Information Diablo III Accounts Hacked

[Angthoron]

I haven't dug deeper into it no, as I don't care about D3 one way or the other, although reading about its failures is an amusing past-time. However I'm not sure I'd take the word of PR-tinged, tech-challenged executives either.

That's also true, but mind that if they give straight-up info that turns out to be lies, there's a moderate chance of everyone involved in making the statement being held responsible for it. So I'm sort of in between opinions on this one, I'm pretty sure they've fucked up the security somehow, but not necessarily in the way it's been implied.

What also amuses me (and has amused me for ages now) is how vulnerable their system really is, and how much more vulnerable they seem to make it. Real ID? Paradise for hackers since they get your log-in and then it's just a matter of scamming you/using a number generator. Their verification systems have also been pretty miserable since hackers were able to successfully gain access to numbers in some way or another a few months ago.

 

[DarkUnderlord]

This certainly looks like an interesting thread... especially along page 5+...
http://us.battle.net/d3/en/forum/topic/5271500000

http://www.game-boyz.com/content/node/18678

Holy. Fucking. Shit.

Non-case sensitive passwords? No lock-out after repeated failed attempts? And apparently not even any IP checking for login?

Holy Fuckballs that is bad. The no lockout alone is pretty fucking serious. Imagine if you had someone's iPhone and could just plug away all day until you got through the code - instead of being locked out progressively longer each time. We're talking about a game played mostly by 12 year olds whose password will be basic at best - and you're saying we can just dictionary attack them?

I wonder if their servers were actually down on launch day because someone was running a brute force on them...

Hell, even XenForo has case-sensitivity and account lock-outs after repeated failed login attempts.

EDIT: Yup, the admin panel locks me out after about 3 failed password attempts. Though the regular login just adds the verification question (which theoretically there should be more of).

So there you go, this forum software is more secure than Diablo 3.

 

[tiagocc0]

Tip: Never hire interns to save money , even more so on security

 

[Angthoron]

This certainly looks like an interesting thread... especially along page 5+...
http://us.battle.net/d3/en/forum/topic/5271500000

http://www.game-boyz.com/content/node/18678

Holy. Fucking. Shit.

Non-case sensitive passwords? No lock-out after repeated failed attempts? And apparently not even any IP checking for login?

Holy Fuckballs that is bad. The no lockout alone is pretty fucking serious. Imagine if you had someone's iPhone and could just plug away all day until you got through the code - instead of being locked out progressively longer each time. We're talking about a game played mostly by 12 year olds whose password will be basic at best - and you're saying we can just dictionary attack them?

I wonder if their servers were actually down on launch day because someone was running a brute force on them...

Hell, even XenForo has case-sensitivity and account lock-outs after repeated failed login attempts.

EDIT: Yup, the admin panel locks me out after about 3 failed password attempts. Though the regular login just adds the verification question (which theoretically there should be more of).

So there you go, this forum software is more secure than Diablo 3.

Yeah, that's BNet 2.0, the passwords for D3, SC2 and WoW are not case-sensitive, with no attempt limits or IP checks.

 

[Shannow]

Tip: Never hire interns to save money , even more so on security

Oh you. Nobody hires interns. They work for free.

 

[DarkUnderlord]

HAHAH. Oh wow. I see that Blizzard even limit password length to only 16 characters.

What.

The.

Fuck.

Who limits the password field? Seriously, the best passwords are like a random combination of normal words. eventhisasapasswordwouldbeprettystrong Add in capitalisation and it'd be next to impossible under normal circumstances.

It's like they're deliberately being retarded.

 

[Infinitron]

How could they do this after what happened to Sony?

 

[tiagocc0]

Tip: Never hire interns to save money , even more so on security

Oh you. Nobody hires interns. They work for free.

Some receive money to study. But hiring doesn't mean getting paid, it means you probably signed a contract.

 

[treave]

Oh no, this isn't a problem at all as long as you buy the authenticator! That'll protect you from all forms of brute-force hacking forever, and if you do get hacked it's your own fault for getting phished.

 

[Jasede]

I like the game for what it is but ahahahaha at the forum posts defending the security holes.

 

[tiagocc0]

HAHAH. Oh wow. I see that Blizzard even limit password length to only 16 characters.

What.

The.

Fuck.

Who limits the password field? Seriously, the best passwords are like a random combination of normal words. eventhisasapasswordwouldbeprettystrong Add in capitalisation and it'd be next to impossible under normal circumstances.

It's like they're deliberately being retarded.

They made a password system for the masses.

 

[DraQ]

Tip: Never hire interns to save money , even more so on security

save money

kotick.jpg

 

[tiagocc0]

Tip: Never hire interns to save money , even more so on security

save money

kotick.jpg

 

[Crispy]

So there you go, this forum software is more secure than Diablo 3.

Cool. So when does our own RMAH go live?

 

[tiagocc0]

So there you go, this forum software is more secure than Diablo 3.

Cool. So when does our own RMAH go live?

Can I buy Crispy?

 

[Crispy]

If you are to believe the first several pages of this thread:

http://us.battle.net/d3/en/forum/topic/5270830019?page=1 (which is fairly hilarious, btw)

this sounds like a pretty serious problem. Rampant, I would say, even. This really is a fascinating problem when you do mix in the prospect of RL money potentially being at risk eventually. I agree that that idea is probably going to get axed. Could you imagine the number of potential lawsuits, a class-action, and more?

I don't know if Blizzard had the same severity of problems with WoW and its hacked account history, but I'd imagine this is just too much trouble even for them. They should have just stuck with the original Diablo formula.

 

[tiagocc0]

According to the thread they were hacked after using AH (which I don't know what it is), then after logging out and logging back the next morning they had a 'new friend' shown up on their list and it's always a lvl 1 char and every item and gold gone.

So probably the hackers are selling items trough this AH, they somehow can hack those who have bought from them (or worse hack anyone who used AH) so they later enter their accounts, add their lvl 1 char as a 'friend' and give everything to this char and log out.
Then they just need to log with their lvl 1 char and sell everything, get all the gold and sell for jewgolds here in the 'outside world'.

 

[DraQ]

They should have just stuck with the original Diablo formula.

Fucking this.

 

[Stabwound]

It makes me cry inside to think about how fucking awesome a Diablo 1 style game could be like with modern technology. And no, Torchlight doesn't count, it's cartoony and shit.

While I like both D1 and D3, they're completely different games with only a few similarities.

 

[Humanity has risen!]

HAHAH. Oh wow. I see that Blizzard even limit password length to only 16 characters.

What.

The.

Fuck.

Who limits the password field? Seriously, the best passwords are like a random combination of normal words. eventhisasapasswordwouldbeprettystrong Add in capitalisation and it'd be next to impossible under normal circumstances.

It's like they're deliberately being retarded.

16 characters is plenty enough to create an uncrackable password. Mine is of that lenght, and they allow special characters so this adds to the complexity. EA has the same character lenght limit for passwords, however they do not allow special characters.

If a firm character limit has already been set in place in a database, it's most of the times painful to change it. It's why among others password limits for online banking services are so short and restraining.

 

[Mother Russia]

So, this piece of crap is actually out. You have to log in to play this, and this is to prevent piracy.



Guess the 'pirates' showed them didn't they, they will now make their money another way by stealing characters' in game jew gold.

 

[tiagocc0]

So, this piece of crap is actually out. You have to log in to play this, and this is to prevent piracy.



Guess the 'pirates' showed them didn't they, they will now make their money another way by stealing characters' in game jew gold.

It's a never ending cycle of pure beauty.

 

[DragoFireheart]

Blizzard makes DRM game to prevent theft of game.

Pirates then steal accounts instead of game code to make profits off of not caring about DRM.

Sheeple gamers get fucked in the end.

I continue to play Planescape: Torment.

Life is good.

 

[Crispy]

Nah. It's actually sad because the game is fun to play. If it ran liquid-smooth like it should (which it doesn't right now, not even on my rig) and if one didn't have to worry about getting OMGHaXxOrEd I think the RLAH could've been a hit. I mean if you really want to spend some actual money on an elite-level weapon or something in this game what's fundamentally wrong with that?

The problem though is that Blizzard is just gorging on its own greed right now. They're seeing these microtransactions as another huge, bloated cash cow and they're very eager to cash in. Even if that means sacrificing the game that really put them on the map and making it into some sort of weird psuedo-MMO.

Now the Chinese gold farmers are just raping that cow for all it's worth while the idiotic (albeit innocent) teenagers out there are screaming bloody murder.

What a mess.

 

[DragoFireheart]

Nah. It's actually sad because the game is fun to play. If it ran liquid-smooth like it should (which it doesn't right now, not even on my rig) and if one didn't have to worry about getting OMGHaXxOrEd I think the RLAH could've been a hit. I mean if you really want to spend some actual money on an elite-level weapon or something in this game what's fundamentally wrong with that?

The problem though is that Blizzard is just gorging on its own greed right now. They're seeing these microtransactions as another huge, bloated cash cow and they're very eager to cash in. Even if that means sacrificing the game that really put them on the map and making it into some sort of weird psuedo-MMO.

Now the Chinese gold farmers are just raping that cow for all it's worth while the idiotic (albeit innocent) teenagers out there are screaming bloody murder.

What a mess.

Remember people: every time you support Bobby by buying his shitty games, you are supporting the Chinese gold farmers in their never ending quest in raping all cows.

Supporting Blizzards means you support cow rape. Don't support cow rape.