Some Diablo III accounts already being hacked

It apparently hasn't taken long for someone, or perhaps a group of people, to figure out a way to hack into Battle.net accounts for Diablo III. Eurogamer.net states that it has received a number of reports from players of the just released action-RPG sequel that someone has highjacked their access to the game.

That apparently includes Eurogamer.net writer Christian Donlan, who had his account taken over by someone known only as "Anna". You can see the chat conversation between "Anna" and editor Oli Welsh above this post.

Other players have reported that their Diablo III's character loot has been stolen from their inventory, along with their in-game cash. Apparently Blizzard has tried to reinstate those characters back to a time before they lost their in-game items and money.

The European servers for Diablo III were taken down unexpectedly, and without warning, for about four hours on Sunday. So far Blizzard has yet to comment on these hacking attacks or the sudden server downtime.

While the in-game cash and items lost don't currently make a difference in the real world, they might very soon. Blizzard is supposed to launch its real money auction service for Diablo III on May 29th. If the hacks of player accounts continue, that could mean a lot of money lost for both players and for Blizzard.

Image via Eurogamer.net

Report a problem with article
Previous Story

Dragon Age Legends to shut down June 18th

Next Story

Gmail gets better autocomplete predictions for search

20 Comments

Commenting is disabled on this article.

I've been following this one in the D3 forums. The amount of users in there that think they know it all is laughable. Also some extra checks should be put in place to ensure that under 16s cannot sign up to the forums - its annoying to have so many immature posts on there. Though I would like to see some more official posts by Blizzard - are users wasting their time by trying to find something client side when there isn't anything to find.

I was playing the other night and got kicked because someone else logged onto my account. I immediately changed my password and added back in my authenticator. My question is how did they get my password? I run very little 3rd party programs on this machine and can';t figure out how they may have captured my password.

patseguin said,
I was playing the other night and got kicked because someone else logged onto my account. I immediately changed my password and added back in my authenticator. My question is how did they get my password? I run very little 3rd party programs on this machine and can';t figure out how they may have captured my password.

That method is called "forcing" either your password is too simple, or it was plain luck. Once they have your account name, they can get the rest easily enough. Or you just have a keylogger, whichever.

Again, THIS is why I want SINGLE PLAYER OFFLINE Diablo 3.

It shouldn't be tied to any real cash auction house IF I DON'T WANT IT.

It shouldn't be TIED TO AN ONLINE HACKABLE SERVICE IF I DON'T WANT IT.

From what I've been reading from the posts on blizzard.net that have been QUICKLY deleted is that there is some kind of background access to the server databases that people have figured out. Authenticator? Meh, they've been bypassing them.

The old saying is, if man made it, man can hack it and the only true security is lack of communication. Blizzard, make right what you've wronged and convert it to a single player game with the OPTION for online play just like Diablo 2 and you will have me and many others as customers again. Do this "must be online to play crap" and you don't have a chance of getting my business EVER again.

Jesus they had the exact same problem before when Battle.net first existed.

Deja-vu is just eating them alive.

For quite some time now, Blizzard accounts have been susceptible to being hacked some how, perhaps right at the server. I've had several friends whom stopped playing WoW or SCII for over a year, and each had their account compromised. Only way to secure it is with token authentication.

Yep I got hacked 2 nights ago while I was playing. I got an error saying my battle.net account had been logged in on another computer. Tried logging back in only to realize my password had been changed. Went through the account recovery process, added an authenticator, signed back in and all my gear was gone. Moral of the story, use an authenticator.

Edit: I've never entered my username or password anywhere but the Diablo 3 login screen (in game), or on battle.net, and my computer is virus/malware free. The only way, to my knowledge, that my password could have been compromised, is by using google to get to the battle.net login, and entering my credentials.

Guys if we're going to do the whole journalism thing can we fact check first?

This:

It apparently hasn't taken long for someone, or perhaps a group of people, to figure out a way to hack into Battle.net accounts for Diablo III.

Is wrong and so is this:

Blizzard is supposed to launch its real money auction service for Diablo III on May 29th. If the hacks of player accounts continue, that could mean a lot of money lost for both players and for Blizzard.

Nothing of Blizzard's has been hacked, nothing of Blizzard's has been compromised, and nobody has figured out anything. WoW accounts have been being "hacked" for years - and the way that happens is that the end user clicks on stuff that they're not supposed to and gets a keylogger or falls for a phishing scam. Blizzard does some weird stuff and makes some mistakes but this isn't one of them, this is user error plain and simple.

Amarok said,
Guys if we're going to do the whole journalism thing can we fact check first?

This:

Is wrong and so is this:

Nothing of Blizzard's has been hacked, nothing of Blizzard's has been compromised, and nobody has figured out anything. WoW accounts have been being "hacked" for years - and the way that happens is that the end user clicks on stuff that they're not supposed to and gets a keylogger or falls for a phishing scam. Blizzard does some weird stuff and makes some mistakes but this isn't one of them, this is user error plain and simple.


Except people are having their accounts taken over without any evidence of clicking on "stuff that they're not supposed to"
http://us.battle.net/d3/en/forum/topic/5152408889

dead.cell said,
If it was as simple as keyloggers, what about accounts with an authenticator tied to it?

The authenticator codes are only valid for a few seconds. But if you log on with the code provided straight away, once you're logged in, you're in.

John Callaham said,

Except people are having their accounts taken over without any evidence of clicking on "stuff that they're not supposed to"

Blizzard says otherwise. Blizzard says the compromises are all done via the traditional methods used in WoW (phishing, keyloggers) - and no accounts with authenticators have been found to be compromised. Claims to the contrary were excuses to shirk responsibility. This is why it's best to wait for something conclusive before a news article is made about something. Now those publications that did claim that something else was going on, or that there was a compromise on Blizzard's end, and all that other jazz about session spoofing are looking pretty silly.

This is why you need to use an authenticator. Do that and you minimize the risk of it occurring. You can lighten it up and make it so it doesn't need to be keyed every time you play though because it will prompt the first time you do it on a new connection. Then it will do it periodically from there on out.

shinji257 said,
This is why you need to use an authenticator. Do that and you minimize the risk of it occurring. You can lighten it up and make it so it doesn't need to be keyed every time you play though because it will prompt the first time you do it on a new connection. Then it will do it periodically from there on out.

People are reporting it happening to them that DO have an Authenticator also

Ouch. This is not something Blizzard needs just before the RMAH launch. So much for online only preventing this... LOL