Information Diablo III Accounts Hacked

[4too]

The Wealth Of Nations

… I mean if you really want to spend some actual money on an elite-level weapon or something in this game what's fundamentally wrong with that?

The problem though is that Blizzard is just gorging on its own greed right now. They're seeing these microtransactions as another huge, bloated cash cow and they're very eager to cash in. Even if that means sacrificing the game that really put them on the map and making it into some sort of weird psuedo-MMO.

Now the Chinese gold farmers are just raping that cow for all it's worth …

… Remember people: every time you support Bobby by buying his shitty games, you are supporting the Chinese gold farmers …

:wind whispers through:

All this mystery, and the counter spin that may be misdirecting attention to a clear focus on D-blo3 website security weaknesses.

All this redistribution of wealth, and the ways and means are lost in the warp and weave of the, ah, an Invisible Hand(™ Adam Smith: 1758,1759,1776).

All this loss, and all this gain, to what unintended greater good.

:/wind whispers through:





4too

 

[Awor Szurkrarz]

Wonderful .

 

[tiagocc0]

Remember people: every time you support Bobby by buying his shitty games, you are supporting the Chinese gold farmers in their never ending quest in raping all cows.

Supporting Blizzards means you support cow rape. Don't support cow rape.

Goddamned, why wasn't I born in China? WHY?

 

[Bulba]

How much ingame gold will it be for 1 real? curently hackers are stripping 1 per minute with an average of 400k gold each making 24mil an hour. I wonder how does that compare to minimal wage....

 

[circ]

I think you just cracked the secret of the Chinese economy.

 

[tiagocc0]

How much ingame gold will it be for 1 real? curently hackers are stripping 1 per minute with an average of 400k gold each making 24mil an hour. I wonder how does that compare to minimal wage....

From what I saw it appears to be 5 dolars per 100k

 

[Dexter]

Tip: Never hire interns to save money , even more so on security

save money

kotick.jpg

http://e3.gamespot.com/story/6266573/3ds-is-brilliant-activision-coo-

GS

:Also during the call, Bobby Kotick talked about a "culture of thrift" in the company. But people seem to think with Blizzard, you just give them the resources they want and then step back, letting them do what they do. Are they exempt from that culture of thrift?

TT: No, and I don't think they want to be exempt from that. The culture of thrift isn't about not investing in the games. It's exactly about investing in the games. If we don't waste money on golden toilets and what have you, that gives us the resources to invest in the games so we make a great game. Subsequently, it gives us the ability to spend big in marketing a game.

I don't know if you've been at our offices. We've had the same office since forever, and we just replaced the duct tape on the carpet because it became a trip hazard down the stairs. And that took five years to get done. So we are thrifty in the areas where frankly, the consumer doesn't see value. We are not thrifty in the areas where the consumer sees the value, which is in the game development.

That's why we added 300 headcount to Blizzard's development team, 900 headcount to the customer service team, 300 headcount around the Call of Duty franchise. There are many areas where we are making massive investments to improve the gamer experience, and then there are areas where we think it's not worth it. So we don't have a company gym, cafeteria, and valet parking. Because the gamer doesn't care about that. They don't see value in any of that. Go talk to Blizzard or the Treyarch guys or the Sledgehammer guys. We put the money where the gamer's going to see it.

Can't see security guyz

 

[tiagocc0]

I bet they don't have toilets either, and why waste time eating when they could be making games!

 

[Bulba]

How much ingame gold will it be for 1 real? curently hackers are stripping 1 per minute with an average of 400k gold each making 24mil an hour. I wonder how does that compare to minimal wage....

From what I saw it appears to be 5 dolars per 100k

If you work 8h a day at a 5 day working week you can be making 2.5mil a year... I'm going to become a d3 hacker, thank you very much. Now I'm off to buy diablo

 

[sea]

I was playing with Jon from GameBanshee and literally saw his account get hacked mid-game. Someone joined on another character and emptied his stash out before he got kicked back off.

Great stuff, Blizzard.

 

[Azrael the cat]

Warning.....massively overlong train-of-thought TL;DR approaching:

As much as I'm laughing at Blizzard, it's also kind of disappointing in terms of the potential flow-on effect for PC gaming generally. Blizzard aren't much better than the console dev's, but that's sort of the point - they've long been the shining disproof of the notion that you can't make big money selling PC-exclusives and PC-oriented genres. Other companies would have made Starcraft 2 into 'an FPS inspired by the Starcraft universe, capturing the essence of the original Starcraft through exciting modern gameplay!' In this age of major-label-decline, it's more surprising that a company like Blizzard retains the isometric perspective and traditional game genres than it is that they trash them through removal of player choice and loss of the IP's mood. It's really quite a minor miracle that the RTS genre even exists, given what has happened to almost all other PC genres.

I can't help but wonder how much pressure Blizzard will be facing from young post-PC-era turks going around the chain of comand to Activision and promising them that they can make Blizzard many times more profitable by adapting their IPs to console-friendly genres, dropping 'dead genres' like RTSs, and making Playstation the core system for Diablo because PC gamers will buy a shitty port anyway. The massive sales of Starcraft 2 and Diablo head that off, but this kind of shenanigans makes idiot execs who don't understand their customer base think that they can achieve even more sales on consoles without this kind of hassle.

So yeah, I'm in two minds on this one. It's good insofar as it's a blow struck against online-only gaming - but I suspect that ship has already sailed. Oddly enough, if Diablo 3 was a PURE single-player game, they could pull this online-only shit without having to worry about hacking - it's only the social features like auction houses and goldfarming that makes it a problem for them. I couldn't really give a shit what Bioware do with their IPs right now, but I can see how making DA3 online-only would look attractive to them without opening up the same worries as D3, as there'd be no means for hackers to transfer items away from players, let alone monetise them. People were talking about online-only gaming being the inevitable future as soon as they realised that there really wasn't any way that developers could stop piracy, and it's not much a surprise that it's started to arrive. I'm hoping that this event makes publishers re-assess whether online-only will be any more secure from piracy than offline gaming (though there'd need to be a means of piracy that doesn't rely on private servers - that just creates a great big target on which to drop a shitstorming lawsuit + criminal charges) - they already know that first week delays and shitty launches don't deter customers, nor theft of customer information including credit card details (the 'it won't happen to me' effect - also known as the 'how the fuck did Sony escape without even a dip in profits???' doctrine), so I'm guessing the only thing that can stop online-only now is if it turns out to be just as vulnerable for greater cost than offline DRM.

But conversely, I'd hate it if this just adds another nail in the 'LONG-JOHN SILVER IS MAKING PC GAMES UNPROFITABLE!' flavoured coffin. Yes, I'm as excited for the kickstarter incline as anyone - I'm from a generation that played the 80s rpgs when they came out, and I know numerous friends who would love to jump back into gaming if only the games they like were there. For all the talk of broadening the computer game customer base, when you have to juggle kids and work you really don't have time for online gaming - maybe the odd squad-based game, but even then you won't have time to 'get good' at it, let alone to play the mmorpg grinding games. All this online gaming crap is wasted on the older generation of gamers - and we're the ones with enough money to not think twice about paying full price for games. When you've been at work all day, then looking after the kids and spouse all evening, you don't game to get online and deal with somebody ELSE'S rugrats. You do it so you can be antisocial, to chill out by yourself for an hour. Why devote the industry to kids who can only pay for a handful of games a year (including presents), when there's a market of dedicated gamers who are willing and able to buy games like they used to buy music albums, 10-20 a year even (including retros/indies/sales that is), if only games for them were there?

But to turn that around, the kickstarter games need to do more than just be great games (and that in itself isn't exactly locked in yet) - and they need to do more than have a Minecraft mega-success (how many AAA+ Minecraft clones have you seen?). They would need to produce a whole series of Minecraft-level successes, beating the big players time after time until it just becomes impossible to dismiss them as freak successes anymore (if that is even possible - note how when Bioware finally did another party-based semi-tactical rpg that was promoted as a spiritual sequel to BG, that became their biggest seller despite being pretty average in a lot of ways, they couldn't bring themselves to accept that people might actually want games with larger parties and more tractical options and instead insisted that it was all because of their shitty Mills and Boon dating-sim component...to the point where they sank DA2 by working on that assumption). It would make it a LOT easier for the kickstarter games to have that kind of effect if there was already an example of an AAA developer producing PC-genre games and making bucketloads of money from an underserviced market.

 

[DwarvenFood]

Warning.....massively overlong train-of-thought TL;DR approaching:

I missed those.

 

[Infinitron]

I was playing with Jon from GameBanshee and literally saw his account get hacked mid-game. Someone joined on another character and emptied his stash out before he got kicked back off.

Great stuff, Blizzard.

Wow, just wow.

 

[Bulba]

Warning.....massively overlong train-of-thought TL;DR approaching:

But to turn that around, the kickstarter games need to do more than just be great games (and that in itself isn't exactly locked in yet) - and they need to do more than have a Minecraft mega-success (how many AAA+ Minecraft clones have you seen?). They would need to produce a whole series of Minecraft-level successes, beating the big players time after time until it just becomes impossible to dismiss them as freak successes anymore (if that is even possible - note how when Bioware finally did another party-based semi-tactical rpg that was promoted as a spiritual sequel to BG, that became their biggest seller despite being pretty average in a lot of ways, they couldn't bring themselves to accept that people might actually want games with larger parties and more tractical options and instead insisted that it was all because of their shitty Mills and Boon dating-sim component...to the point where they sank DA2 by working on that assumption). It would make it a LOT easier for the kickstarter games to have that kind of effect if there was already an example of an AAA developer producing PC-genre games and making bucketloads of money from an underserviced market.

I think the main reason why da2 sucks is that the dev are gay... and want to make games about gay elvish sex - can't blame them if thats what their dreams are about. Unfortunately for bio non gay community kinda wants different games. Funny thing is that they have not learned their lesson and thought that they've put in too little gay sex and are going to fix that in DA3. With their reputation gone, and most DA2 sales went purely on that, I wonder how many their new game will sell.
All is not lost through - have faith in free market and with time our dreams will come true... my only fear is that it might not happen during my lifespan.

 

[Awor Szurkrarz]

I think the main reason why da2 sucks is that the dev are gay... and want to make games about gay elvish sex - can't blame them if thats what their dreams are about. Unfortunately for bio non gay community kinda wants different games. Funny thing is that they have not learned their lesson and thought that they've put in too little gay sex and are going to fix that in DA3. With their reputation gone, and most DA2 sales went purely on that, I wonder how many their new game will sell.
All is not lost through - have faith in free market and with time our dreams will come true... my only fear is that it might not happen during my lifespan.

It's not for gays. It's for women, which are a significant part of the Bioware audience.

 

[DragoFireheart]

Blizzard finally admits it's an IP exploit and not just "keylogger".

http://us.battle.net/d3/en/forum/topic/5150110791#3

Unedited post:

 

[Black]

What's an IP exploit?

 

[DarkUnderlord]

An IP exploit is Drago trying to use terminology he doesn't understand. Looks like Blizzard are tracking some Chinese IP's though, so I'd guess this is the work of some Chinese Gold farmers who got a little bit too eager and probably jumped the gun early... or are hoping to cash in early and sell items and accounts through ebay and such.

I was playing with Jon from GameBanshee and literally saw his account get hacked mid-game. Someone joined on another character and emptied his stash out before he got kicked back off.

Can you find out the following for my own personal amusement?

- Did he use any sort of hack or cheat program for Diablo 3? Anything, even that light altering one.
- How long was his password - and what type of password did he have? IE: Was it just a single, simple word or was it a random string of numbers and letters?

 

[DwarvenFood]

I can tell you it was less than 17 characters

 

[DragoFireheart]

An IP exploit is Drago trying to use terminology he doesn't understand. Looks like Blizzard are tracking some Chinese IP's though, so I'd guess this is the work of some Chinese Gold farmers who got a little bit too eager and probably jumped the gun early... or are hoping to cash in early and sell items and accounts through ebay and such.

I was playing with Jon from GameBanshee and literally saw his account get hacked mid-game. Someone joined on another character and emptied his stash out before he got kicked back off.

Can you find out the following for my own personal amusement?

- Did he use any sort of hack or cheat program for Diablo 3? Anything, even that light altering one.
- How long was his password - and what type of password did he have? IE: Was it just a single, simple word or was it a random string of numbers and letters?

- Do you think most of the cases are just people being careless with their passwords and/or getting keylogged?

 

[sea]

- Did he use any sort of hack or cheat program for Diablo 3? Anything, even that light altering one.
- How long was his password - and what type of password did he have? IE: Was it just a single, simple word or was it a random string of numbers and letters?

- I doubt it.
- I don't know if it was maximum length, but Jon uses different passwords for every site and I doubt he went for "puppies" or something similarly easy to crack. He's started using stuff like 3VCAaIfHnC0vD8IW now (yay LastPass).
- None of those excuse Blizzard's poor security all around.

 

[Crispy]

Draw your own conclusions, DragQueen. ffs, try not to be so Polish.

Personally I think it's more than just client stupidity. There's something to this, but Blizzard ain't ever going to really admit it. I mean just the income they're bringing in from authenticators alone at this point is more than enough to justify/finance a completely separate legal team.

Roll on, Blizzard.

 

[DragoFireheart]

Draw your own conclusions, DragQueen. ffs, try not to be so Polish.

Personally I think it's more than just client stupidity. There's something to this, but Blizzard ain't ever going to really admit it. I mean just the income they're bringing in from authenticators alone at this point is more than enough to justify/finance a completely separate legal team.

Roll on, Blizzard.

- I think there is something else going on and Blizzard is not making official announcements yet since:

1- It would be bad PR and hurt sales.

2- They are not sure or are not ready to announce it yet.

3- The hacks happened recently and they are still working through them.

I've heard far too many reports about someone having the authenticators and still getting hacked. The odd thing is people, from what I have researched, are only losing their Diablo items. Not their accounts, not their WoW accounts, not anything else. They get kicked and have their items taken... and that is it. It's a bit too specific to just assume it's a keylogger since they could get other things from all these users... but I've heard of nothing. If it were mass keyloggers, wouldn't we hear about more cases where people have had their Diablo 3 accounts hacked AND their other accounts on other sites also hacked?

 

[Menckenstein]

Activizzard is going to declare war on China, send in Xtreme Sleeveless Soldierz.

 

[DarkUnderlord]

- Do you think most of the cases are just people being careless with their passwords and/or getting keylogged?

Well, it's an online game with 6 million players. I doubt many people would think "yeah, I'll make my password something really obscure and difficult to remember just for Diablo 3". I think most people would choose something fairly benign like "diablo3" or "diablo3password". What I did think is that they're being brute-forced, given Blizzard have no protection against that. It'd be really easy to set up a machine that runs through logins (how they're getting logins is another question) and tries to guess the password. It could also explain why their servers are going offline every once in a while - hackers have hundreds of machines running all trying to login into accounts by basically just guessing the password repeatedly.

The fact that passwords aren't case sensitive makes this infinitely easier on a mind-bogglingly large scale though. Because all of a sudden "password", "passWord", "paSSworD" and 256 other variants can all be checked with just the one "password" attempt. If the password was something more than a fairly simple word though (or something other than a known common password), that becomes a bit harder and more time consuming to crack.

So yeah, I had thought that perhaps the people getting hacked had fairly simple passwords that had just been brute-forced (think of someone trying to login to your account and just running through all the guesses they can possibly come up with, only they're doing it with a computer and they can check over 3,000 passwords an hour). The other thought was that there was some popular mod or crack people had downloaded which unwittingly does capture and send your account details to a hacker in China / wherever.

The only thing is, I'd assume a bunch of IPs trying to brute-force their way in would surely show up in Blizzard's logs and that they'd do something about that - though given their lack of security that's an assumption I'm not too certain I could make. And if it was a popular program, I'd have thought that surely someone would've done their own checks on them and actually confirmed a keylogger or some such in it by now... And surely if someone had an infection that got caught, they would've said so by now. I mean the people that are coming up as getting hacked aren't exactly idiots (at least, I wouldn't think all of them are). We're talking about at least two "semi-prominent" game journalists that have been pinged now. Someone near them surely knows how to use a computer and would've looked for a virus / something on it. I've even seen YouTube videos which surely must be some clued in guys watching their own characters get hacked right before their eyes.

And let's face it, if all these people have keyloggers on their computers, then how come hackers are stealing their Diablo 3 Gold and not their real cash, in their real bank account? ... or their WoW character? ... or their SC2 details? This is a VERY specific and targeted hack.

Another interesting thing is that it seems only accounts with high level gear are being targeted (40+). From what I can tell, low level accounts with shitty gear aren't even being touched. So, how are they being found? How do the hackers know they have stuff worth stealing? Is it a weakness in the auction house - that these players have tried to sell something, which has therefore made them a target? Have these players downloaded some sort of map-hack tool or tried to purchase equipment from somewhere? But again, that assumes they're all idiots and I just don't believe that.

No, I actually think more and more that there is a very major weakness in Blizzard's security system (let's face it, Sony and I think XBox have both been hacked through some fairly herp-a-derp weaknesses) that allows someone, once they have a target, to select an account, break into it and do whatever they like to it.

Oh yeah, as for Blizzard's denials, here's a nice comparison I found on the D3 forums:

Trion made a similar post last year about Rift:

http://forums.riftgame.com/rift-gen...iscussion/109922-protecting-your-account.html

They too claimed that at least 80% of the hacked accounts were the result of keyloggers. That is, until it was announced that their account DB had been hacked.

http://www.1up.com/news/rift-account-database-hacked