So apparently hackers in public games can see your Session ID and use that to bypass using your login info and even your authenticator. So for the time being it may be best to not do public games.

Well that sucks.

How did Blizz fuck this one up?

Seriously. This isn't helping their case for the whole 'online exclusive' drum they've been beating.

__________________

So, I didn't use public games (only played with direct friends... ), but my account got hacked, too.

Well, my WoW chars got their gold back, but the diablo 3 chars have it still missing.

__________________


I am handclaw and this is my favorite thread on Scrolls of Lore!... oh wait, nope... Just another bitching thread.

Blizz is claiming that every investigation so far shows no signs of people being hacked by "sessionID". In every case it has been a login using username/password, not session highjacking.

So far the one person here that got hacked fits the profile, otherwise they couldn't have gotten WoW goods. In my experience administrating MMO forums, the one constant is that people lie bald-faced when it comes to cases like this and jump on a bandwagon pointing out a vulnerability, even if they know personally that they only got hacked because they entered login information somewhere they shouldn't or they had a keylogger (I've had posters admit this to me in PMs, even though in the open forums it was all about how they must have been hacked through no fault of their own like everyone else). I'm tempted to side with Blizzard on this one, although I am curious to see if that assumption proves wrong.

I agree. I know it was my own fault and I was annoyed about me being so careless. Had some keyloggers on the machine...

Also, blizzard was very helpful with the issue and they were quickly replying to my tickets about it.

__________________


I am handclaw and this is my favorite thread on Scrolls of Lore!... oh wait, nope... Just another bitching thread.

It will probably take them a bit to do the Diablo 3 accounts. They probably have the information, they probably don't have the tools to deal with it as efficiently yet.

__________________
I used to take Warcraft lore seriously, then the lore took a Rule of Cool to the knee.

Got mine restored. The case right now is, they use restoration points. That means, if you kept playing after the hacking occured, you would lose all progress you've made. Hence they ask everyone before using the restoration.

Also, appearantly this option is aviable only twice in the first year.

In my oppinion, they really need to improve this somehow, but well... dunno what the best way would be.

__________________


I am handclaw and this is my favorite thread on Scrolls of Lore!... oh wait, nope... Just another bitching thread.

Yea that was why I was iffy about the entire thing since most people who get hacked refuse to blame themselves then go 'Yea I swear I had that authenticator!'

One person was called out by Bashiok about that, with him pointing out that the authenticator was added after the compromise (which is common).

__________________
I used to take Warcraft lore seriously, then the lore took a Rule of Cool to the knee.

As far as I know, joining a public game will increase your chances of getting hacked but as long as you're online your account info might still be stolen. Haven't heard this from a reliable source though just claims scettered across the web.

__________________

It's all false. People that got hacked got hacked due to their own fault.

Well don't be too sure about that, there might always be a possibility of being hacked without you provoking it.

__________________

No different than the possibility of getting hit by a meteor out of the blue that just lands on you while you're sitting at the computer. Sure, someone might brute-force your email/password combination. That doesn't change that the other 99.999% of the time, your account gets hacked because you typed your information into a phishing site, reused email/password at a site that stored them in plaintext and got hacked, gave someone your information intentionally (say, to a friend or to a levelling service), or have a keylogger that captured it. And any of those are very strongly mitigated by an actual authenticator on your account (Blizzard has admitted that over the last 5 years a couple WoW accounts with authenticators have been hacked, and they were absolutely lousy with backdoors and keyloggers -- it would have to be the sort of thing where someone could catch your auth code and use it, and you be too used to the malware shutting down your computer/internet that you wouldn't try to relog right away I'd think).

And just because it's possible that someone hacks you out of the blue based on nothing you've done doesn't mean that the sessionID or SQL injection hacks that people keep talking about are actually there. So people are right to point out that people are just repeating unsubstantiated rumor with those.

That sucks, no decent antivirus? :S

__________________


Metzen: They are one of the ancient races of Northrend that we haven't spoken of before... because we hadn't made them up before. (laughter)

~Main: Expansion theorycrafting, Expansions list, The Age of Nightmare, Empire of the Tides (coming soon)~
~Fan ficton: Anachronos Journey: The Timeless Heir~ ~Geography of continents series: Old Kalimdor (original), Pandaria~
~Locations as zones series: Azjol-Nerub, Barrow Deeps, Zul'Aman, Demon Hunter zone, Caverns of Time~