**OFFICIAL** Diablo 3 Thread

[jzmagic]

Sounds pretty obvious that the guy lost his password if they attached WoW to his account. If it was just this "session ID" mumbo jumbo that you hear, it should have just been Diablo III that was affected as it would only provide access to that character (and the stash of course).

#1 rule of the Internet... don't trust the Internet.

Although, Blizzard's own protection mechanisms can be more annoying than not. I'm going up to Chicago this week, and I guarantee that I'll have to change my password if I log into Diablo III or World of Warcraft. I guess Blizzard's assumption that all gamers are basement dwellers doesn't necessarily pan out at times. :|

It's not as simple as "just losing your pw". My account was just compromised too. In 15 years of being on the internet, I've never once been compromised for any account, whether in gaming, bank accounts, emails, etc.

I built a brand new comp a couple of days ago before release too, and the only applications I downloaded were Chrome, Itunes, Steam, and standard benchmarks from reputable sites. Yes, I'm sure this is somehow my own fault that I got breached, when in fact thousands of others have reported the same issues.

The reality is there is a real security vulnerability in BNET that Blizz refuses to acknowledge, and it's easy to see that it's purely for financial reasons. They're trying to launch the real money auction house where paypal accounts are attached to your Blizz account. How many people would use that if they admitted to a security breach on launch week?

 

[GoStumpy]

Now I'm scared that I joined a public game yesterday :ninja:

 

[jzmagic]

Now I'm scared that I joined a public game yesterday :ninja:

People have been reporting account breaches from only private games as well. You're not safe without a mobile authenticator apparently. And even then, it is only to stop hackers from logging into your bnet account.

Most likely they will still know your account email and password, which they could use to potentially hijack more important accounts like email and bank accounts.

 

[Kalmah]

It's not as simple as "just losing your pw". My account was just compromised too. In 15 years of being on the internet, I've never once been compromised for any account, whether in gaming, bank accounts, emails, etc.

I built a brand new comp a couple of days ago before release too, and the only applications I downloaded were Chrome, Itunes, Steam, and standard benchmarks from reputable sites. Yes, I'm sure this is somehow my own fault that I got breached, when in fact thousands of others have reported the same issues.

The reality is there is a real security vulnerability in BNET that Blizz refuses to acknowledge, and it's easy to see that it's purely for financial reasons. They're trying to launch the real money auction house where paypal accounts are attached to your Blizz account. How many people would use that if they admitted to a security breach on launch week?

I'm totally with you on this. I can't imagine how anybody would have gotten my password. And Malwarebytes turns up nothing on my machine. Blizzard has a problem and they aren't admitting it.

 

[crownjules]

Most likely they will still know your account email and password, which they could use to potentially hijack more important accounts like email and bank accounts.

If you're using the same password for a game as you do your email account, you are an idiot. Get a password vault program so you can randomize your passwords and make them damn hard to brute force. It might make logging into your various accounts a lengthier process, but I'd rather that then get real money stolen because a hacker got my game password which was the same as my email password and they then had my bank send a reset email to me (them).

 

[GoStumpy]

I wonder if this has something to do with the pre-release downloadable installer????

Just a thought

 

[jzmagic]

If you're using the same password for a game as you do your email account, you are an idiot. Get a password vault program so you can randomize your passwords and make them damn hard to brute force. It might make logging into your various accounts a lengthier process, but I'd rather that then get real money stolen because a hacker got my game password which was the same as my email password and they then had my bank send a reset email to me (them).

First off I personally use different passwords for my main accounts. And secondly, there's plenty of people out there that use the same passwords for at least some of their accounts registered with the same email address. Fact of the matter is it can get pretty annoying to keep track of all your different passwords, and no they are not always "idiots" for doing that.

 

[chedrz]

Question of interest ... are the people getting hacked using the AH?

Never used the auction house. I think I browsed it for maybe 5 minutes total so far.

Sounds pretty obvious that the guy lost his password if they attached WoW to his account. If it was just this "session ID" mumbo jumbo that you hear, it should have just been Diablo III that was affected as it would only provide access to that character (and the stash of course).

#1 rule of the Internet... don't trust the Internet.

Although, Blizzard's own protection mechanisms can be more annoying than not. I'm going up to Chicago this week, and I guarantee that I'll have to change my password if I log into Diablo III or World of Warcraft. I guess Blizzard's assumption that all gamers are basement dwellers doesn't necessarily pan out at times. :|

Not sure how I could have lost my password. It's not like it's ever been written down at any point in my life. I use it for a few different things, but they're all unique variations of differing complexities including capital/non-capital letters, symbols and numbers. AV is up-to-date and Malwarebytes picks up nothing. Unless there's a keylogger hidden somewhere in the depths of my Windows installation, there's no way they got the password from me. And honestly, who would have installed one and figured out my password in less than a week?

Ouch!

Did you have an authenticator linked to your account?

Nope. I have an old smartphone (now a dumbphone) and I've never owned another Blizzard game. I saw no real need for an authenticator to play one friggin' game. I apparently thought wrong. Now have SMS notifications and the actual phone number authenticator set up.

 

[Phoenix86]

It can get to 7 seconds? How do you do that?

I'm looking for good monk builds if anyone would like to share.

The rune was nerfed to 4 seconds total so it only adds 1 second, the heal rune is better now imo. Here's what I'm using in act 1 inferno.

http://us.battle.net/d3/en/calculator/monk#bjgdXh!UYX!bcabba

11.4K dps dual wield
33K health
4K armor
276 resist

Mentioning build without stats is pointless, what works at one gear level doesn't work at others.

Certain combinations will still eat you, I'm sure this is worse in act 2 and this build might not work there. First things I'd change are the main attack and dashing strike to blinding flash if needed.

I'm looking to stack more armor resist and of course up my dps, my weapons aren't great.

 

[Rage187]

Until Blizzard figures this out, I'm not playing multiplayer. I haven't ventured outside the single player game yet anyways which apparently was a good idea.

It has to be someone on the inside. Whether that is a person or a compromised computer on their network.

 

[Fallengod]

Until Blizzard figures this out, I'm not playing multiplayer. I haven't ventured outside the single player game yet anyways which apparently was a good idea.

It has to be someone on the inside. Whether that is a person or a compromised computer on their network.

Ummm but you have to play multiplayer...D3 doesnt have single player....

And, in case you havnt seen yet, people have still gotten hacked playing solo....

 

[Phoenix86]

double post

 

[Aikouka]

It's a bit late for you but if you have a smartphone then the authenticator app is free.

Meh, I didn't use an authenticator until they added the Core Hound Pup in World of Warcraft (you got it if you had an authenticator attached). That was probably a good year or so without one.

I didn't do anything crazy other than safe browsing.

Not sure how I could have lost my password. It's not like it's ever been written down at any point in my life. I use it for a few different things, but they're all unique variations of differing complexities including capital/non-capital letters, symbols and numbers. AV is up-to-date and Malwarebytes picks up nothing. Unless there's a keylogger hidden somewhere in the depths of my Windows installation, there's no way they got the password from me. And honestly, who would have installed one and figured out my password in less than a week?

I don't literally mean that you lost it, but rather that someone took it. I typically reference the story I wrote above when I talk about how an authenticator isn't necessary, but I'm not sure if everyone keeps things as safe.

The only time I've ever had an account hacked into was when Steam got hacked, and I forgot to change my Apple account information. Although, those thieves must be god damn whizzes, because they managed to figure out my other e-mail address, which is nothing like the one that was associated with Steam. Even a Google search on the one address never turned up a place where I used the other one.

Point of that story is... these people appear to be rather crafty. Don't assume anything!

Now have SMS notifications and the actual phone number authenticator set up.

I thought they said that doesn't work with Diablo 3?

 

[DAGTA]

Add my account to the list that was compromised. I played earlier today and then took a break. During the break, I decided to install the Battle.net Authenticator on my phone and configure it to my account. Afterwards, I decided to test it and see how my auctions were going. I logged in to find a naked character and empty account.

I'm not going to do the restore as I'd rather keep today's progress. Made it to Act 4 of Nightmare today. Still on my first character. I had found one early Legendary. That was the worst of the losses.

As others have said, I keep my computer up to date and clean. My passwords are rotated and not simple. I only played in one game with people I didn't know and that was over a week ago.

I do frequent the auction house so I wonder if information linked to items sold is somehow part of the 'hack'.

 

[Bill Brasky]

Yes it will be, I have one.

I have the dial-in authenticator, FWIW, which probably isn't much to be honest.

Thanks to everyone who responded for all the info about magic find. :thumbsup:

 

[IAteYourMother]

Add my account to the list that was compromised. I played earlier today and then took a break. During the break, I decided to install the Battle.net Authenticator on my phone and configure it to my account. Afterwards, I decided to test it and see how my auctions were going. I logged in to find a naked character and empty account.

I'm not going to do the restore as I'd rather keep today's progress. Made it to Act 4 of Nightmare today. Still on my first character. I had found one early Legendary. That was the worst of the losses.

As others have said, I keep my computer up to date and clean. My passwords are rotated and not simple. I only played in one game with people I didn't know and that was over a week ago.

I do frequent the auction house so I wonder if information linked to items sold is somehow part of the 'hack'.

We need some sort of support group

 

[chedrz]

I thought they said that doesn't work with Diablo 3?

It's shown as an option, so I'm using it. Whether it works or not remains to be seen. I got somewhat lucky in that my mule and low-level Monk didn't get touched, even though they had some extra equipment in storage.

I'm also lucky enough to have a friend who's been at 60 and making inferno runs for a while now, so he hooked me up with some WD equipment he had sitting around. I'm almost back up to where I was before, but I'm still missing MASSIVE quantities of jewels/high-level armor/crafting pages.

 

[OCNewbie]

I had gotten a Monk to lvl 26, the very beginning of Act 3, and was kinda bored with him. I created a WD, got to level 5, then got a DH to ~17, then worked on a Barb. My Barb is 31 or 32 in Act 4, normal, and I am having a blast. He just melts faces. His AE attacks are just insane. I think I'm doing like ~630 DPS when I have all my buffs going, which aren't too hard to maintain. I love revenge too, for the heal/rage fill (which gives me my other +25% damage bonus, when rage is full).

 

[Kalmah]

I'm getting tired of waiting on my rollback. It's been about 24 hours now. I love how the DRM protects Blizzard's sales but fucks me over at the same time.

 

[j&j]

add me to the fucking list, fuck. seriously what the fuck.

I have only ever played with two friends, never public, ever. never used the auction house.

fuck

 

[j&j]

I think it's far more likely, given all of the bugs that Blizzard has had with D3 and their servers, that no one's hacking anything. It's more likely that your items are simply lost in some database somewhere, where an index got changed or a primary key didn't update properly or a foreign key didn't save properly.

I think this is a far more likely scenario than mass hackings. Honestly, I'm surprised I haven't seen more speculation of a simple bug.

Items would be tied to a character (stash tied to account) via a simple primary/foreign key pair. One misconstructed query on one server instance related to a save routine (probably when you exit a game) would explain why it's relatively random and only affects some characters on some accounts.

it's not a fucking bug dude, wake the fuck up. you can see the hackers/accounts that took your shit in your recent played list.

 

[Soccerman06]

Does inferno cows have the same drop set as a4?

 

[Anubis]

yea i really don't have any idea what is causing people to get compromised, i use the crap put of the AH and i'm still fine, i've had an authenticator for like 4 years (whenever they came out) never had an issue

 

[DAGTA]

yea i really don't have any idea what is causing people to get compromised, i use the crap put of the AH and i'm still fine, i've had an authenticator for like 4 years (whenever they came out) never had an issue

Until about a week ago, I didn't know the authenticator existed. Haven't played a Blizzard game since D2. Perhaps information about the authenticator should be included with the game install / setup.

 

[Kalmah]

add me to the fucking list, fuck. seriously what the fuck.

I have only ever played with two friends, never public, ever. never used the auction house.

fuck

I'm reading a lot of bullshit going on all over the place concerning this. People are saying that posts are being instantly deleted on the official forum that mention being hacked even with an authenticator. If you just sit around and hit refresh you'll catch them in between refreshes then see them disappear. Fanyboys are flaming all constructive criticism and downvoting anything and everything to oblivion on reddit.

At the rate that this is occurring it's astonishing. Blizzard has a problem and are doing their best to keep it on the downlow while they figure it out I think.