Blizzard Says Diablo 3 Hacking Isn't Unusual - UPDATED
Diablo 3 security compromises are pretty much in line with what's seen during World of Warcraft expansion launches.
The inability to connect to a Diablo 3 server when you want to play the game, particularly in the hours and days immediately following its release, is no doubt a frustrating experience. But worse than that is making the connection and then discovering that some jerk got there first and swiped all your stuff. The way some people are talking about it, nearly every Diablo 3 [http://www.amazon.com/Diablo-III-Standard-Edition-Pc/dp/B00178630A/ref=sr_1_1?ie=UTF8&qid=1337698897&sr=8-1] player on the planet either has been, or is on the verge of being, hacked.
But that's not actually the case, according to Blizzard (and also the dictates of common sense), which put up a message [http://us.battle.net/d3/en/forum/topic/5149619846] earlier this morning stating that while it takes security issues seriously, the rate of complaints isn't actually any worse than that of its other online game.
"Historically, the release of a new game -- such as a World of Warcraft [http://www.amazon.com/World-Warcraft-Battle-Chest-Mac/dp/B000H96C9M/ref=sr_1_1?ie=UTF8&qid=1337698995&sr=8-1] expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo 3," the studio said. "We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well."
Responding to claims that even accounts using authenticators are being hacked, Blizzard added that "the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises." The studio encouraged all Battle.net users to use authenticators, and also made mention of the new "Battle.net SMS Protect" system, which allows users to monitor and maintain their accounts via text message.
The post provides a few other tidbits about the Battle.net security features and links to more information about the authenticator and SMS Protect, but what it doesn't touch on is Blizzard's policies regarding those who've been hacked. That, unsurprisingly, has led to 83 pages [and counting] of back-and-forth between players who want more information and/or an immediate resolution to their individual account breach, and those who claim that there are no hacks and that people who claim their authenticated accounts were hacked are flat-out lying.
Either way, and regardless of whether you think the company is being a bit too cavalier about the whole thing, it's not unreasonable to suggest that the release of a game of this magnitude is bound to attract an increased number of lowlifes who enjoy exploiting systems and taking things that don't belong to them. What really matters is what happens after the fact; if Blizzard can plug the leaks and take care of its affected customers in a timely and generous fashion, then all will be well in relatively short order. If not, 83-plus pages of forum anger will probably be a common sight for a long time to come.
UPDATE: In two separate posts, Diablo 3 Community Manager Micah "Bashiok" Whipple reiterated Blizzard's position that Battle.net hasn't been hacked.
"We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said in the first post [http://us.battle.net/d3/en/forum/topic/5149619846?page=29#571]. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."
About an hour later, he posted a second message [https://us.battle.net/d3/en/forum/topic/5149619846?page=32#633] saying that compromised Diablo 3 owners may have been victimized by an "orchestrated" attack intended to take advantage of a large number of people before they could react.
"It seems to me like it's the most logical way to go about it," he wrote. "Build up a list of accounts and passwords, and then hit them in a rapid succession before word can spread and people can change their passwords, add an authenticator, etc."
Users with hacked Diablo 3 accounts may seek further assistance through the "Help! I've Been Hacked!" tool at http://us.battle.net/en/security/help [http://us.battle.net/en/security/help].
Permalink
Diablo 3 security compromises are pretty much in line with what's seen during World of Warcraft expansion launches.
The inability to connect to a Diablo 3 server when you want to play the game, particularly in the hours and days immediately following its release, is no doubt a frustrating experience. But worse than that is making the connection and then discovering that some jerk got there first and swiped all your stuff. The way some people are talking about it, nearly every Diablo 3 [http://www.amazon.com/Diablo-III-Standard-Edition-Pc/dp/B00178630A/ref=sr_1_1?ie=UTF8&qid=1337698897&sr=8-1] player on the planet either has been, or is on the verge of being, hacked.
But that's not actually the case, according to Blizzard (and also the dictates of common sense), which put up a message [http://us.battle.net/d3/en/forum/topic/5149619846] earlier this morning stating that while it takes security issues seriously, the rate of complaints isn't actually any worse than that of its other online game.
"Historically, the release of a new game -- such as a World of Warcraft [http://www.amazon.com/World-Warcraft-Battle-Chest-Mac/dp/B000H96C9M/ref=sr_1_1?ie=UTF8&qid=1337698995&sr=8-1] expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo 3," the studio said. "We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well."
Responding to claims that even accounts using authenticators are being hacked, Blizzard added that "the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises." The studio encouraged all Battle.net users to use authenticators, and also made mention of the new "Battle.net SMS Protect" system, which allows users to monitor and maintain their accounts via text message.
The post provides a few other tidbits about the Battle.net security features and links to more information about the authenticator and SMS Protect, but what it doesn't touch on is Blizzard's policies regarding those who've been hacked. That, unsurprisingly, has led to 83 pages [and counting] of back-and-forth between players who want more information and/or an immediate resolution to their individual account breach, and those who claim that there are no hacks and that people who claim their authenticated accounts were hacked are flat-out lying.
Either way, and regardless of whether you think the company is being a bit too cavalier about the whole thing, it's not unreasonable to suggest that the release of a game of this magnitude is bound to attract an increased number of lowlifes who enjoy exploiting systems and taking things that don't belong to them. What really matters is what happens after the fact; if Blizzard can plug the leaks and take care of its affected customers in a timely and generous fashion, then all will be well in relatively short order. If not, 83-plus pages of forum anger will probably be a common sight for a long time to come.
UPDATE: In two separate posts, Diablo 3 Community Manager Micah "Bashiok" Whipple reiterated Blizzard's position that Battle.net hasn't been hacked.
"We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said in the first post [http://us.battle.net/d3/en/forum/topic/5149619846?page=29#571]. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."
About an hour later, he posted a second message [https://us.battle.net/d3/en/forum/topic/5149619846?page=32#633] saying that compromised Diablo 3 owners may have been victimized by an "orchestrated" attack intended to take advantage of a large number of people before they could react.
"It seems to me like it's the most logical way to go about it," he wrote. "Build up a list of accounts and passwords, and then hit them in a rapid succession before word can spread and people can change their passwords, add an authenticator, etc."
Users with hacked Diablo 3 accounts may seek further assistance through the "Help! I've Been Hacked!" tool at http://us.battle.net/en/security/help [http://us.battle.net/en/security/help].
Permalink
