Scrolls of Lore Forums  

Go Back   Scrolls of Lore Forums > Blizzard Discussion > Diablo Discussion

Reply
 
Thread Tools Display Modes
  #1  
Old 05-21-2012, 08:27 PM
Leviathon Leviathon is offline

Elune
Join Date: Oct 2009
Posts: 17,348

Default Account Security

So apparently hackers in public games can see your Session ID and use that to bypass using your login info and even your authenticator. So for the time being it may be best to not do public games.
Reply With Quote
  #2  
Old 05-21-2012, 09:09 PM
Malygos Malygos is offline

Sentinel Queen
Malygos's Avatar
Join Date: Nov 2008
Posts: 818

Default

Well that sucks.
Reply With Quote
  #3  
Old 05-22-2012, 12:44 AM
Killchrono Killchrono is offline

Arch-Druid
Killchrono's Avatar
Join Date: Jul 2011
Location: A big point of nothing in space and time (i.e. Brisbane, Australia)
Posts: 1,710

Default

How did Blizz fuck this one up?

Seriously. This isn't helping their case for the whole 'online exclusive' drum they've been beating.
__________________
Quote:
Originally Posted by Dithon1 View Post
How exactly am I still qualified as a "new guy" still?
Quote:
Originally Posted by Killchrono View Post
Shut up and get in the bag, new guy.
Quote:
Originally Posted by Dithon1 View Post
At least people notice me now. ;-;
Reply With Quote
  #4  
Old 05-22-2012, 09:44 AM
handclaw handclaw is offline


handclaw's Avatar
Join Date: Sep 2006
Posts: 2,575

Default

So, I didn't use public games (only played with direct friends... ), but my account got hacked, too.

Well, my WoW chars got their gold back, but the diablo 3 chars have it still missing.
__________________


I am handclaw and this is my favorite thread on Scrolls of Lore!... oh wait, nope... Just another bitching thread.
Reply With Quote
  #5  
Old 05-22-2012, 09:50 AM
Grig Grig is offline

Demon Hunter
Join Date: Jan 2011
Posts: 439
BattleTag: ask#1111

Default

Blizz is claiming that every investigation so far shows no signs of people being hacked by "sessionID". In every case it has been a login using username/password, not session highjacking.

So far the one person here that got hacked fits the profile, otherwise they couldn't have gotten WoW goods. In my experience administrating MMO forums, the one constant is that people lie bald-faced when it comes to cases like this and jump on a bandwagon pointing out a vulnerability, even if they know personally that they only got hacked because they entered login information somewhere they shouldn't or they had a keylogger (I've had posters admit this to me in PMs, even though in the open forums it was all about how they must have been hacked through no fault of their own like everyone else). I'm tempted to side with Blizzard on this one, although I am curious to see if that assumption proves wrong.
Reply With Quote
  #6  
Old 05-22-2012, 09:56 AM
handclaw handclaw is offline


handclaw's Avatar
Join Date: Sep 2006
Posts: 2,575

Default

Quote:
Originally Posted by Grig View Post
Blizz is claiming that every investigation so far shows no signs of people being hacked by "sessionID". In every case it has been a login using username/password, not session highjacking.

So far the one person here that got hacked fits the profile, otherwise they couldn't have gotten WoW goods. In my experience administrating MMO forums, the one constant is that people lie bald-faced when it comes to cases like this and jump on a bandwagon pointing out a vulnerability, even if they know personally that they only got hacked because they entered login information somewhere they shouldn't or they had a keylogger (I've had posters admit this to me in PMs, even though in the open forums it was all about how they must have been hacked through no fault of their own like everyone else). I'm tempted to side with Blizzard on this one, although I am curious to see if that assumption proves wrong.
I agree. I know it was my own fault and I was annoyed about me being so careless. Had some keyloggers on the machine...

Also, blizzard was very helpful with the issue and they were quickly replying to my tickets about it.
__________________


I am handclaw and this is my favorite thread on Scrolls of Lore!... oh wait, nope... Just another bitching thread.
Reply With Quote
  #7  
Old 05-22-2012, 11:05 AM
Garotar Garotar is online now

Site Staff - News
Garotar's Avatar
Join Date: Aug 2011
Posts: 6,621
BattleTag: Greyhame#1747

Default

It will probably take them a bit to do the Diablo 3 accounts. They probably have the information, they probably don't have the tools to deal with it as efficiently yet.
__________________
I used to take Warcraft lore seriously, then the lore took a Rule of Cool to the knee.
Reply With Quote
  #8  
Old 05-22-2012, 11:24 AM
handclaw handclaw is offline


handclaw's Avatar
Join Date: Sep 2006
Posts: 2,575

Default

Quote:
Originally Posted by Garotar View Post
It will probably take them a bit to do the Diablo 3 accounts. They probably have the information, they probably don't have the tools to deal with it as efficiently yet.
Got mine restored. The case right now is, they use restoration points. That means, if you kept playing after the hacking occured, you would lose all progress you've made. Hence they ask everyone before using the restoration.

Also, appearantly this option is aviable only twice in the first year.

In my oppinion, they really need to improve this somehow, but well... dunno what the best way would be.
__________________


I am handclaw and this is my favorite thread on Scrolls of Lore!... oh wait, nope... Just another bitching thread.
Reply With Quote
  #9  
Old 05-22-2012, 11:31 AM
Leviathon Leviathon is offline

Elune
Join Date: Oct 2009
Posts: 17,348

Default

Quote:
Originally Posted by Grig View Post
Blizz is claiming that every investigation so far shows no signs of people being hacked by "sessionID". In every case it has been a login using username/password, not session highjacking.

So far the one person here that got hacked fits the profile, otherwise they couldn't have gotten WoW goods. In my experience administrating MMO forums, the one constant is that people lie bald-faced when it comes to cases like this and jump on a bandwagon pointing out a vulnerability, even if they know personally that they only got hacked because they entered login information somewhere they shouldn't or they had a keylogger (I've had posters admit this to me in PMs, even though in the open forums it was all about how they must have been hacked through no fault of their own like everyone else). I'm tempted to side with Blizzard on this one, although I am curious to see if that assumption proves wrong.
Yea that was why I was iffy about the entire thing since most people who get hacked refuse to blame themselves then go 'Yea I swear I had that authenticator!'
Reply With Quote
  #10  
Old 05-22-2012, 01:23 PM
Garotar Garotar is online now

Site Staff - News
Garotar's Avatar
Join Date: Aug 2011
Posts: 6,621
BattleTag: Greyhame#1747

Default

Quote:
Originally Posted by Leviathon View Post
Yea that was why I was iffy about the entire thing since most people who get hacked refuse to blame themselves then go 'Yea I swear I had that authenticator!'
One person was called out by Bashiok about that, with him pointing out that the authenticator was added after the compromise (which is common).
__________________
I used to take Warcraft lore seriously, then the lore took a Rule of Cool to the knee.
Reply With Quote
  #11  
Old 05-28-2012, 09:37 AM
MrManiac MrManiac is offline

Wisp
MrManiac's Avatar
Join Date: May 2012
Location: Greece
Posts: 9

Default

Quote:
Originally Posted by Leviathon View Post
for the time being it may be best to not do public games
As far as I know, joining a public game will increase your chances of getting hacked but as long as you're online your account info might still be stolen. Haven't heard this from a reliable source though just claims scettered across the web.
__________________
Reply With Quote
  #12  
Old 05-28-2012, 10:41 AM
Leviathon Leviathon is offline

Elune
Join Date: Oct 2009
Posts: 17,348

Default

Quote:
Originally Posted by MrManiac View Post
As far as I know, joining a public game will increase your chances of getting hacked but as long as you're online your account info might still be stolen. Haven't heard this from a reliable source though just claims scettered across the web.
It's all false. People that got hacked got hacked due to their own fault.
Reply With Quote
  #13  
Old 05-28-2012, 11:20 AM
MrManiac MrManiac is offline

Wisp
MrManiac's Avatar
Join Date: May 2012
Location: Greece
Posts: 9

Default

Quote:
Originally Posted by Leviathon View Post
It's all false. People that got hacked got hacked due to their own fault.
Well don't be too sure about that, there might always be a possibility of being hacked without you provoking it.
__________________
Reply With Quote
  #14  
Old 05-29-2012, 09:22 AM
Grig Grig is offline

Demon Hunter
Join Date: Jan 2011
Posts: 439
BattleTag: ask#1111

Default

Quote:
Originally Posted by MrManiac View Post
Well don't be too sure about that, there might always be a possibility of being hacked without you provoking it.
No different than the possibility of getting hit by a meteor out of the blue that just lands on you while you're sitting at the computer. Sure, someone might brute-force your email/password combination. That doesn't change that the other 99.999% of the time, your account gets hacked because you typed your information into a phishing site, reused email/password at a site that stored them in plaintext and got hacked, gave someone your information intentionally (say, to a friend or to a levelling service), or have a keylogger that captured it. And any of those are very strongly mitigated by an actual authenticator on your account (Blizzard has admitted that over the last 5 years a couple WoW accounts with authenticators have been hacked, and they were absolutely lousy with backdoors and keyloggers -- it would have to be the sort of thing where someone could catch your auth code and use it, and you be too used to the malware shutting down your computer/internet that you wouldn't try to relog right away I'd think).

And just because it's possible that someone hacks you out of the blue based on nothing you've done doesn't mean that the sessionID or SQL injection hacks that people keep talking about are actually there. So people are right to point out that people are just repeating unsubstantiated rumor with those.
Reply With Quote
  #15  
Old 05-30-2012, 06:00 AM
Lon-ami Lon-ami is offline

Elune
Lon-ami's Avatar
Join Date: Jul 2007
Location: Spain
Posts: 11,796
BattleTag: Lonami#2916

Default

Quote:
Originally Posted by handclaw View Post
So, I didn't use public games (only played with direct friends... ), but my account got hacked, too.

Well, my WoW chars got their gold back, but the diablo 3 chars have it still missing.
That sucks, no decent antivirus? :S
__________________


Metzen: They are one of the ancient races of Northrend that we haven't spoken of before... because we hadn't made them up before. (laughter)

~Main: Expansion theorycrafting, Expansions list, The Age of Nightmare, Empire of the Tides (coming soon)~
~Fan ficton: Anachronos Journey: The Timeless Heir~ ~Geography of continents series: Old Kalimdor (original), Pandaria~
~Locations as zones series: Azjol-Nerub, Barrow Deeps, Zul'Aman, Demon Hunter zone, Caverns of Time~
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 05:19 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.