I log on today after yesterdays long ass patch problem and go to check on my stash to see what i can sell on the auction house and well to my "suprise" (sarcasm) everything on my character and in my stash is gone. lol the only thing that stayed in the inventory of my character were a couple of potions and some crafting mats.

Now my question is has this happened to any of you or am I just lucky? I was with someone yesterday who experienced this.

Do you use an authenticator?

@murisan said:

Do you use an authenticator?

@murisan: I doubt it or he wouldn't have lost his stash

I am always struck by how nice these people are. They steal all your stuff and your money and just leave?

If I was in the business of hacking Diablo 3 accounts, I'd delete your characters for that extra bit of dickishness. I guess that shows more about me then the hackers though.

@DeeGee said:

I am always struck by how nice these people are. They steal all your stuff and your money and just leave?

If I was in the business of hacking Diablo 3 accounts, I'd delete your characters for that extra bit of dickishness. I guess that shows more about me then the hackers though.

Well I imagine they can keep tabs on people they have hacked and just do it all over again at some point if you manage to get caught again.

@deputybrown: Do you use an authenticator? If not, get one. There's an app for smartphones or you can get a physical one for some small amount of money. Seems necessary for Diablo 3.

Stuff like this only happens if you play public games, right?

Guess I'm avoiding that forever.

@DeeGee said:

I am always struck by how nice these people are. They steal all your stuff and your money and just leave?

If I was in the business of hacking Diablo 3 accounts, I'd delete your characters for that extra bit of dickishness. I guess that shows more about me then the hackers though.

YOU FOOL. If you leave them at a high level you can always just come back later when they have more valuable stuff.

@Cloudenvy: According to Blizzard, that's just a rumor. All compromises so far have been by traditional means (phishing, trojans, using passwords on other sites that have been compromised, in addition to not using a mobile/keyring authenticator)

Random players appearing on players with comrpomised accounts are most likely the characters that said loot was transferred to.

If there was a correlation between public games and players getting hacked, Blizzard would very likely have disabled public games.

@Mnemoidian: Of course they would say that. ; )

Yep, happened to me this morning. It was my fault. I had heard all about the hackings and thought "Eh, I'll probably be fine." Set up the authenticator today and sent a request to have my account rolled back. I want my sick scholarly fez.

i got my WoW account hacked before. let me tell you how much of a dick they are about it (the hackers not blizzard.)

disenchanted all my items, took all my gold, raided my bank AND put an authenticator on my account preventing me from accessing it.

(was that last bit really necessary?)

my problem, and i'll be honest about it. i bought gold from a seller's website, reused a common password on their site. and i think this was a time when blizzard forced my account name to be my email address. thus the seller's then had all the info they needed. this was also months down the line from me buying gold.

@stinky: You are the dick for buying gold, you add to the problem of hacking and the screwed economy. You deserved to be hacked.

@Cloudenvy: No, really.. there's no issue if you use an authenticator. I think the issue is that people don't realize that Blizzard's account passwords ARE NOT CASE SENSITIVE. This means if you just make your password something like gIanTbOMb3958 normally on case sensitive sites.. it's relatively secure. Far more secure than with Blizzard's systems. I'm betting a lot of people are getting "cracked," not hacked.

@murisan: I know it's dumb, but I just hate the idea of having to buy this extra thing to not have my account compromised. Yeah, everyone without an authenticator is not getting "hacked", but I really hate the idea that the solution to this is "Oh, buy this extra thing!".

@Cloudenvy: Do you have an Android or iPhone? There's an authenticator app for free.

@murisan: I doooooooooooo not.

@Cloudenvy: Why would they lie about it?

The public game session hacking thing is bullshit concocted by people who just refuse to believe/admit they inadvertently handed over their info at some point (maybe even years ago), spread by folks who are quick to repost what they "heard" from some other equally misinformed individual. Blizzard hasn't just said they haven't heard of any cases of session hijacking, they've stated it's technically impossible.

About having to buy an authenticator,

First of all, for the 1,000,000,000th time in response to derisive comments about needing to buy one, you can get the free authenticator app if you're part of the probably 80%+ of people playing this game who have an iOS or Android device. I'm sure Blizz would love to mail out authenticators for free but most companies aren't really in the business of losing money. You're lucky they just sell them barely at cost instead of actually trying to cut a profit.

Secondly, the authenticator isn't your only option, it's just a very good one. You could just try to be more careful and secure. Start with a stronger password unique to battle.net, make sure your antivirus software is up to date and perhaps consider a scan (though it's probably not something as complex as a virus or keylogger), don't follow links from questionable emails or facebook/twitter posts, don't share your account with anyone, etc. If all else fails, get the authenticator.

If all that seems completely ridiculous, realize that Blizzard has had a massive target painted on them for years now. Battle.net accounts - and the items/currency one can collect in games attached to them - can be extremely valuable. Those looking to acquire your info are pretty crafty and experienced now. And D3's real money auction house only inflated that interest. Blizzard keeps shit pretty much locked down on their end, but they can't do much about users being victims of malicious scripting/software or tricked by well done phishing aside from restore their crap and make the same suggestions I just did.

@Cloudenvy: Gotcha. Well, there's always Bluestacks. http://bluestacks.com/

It's a program that allows you to run Android apps on your PC. You can run the authenticator on your PC this way.

If none of the above, I recommend changing your password to a complex mix of letters, numbers, and punctuation. If you're dedicated to playing Diablo 3, just order the authenticator. Otherwise, be aware that your password is not case sensitive in Diablo 3. Make something very complex, write it down if you have to, and just play.

@murisan: There's also http://code.google.com/p/winauth/

Better than nothing.

Also, I forgot to mention the battle.net SMS protection service if you at least have a so-called "dumbphone." Basically they will text you and notify you of changes and suspicious login attempts/account changes. Also better than nothing.

@murisan: @Robo: Better than nothing, but not nearly the same level of security.

If your PC becomes compromised, whoever got your password may have access to your authenticator as well. There's a reason why Blizzard doesn't provide a "built in" authenticator into the client :P

Same thing for the SMS/dial up authenticator, lower level of security on those - Blizzard has been making a very clear distinction between the keyring/mobile authenticators and the SMS/Dialup service. They consider the former to be secure, they don't consider the latter to be (as you said, it's more a question of "*shurg*, It's better than nothing".)

And it really sucks that this is a discussion we need to have. About a game. Because people are buying gold.

@Robo: You know I just said that as a reference to the Bombcast, right? Hence the winky smiley.

Ah super sorry for the late reply everyone.

So here's what has happened since then. I contacted Blizzards support online. It took a couple of days to get a response, but it seems they're pretty busy with similar problems from other people. Anyway, they offer a Roll Back for your character in cases like this, two to be exact, which allows you to get your items back, however everything you did after is lost. So make sure it's worth it.

They rolled mine back to right before I got this awesome wand for my Wizard on the AU so now I'm wand-less and missing a few good items I had found right before the poo hit the fan. I can't complain too much since I have my stash and inventory full again and they did it pretty fast. Everything is all good now. Lol however they don't really tell you when its fixed, at least for me they didn't. I was expecting an email or something, but just went on this morning couple days after I was asked if i wanted the roll back, to find everything fixed.

I now have an authenticator, which btw is a bitch to to get working, and changed my password so hopefully nothing like this will happen again and I hope this doesn't happen to any of you guys either. What a hassle!

p.s. thanks for the info and replies guys see you on Diablo!

@Robo: It's not at all bullshit, they can spoof your last game session, log in, rob the last character you played and your stash. That is why virtually every report from people with multiple characters are only reporting gear missing from a single character and their stash.