Originally posted by Newmoon

Originally posted by dubyahite
@desalus

An excellent point. Yet another on of the million possibilities that could cause this that are neither "I have a virus" or "Blizzard got hacked".

So many things that could be going on.

  That was my point. Not that it was absolutely "session ID" or using account numbers, like what happened in Rift. I meant the 400 page long threads with the finger pointing about how all these HAD to be buying gold, or clicking email phishing. It could be a breach on Blizzard's part, unlike what they've been saying. Trion first said it was the player's fault, until a "white hat" player figured out how it was done and told Trion. Coin lock came in reallly fast. 6 months later, their database was hacked, and usernames/passwords were taken- but the info was encrypted.

   I changed all my passwords anyway. I use different passwords for each game, and while they are serial, they aren't guessable from each other, and all are at max length. I also change them frequently. When physical authenticators are offered, I take them. I've been lucky and have never been hacked, even after playing literally over 100 MMOs, from AAA titles to basic Korean grinders.

 

   Alll that screaming taught me to withold criticism until we figure out how it is being done. I refuse to believe that many people clicked on (click now or forever lose your account) and (beta invite, just give us your financial info!).

I say it again.... it is much more likely that a guild / fansite or public forum got comprimised, as they don't have to follow the legislations like Big corporations need to!

I mean, sure SOE got hacked last year, but the passwords in the database were still encrypted.

How many guild or fansites run Open Source software like Wordpress, phpBB, etc, etc ?  How many owners of those sites bother keeping that software up to date with patching?

You would be suprised how many guild / fansite / public forum owners are downright lazy and sloppy and don't keep their stuff properly patched and updated! Not to mention take their time to install plugins and/or run the necessary configurations to make their site more secure!!

Especially wordpress and phpBB are continiously plagued by vulnaribilties and security issues and if you didn't kept your sites/forums updated..... well you can't make it any easier for hackers to compromise those sites and steal user info straight out of these databases!

And as so many people use the same email and password on these kind of sites too. It is far more likely the hackers got your password from a fan / guild site or public forum!

Originally posted by dubyahite
@JeroKane

I have seen posts on the official forums with people claiming that a bunch of people in their guild got hacked to so it's obviously on Blizzards end!

That just screams guild site hacked to me.

I can give you a perfect example.

I run a site for myself to profile myself as IT consultant. This site runs under Wordpress.

I have properly configured this site, including the security hashes within the php-config, run some security plugins, but above all make sure all plugins and Wordpress is up to date with latest patches.

One day my site got hacked (like a ton of other wordpress sites that weekend) by a Turkish hackgroup that found a vulnaribility in the php-admin page that enabled them to bypass it completely and gain access to your wordpress site with Full admin privileges!!

This happened ironically right after a Wordpress update!  Just so you know.

Luckily I was the only one affected, as I don't have users registered nor run a forum!

So with daily backups, I was quickly back up and running and Wordpress luckily released a new update within a few days.

This stuff happens all the time with OpenSource software... especially because it's so popular and above all FREE!

That is why I don't run my own guilds and guildsite/forums anymore.... I just don't want that kind of responsibility anymore, especially since I just don't have the time for it anymore either.

More importantly tho, it's not even fun anymore, because of all the hacking going on these days, not to mention all the spamming you need to deal with as well.

If you trully want to run a secure guild forum, you are practically forced to buy a vBullitin Forum license. Which is not cheap! 195 bucks for just a standard forum license or 285 bucks for the CRM suite!

I might have a hint.

A couple of weeks prior to the game release I received a really looking legitimate email from "blizzard" stating whatever about diablo 3 (i say whatever because I deleted it right away)

This email had to be a key logger, I don't think I had any virus/worm from it since it was contain in a sandbox.

I know that this email was not legitimate since I changed my email adres on battlenet a year ago of so.

So anything I receive on the first email adres i had on battlenet before I changed my email adres is a skim. I know that because I was ever hack on my WoW account after I did opened one of those "official" email from "blizzard*east". Those guyz are really good, i don't know how they manage to have a legit sender, the magical truccande.

My guess is many people that had been hack with WoW at any given time received this email about and got hack soon after the game release with their loggin and credentials if they bought the game.

Real money auction house, with millions gamers, hum sound like a lot of people will make an infernal work out of it. I think everybody deserve to play some game

Originally posted by itgrowls

Originally posted by Karahandras

Originally posted by Unlight

Whatever the spin, in fifteen some odd years of online gaming, I've had my account compromised exactly twice.  The first time was a month or two after linking my WoW account to Battle.net, and the second was about six months later with the same account, which also happened to be about five months after cancelling my sub for the game.  I've never once run into the problem anywhere else online where I've been required to have an account.

Yeah, I'm sure I'll be accused of buying gold, using weak credentials and failing to secure my system with the proper software.  F*ck you.  The only problem I've ever had was with Battle.net.  Even in the three years I played WoW prior to that, I never had an issue.  It was only when I had to link my accounts that something went wrong.  My security habits were perfectly fine prior to that and have been sufficient to prevent a similar episode ever since.

So spin away.  I *know* there's something slipshod about that system.  And if you all think it's so damned secure, ask yourself how many other logins you use today aren't case-sensitive.  Yeah, thought so. 

If nothing else, it proves that Blizzard isn't doing *everything* they can to safeguard your account.  But they are happy to sell authenticators to anyone that wants some additional protection and needs a physical key.  Again, it's interesting that I've never needed an authenticator to login to *any* other account that I have, whether it's games related or not, yet all my many accounts remain intact.

 

 

Am wondering how much they make off selling the authenticaters?

Authenticators you buy are $6 w free shipping, its nothing. The Apps for mobile are free.

 

:) I meant profit wise

Originally posted by Karahandras

Originally posted by itgrowls

Originally posted by Karahandras

Originally posted by Unlight

Whatever the spin, in fifteen some odd years of online gaming, I've had my account compromised exactly twice.  The first time was a month or two after linking my WoW account to Battle.net, and the second was about six months later with the same account, which also happened to be about five months after cancelling my sub for the game.  I've never once run into the problem anywhere else online where I've been required to have an account.

Yeah, I'm sure I'll be accused of buying gold, using weak credentials and failing to secure my system with the proper software.  F*ck you.  The only problem I've ever had was with Battle.net.  Even in the three years I played WoW prior to that, I never had an issue.  It was only when I had to link my accounts that something went wrong.  My security habits were perfectly fine prior to that and have been sufficient to prevent a similar episode ever since.

So spin away.  I *know* there's something slipshod about that system.  And if you all think it's so damned secure, ask yourself how many other logins you use today aren't case-sensitive.  Yeah, thought so. 

If nothing else, it proves that Blizzard isn't doing *everything* they can to safeguard your account.  But they are happy to sell authenticators to anyone that wants some additional protection and needs a physical key.  Again, it's interesting that I've never needed an authenticator to login to *any* other account that I have, whether it's games related or not, yet all my many accounts remain intact.

 

 

Am wondering how much they make off selling the authenticaters?

Authenticators you buy are $6 w free shipping, its nothing. The Apps for mobile are free.

 

:) I meant profit wise

They sell the Authenticators at cost. This has been revealed many many times by Blizzard.