator.

O kay then your begging to be hacked

I like the danger. It gets me hot.

lmfao *not the band*

@BD_Mr_Bubbles: paying $6.50 to "help prevent" hacking seems kind of dumb, also I can't really ban this MightyMouse (alex) guy at all. The worst I can do is report him for inappropriate tag. goodbye Diablo 3, welcome back Mass Effect 3 I guess. Crap ...

@TheWan said:

@BD_Mr_Bubbles: paying $6.50 to "help prevent" hacking seems kind of dumb, also I can't really ban this MightyMouse (alex) guy at all. The worst I can do is report him for inappropriate tag. goodbye Diablo 3, welcome back Mass Effect 3 I guess. Crap ...

seems like a bit of an overreaction. shit happens.

"Hacking" is you visiting shitty sites and getting a keylogger on your computer, or following a link in a phising email. To avoid this, use an authenticator. It's impossible to be "hacked" with one.

@TheWan: First and foremost, contact Blizzard support to rollback your character. You'll lose some progress, but that's better than losing everything, right?

Next, get the authenticator. You can get one for free for your smartphone. If that's not an option, there's one for Windows, called WinAuth. I bet you can get it to run on other systems as well.

I just downloaded the iphone authenticator. It seems to work at least. (here's hoping from now on). I didn't lose all of my equipped gear. I give the hacker/gold farmer props on just taking my money and a few gems.

@dr_mantas said:

Quick I'll write a GUI interface in Visual Basic to trace his IP!

@TentPole said:

@BD_Mr_Bubbles said:

@TentPole said:

I don't believe in using an authenticator.

O kay then your begging to be hacked

I like the danger. It gets me hot.

This thread is already far more exciting than any other D3 hack thread.

@TheWan said:

@BD_Mr_Bubbles: paying $6.50 to "help prevent" hacking seems kind of dumb, also I can't really ban this MightyMouse (alex) guy at all. The worst I can do is report him for inappropriate tag. goodbye Diablo 3, welcome back Mass Effect 3 I guess. Crap ...

Ah, so no authenticator. I hear ya, but it's not so much for preventing hacking as much as it's for keeping others out of your account when you've most likely already been "hacked" (read: virus/phished). Essentially it's a safety net.

Still waiting for the day I hear of someone with an autheticator get "hacked". Then I'll activate panic and freak out mode.

Can someone please explain this "you click a link and you're instantly hacked" logic? Last time I checked, you had to put in your information into a phishing site willingly.

I got hacked but it was fixed and rollbacked in literally 2 hours.

It was very stupid of me not to use an authenticator to be honest, since they are free for phones anyway.

@valrog: BECAUSE THE INTERNET IS EEEEEEEEEVIL!!!!!!!!!!!!!

I'm getting seriously paranoid that I'll be next. I don't even have anything good I swear.

@valrog: I've seen some VERY convincing phishing emails that would have fooled about 50% of people regarding my b.net account. To the point that the only tip-off it wasn't legit was it came to an email not associated with my account. There are many ways "hackers" get your login info though, it doesn't have to be you blindly entering your password on a direct phishing scam. Keyloggers are still very common, and some may be "in the wild" for a few days before AV software picks them up, and you might get one of these from something as innocuous as downloading a mod for wow, clicking on an email with a poorly secured email client etc.

More importantly, people are pretty much idiots when it comes to password security. Using the same login info across multiple sites, forums, and accounts is very very common, though almost no one wants to admit to it. If you use the same login info on a random D3 forum, they know you have D3, and if that forum has mediocre security (lets face it, these places aren't paying a ton for securing their free BBS), its only a matter of time before someone gets their hands on your info. Password guessing schemes are much more efficient at weeding out shitty passwords than most people think. There are very complex algorithms and very sophisticated methods of generating a probable list of passwords that is much much smaller than guessing every random ascii possibility in a given range. Building strong passwords without references to real names, places, or even any real words helps keep you more secure, but no password is invincible.

The real thing to remember is there is real, nearly untraceable money being made off this scheme. No one is going to sue for lost D3 shit(value of maybe 15 bucks per account?), and if they did finding who to go after is basically impossible. Bank passwords, credit account info etc is all trackable and leaves a money trail and eventually they get busted, and even that can take a very very long time. With video game gold, they get in, steal the stuff, sell the gold, and get out. By the time anything is done they've sold your gold to a third party (thank the gold buyers for making this lucrative) and have their money, blizz shuts down the account, they make a tidy profit. *If* blizzard decides to take away the purchased gold from the third party they can file a credit card dispute, which may or may not work, that's the only risk in the whole plan. Any time there's real money involved in something, someone somewhere is going to find a way to get the most profit in the least time, and that includes password theft and stealing virtual items. There's plenty of money in that industry to make the time spent finding the passwords weeelllll worth it for many people around the world.

All this can be avoided with a physical authenticator (which has been confirmed blizzard is selling those items *at cost*, manufacturer says they should be about 30 bucks retail) for 7 bucks. Alternatively like this guy, smart phone authenticator is 100% free, and works very well, and either one will stop virtually ALL compromised password type "hacks".

An authenticator won't project you from this hijacking that only coin-lock can prevent and re-written code can track the culprits of, but it's still a very good idea to have one because smaller more specific ad providers still haven't got their shit together when it comes to singling out providers with bad security that can get trojans or whatev snuck into rotation.

So you got hacked and the first thing you did was post about it on Giant Bomb? If you were on fire, would you also tweet about it first?

I love my password... its just... so impossible to break. random 12 Letters and 4 random numbers with randomly allocated caps!

@TheWan: Contact blizzard support on the battlenet site. They can roll back your account and give you everything back.

This thread title is becoming increasingly inaccurate. I with TentPole on this one. As with unprotected sex, I love the thrill it adds to the adventuring life.

I love my password... its just... so impossible to break. random 12 Letters and 4 random numbers with randomly allocated caps!

@gamefreak9 said:

I love my password... its just... so impossible to break. random 12 Letters and 4 random numbers with randomly allocated caps!

@gamefreak9: I don't believe that battle.net passwords are case sensitive. Still a random password cant hurt.

@Ravenlight:

"Man this fire is hot. Burning to death really hurts. Can anyone send some help? #fire #hothot #911plz"

@ObiKwiet: i'm pretty sure they are case sensitive.

@WinterSnowblind:

That comic is extremely misleading btw. It is compeltely incorrect on the math involved. No one should be using it to make a point ever.

It wouldn't matter if the math was just a tad shitty, but it's shitty enough to produce a completely reverse conclusion of the security of those 2 types of passwords.

@Ravenlight said:

So you got hacked and the first thing you did was post about it on Giant Bomb? If you were on fire, would you also tweet about it first?

You would get retweeted a whole fucking lot, to be fair.

@gamefreak9 said:

@ObiKwiet: i'm pretty sure they are case sensitive.

That is incorrect. Battle.net passwords are not case sensitive. Try it yourself.

@BD_Mr_Bubbles said:

@TentPole said:

I don't believe in using an authenticator.

O kay then your begging to be hacked

Strong password + aversion to clicking BritneySpearsNaked.avi.exe links and you'll be fine.

@Ravenlight: first I'd call 911, then send out a tweet, maybe a facebook status update as well.

@WinterSnowblind said:

@gamefreak9 said:

I love my password... its just... so impossible to break. random 12 Letters and 4 random numbers with randomly allocated caps!

XKCD is great, but if you want to know how stuff works you should check out https://www.grc.com/haystack.htm and listen to the audio like halfway down the page. Then you'll think that maybe using four dictionary words isn't such a great idea.

@TheWan said:

I just downloaded the iphone authenticator. It seems to work at least. (here's hoping from now on). I didn't lose all of my equipped gear. I give the hacker/gold farmer props on just taking my money and a few gems.

/facepalm

you had a smartphone and didn't get the authenticator? well, at least you can get a rollback. call Blizzard, you'll get a rollback within an hour, then use the authenticator. no more hacking.

@Sooty: What's with this new .avi thing? I'm stuck using .rm here.

@Addfwyn said:

@Ravenlight:

"Man this fire is hot. Burning to death really hurts. Can anyone send some help? #fire #hothot #911plz"

Wouldn't it be "Got lit on fire 45 seconds ago. Traveling up pants. Scared for my junk. #fire #hothot #911plz #burninginpants "

@TheWan: A) recovery is a pretty standard, quick simple process. get on it and get your stuff back.

B) don't want to get hacked? use an authenticator.

@Sooty said:

@BD_Mr_Bubbles said:

@TentPole said:

I don't believe in using an authenticator.

O kay then your begging to be hacked

Strong password + aversion to clicking BritneySpearsNaked.avi.exe links and you'll be fine.

If you are using a unique password, and then the e-mail that your account is tied to is also using a unique strong password, and that e-mail service also has great security, then yes maybe you're secure.

If your strong Bnet password is used in other places online (same for associated email password), security goes out the window. No phishing or clicking on shady links necessary.

It's far easier to simply get a strong password from some other weak security system (and then store it for when it's best to use it like for example a D3 release) then actually trying to break a strong password.

@Tennmuerti said:

@Sooty said:

@BD_Mr_Bubbles said:

@TentPole said:

I don't believe in using an authenticator.

O kay then your begging to be hacked

Strong password + aversion to clicking BritneySpearsNaked.avi.exe links and you'll be fine.

If you are using a unique password, and then the e-mail that your account is tied to is also using a unique strong password, and that e-mail service also has great security, then yes maybe you're secure.

If your strong Bnet password is used in other places online (same for associated email password), security goes out the window. No phishing or clicking on shady links necessary.

It's far easier to simply get a strong password from some other weak security system (and then store it for when it's best to use it like for example a D3 release) then actually trying to break a strong password.

I use strong individual passwords for important/valuable things to me, like Steam, Battle.net, Email and then strong but not as strong passwords for everything else. (so stuff like Reddit and random forums usually use the same password)

@Sooty said:

I use strong individual passwords for important/valuable things to me, like Steam, Battle.net, Email and then strong but not as strong passwords for everything else. (so stuff like Reddit and random forums usually use the same password)

Well done. /nod

Most poeple don't.

I've had online game accounts with Blizzard for six years and I've never had any account security problems. I attribute it to a) Safe browsing habits b) Decent passwords c) Common sense. Don't share your info with anyone for any reason. Ever. d) I got an authenticator as soon as they were selling them. $6.50 to protect my time, and money, investments across multiple games for many years is easily worth it.

Also, did you know you can setup your battle.net account to text you if someone starts dicking around on it? I didn't for the longest time, but as soon as I found out you could I enabled it for yet another layer of security.

@Tennmuerti said:

@Sooty said:

I use strong individual passwords for important/valuable things to me, like Steam, Battle.net, Email and then strong but not as strong passwords for everything else. (so stuff like Reddit and random forums usually use the same password)

Well done. /nod

Most poeple don't.

I didn't either really, I kinda did, I never had stupidly simple passwords but only in the last year did I start using individual ones and numbers with mixes of lower and upper case.

I did use authenticators before but the Google method is kinda clumsy and when my phone died I had to go through a bit of hassle with Blizzard and to a lesser extent Google.

My parents on the other hand...it's like teaching an elephant to weigh only 10lbs.

So you got hacked and the first thing you did was post about it on Giant Bomb? If you were on fire, would you also tweet about it first?

Dude that sucks. Hackers are trash.

@JeanLuc said:

I'm getting seriously paranoid that I'll be next. I don't even have anything good I swear.

Let me be the judge of that.

Glad I missed out on Diablo 3. This hacking stuff is getting crazier each day.

I think this is what we get for assigning value to non-valuables. Very strange when I think about it.

D3 started out nice for me, but boy around the end of ActII, the story, of all things, is actively getting in the way of an item hunt with no decent items.

I think the game is too tied to the AH, but we really should have seen that coming.

Get the mobile app authenticator, it's free.

@Tennmuerti said:

@Sooty said:

I use strong individual passwords for important/valuable things to me, like Steam, Battle.net, Email and then strong but not as strong passwords for everything else. (so stuff like Reddit and random forums usually use the same password)

Well done. /nod

Most poeple don't.

This. Definitely.

for forums etc my passwords are simpler, I just want to log on. For steam, battle.net etc they're strange hieroglyphic type things I usually change every few months.

Plus I watch porn on a separate computer. My dirty computer.