This may be a bit TL;DR, but I want to try to address as much here as possible...
We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.
Additionally, as we mentioned before:
Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.
For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email
hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.
06/04/2012 05:55 AMPosted by Vadoff
There have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.
We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated thus far, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.
While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.
It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.
06/04/2012 12:37 AMPosted by ibchris
just happened to me..bunch of bs..
I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our restoration policy for Diablo III and contact customer support as soon as possible.
That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.
Sharing login information:
Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information
or how secure their own computer system might be.
Email and password security:
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.
Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you dont use for any other online service.
Phishing scams:
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.
While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.
You can learn more about how to identify these kinds of scams here.
Keyloggers:
You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.
To best protect your account against this kind of malware, you'll want to:
Install antivirus and anti-spyware software. If you're unsure of what software might be best for you, check out our support site for a list of recommendations. Please make sure that you regularly update any antivirus or anti-spyware programs you're using, so that they're able to identify the latest malware threats
Keep your browser up to date. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter.
Keep your browser plug-ins up to date. Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. While most plug-ins will prompt you automatically when updates are available, it's a good idea to check the distributor wesite periodically to make sure you're running the latest versions.
Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the browser's Tools menu.
For more information on account security in Diablo III, be sure to check out the following resources:
Diablo III Launch Update
Battle.net and Account Security
Account Security Homepage