Jump to content
Can't remember your login details? Read more... ×
Sign in to follow this  
Guest xyzzy frobozz

Diablo III hacking debacle

Recommended Posts

Guest xyzzy frobozz

G'day all,

 

I bought D3 through Blizzard's website only last week and have only played it very lightly. I played 4 characters all up until I settled on the Witch Doctor and on Saturday night got through to beating the Skeleton King. At that point the game said to me something to the effect of "Thanks for completing the Starter Edition, to continue playing buy the complete game". I was quite surprised at this, as $89 seemed a fair whack to have paid for a couple of hours gaming, so I clicked through to the Blizzard website and my account stated that I had the "Standard Edition". I Googled the message and it would seem that there is a bug for affecting some people buying the game digitally that pops up from time to time not allowing them to proceed beyond the Skeleton King.

 

Blizzard says they're "working on it".

 

At this point I'm thinking to myself what a fucking disgrace it is that buying a game direct from the company's own website still doesn't ensure that you can play the bloody game. But they're "working on it" (no time-frames given of course), so I tell myself to give them a couple of days to sort it out before spitting the dummy.

 

Fast forward to Monday morning and I log into my Hotmail account, and receive the following email:

 

From: Blizzard Entertainment (noreply@battle.com)

Sent: Sunday, 24 June 2012 10:56:59 PM

To: xxxx@hotmail.com

 

Dear customer,

 

This is an automated notification sent from our account security system. You logined your account successfully at 4:27 on June 23th form the 125.87.108.* range, but our system shows the 125.10.151.* IP range exists a large number of hackers. As too many customer complaints, the 125.98.104.* IP range has been blacklisted.

 

We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, visit click:

https://www.battle.net/account/support/password-verify.html

 

website fill out some information to facilitate our investigation.

 

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

 

Sincerely,

Blizzard account system

Blizzard Entertainment

 

-----------------------------------

 

 

Thinking that this is related to the problem above, I don't hesitate to click through to sort the problem out. When I do that, Chrome blocks the page and states that it is a suspected phishing site. I don't proceed through to the site and go back to my Hotmail, and I notice a couple of bits there that would indicate that this may indeed be a phish - poor grammar and spelling errors that aren't immediately apparent when first skimming over the email. However, when you look at the address, the domain is www.battle.net. so it would seem legit. Just to be sure, I log into battle.net and manually go through to my account. There is no indication there that there are any issues with my account. Finally, if I copy and paste the link provided in the email into my browser, I get an error message that asks me to click back to account management.

 

Confused? Me too.

 

I have updated web and virus protection by Kaspersky. If my account is hacked, the only way that I could explain that happening is that it is Blizzard that has been hacked or, possibly, that hackers have found a way in through the game itself. Perhaps the first issue of not being able to advance past the Skeleton King is unrelated to the email, but it all seems a little odd to me. I remain unsure about whether the email I have received is legitimate or not.

 

I can't help but think that Blizzard has created a rod for it's own back by enforcing an always connected policy for the game. Supposedly this was intended to prevent hacking (It's not DRM, honest! - Blizzard Entertainment). Well, rather ironically, it seems to have not worked; on the contrary, in my opinion, it has created conditions for hackers to thrive. So what am I left with here? A game that I have to be logged onto to play to prevent hacking that would now clearly seem to have been hacked, and one that I'm not allowed to play beyond a very early point in the game. And, referring to the email, if the email is indeed from Blizzard, how can they possibly argue with a straight face that "Account security is solely the responsibility of the accountholder (sic)" when, presumably, they're holding account details on their servers? If my account has indeed been hacked, this would be the first time in many, many years of online gaming that I've had an account hacked. I've not shared my account details with anyone except Blizzard to:

 

a) Sign up on Battlenet and;

b) Log into the game

 

So, given the above, while it is possible that it is my PC that has been hacked, I find it far more likely that it is Blizzard that has been hacked. Am I supposed to believe that someone has gone about planting what appears to be an untraceable malware on PCs all around the world on the off chance that they might infect one that just happens to have Diablo III installed? I find that highly unlikely. More likely there are security flaws in their servers, or the game itself that makes identification of my account possible. Again, when you enforce a "must be online to play policy", how can you state that security is the sole responsibility of the account holder?

 

Or is there someone at Blizzard who knows the flaw and has opened a back door and invited the hackers in?

 

I go back to Blizzard creating the conditions for hackers to abuse the system. I know that this is easy to say in hindsight, but who didn't see this coming?

 

By monetising content by way of the auction house, and enforcing an online policy, Blizzard painted a huge glowing neon target on this game's virtual head. Once the auction house gets rocking and rolling, I'm willing to bet that there will be millions, perhaps tens of millions, of dollars in transactions flying about. All of these transactions will begin and end on Blizzard's servers. Hackers only have to get their hands on a very small percentage of those transactions and it becomes a pretty profitable malarkey. If hackers have managed to find and exploit vulnerabilities in organisations as diverse as international corporations, government and non-government organisations and intelligence agencies, did Blizzard seriously think that it could guarantee watertight security? By enforcing an online only policy, Blizzard has created the vulnerability that has the potential to erode confidence in the use of it's service, and invites crooks to steal money from it's customers.

 

Some security!

 

Well done Blizzard. What a fucking shambles.

Edited by xyzzy frobozz

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

Blizzard haven't been hacked.

 

You haven't been hacked.

 

http://en.wikipedia.org/wiki/E-mail_spoofing

 

You're account is fine.

 

http://us.battle.net/d3/en/forum/topic/5911721680

 

Be sure you have SMS security and B.net Authenticator attached.

OK, thanks for that information.

 

I still stand by the thrust of what I wrote though - Blizzard have created the conditions for this sort of stuff to occur for no good reason that I can tell other than as a DRM mechanism. A question that I would ask is, if there has been no compromise of D3 accounts, how the hell did the bad guys know to email me? This is either a legitimate email from Blizzard, in which case accounts have been hacked, or it is a fake email, in which case Blizzard's user database has been compromised at the very least. Either way, it's a bad look.

 

Whatever the truth of the matter is, you'd have to agree that it all adds up to a pretty negative user experience, and one that seems to come about from an unecessary implementation of "security".

Edited by xyzzy frobozz

Share this post


Link to post
Share on other sites

The following errors should be MASSIVE red flags suggesting that this email was far from genuine:

 

From: Blizzard Entertainment (noreply@battle.com)

Sent: Sunday, 24 June 2012 10:56:59 PM

To: xxxx@hotmail.com

 

Dear customer,

 

This is an automated notification sent from our account security system. You logined your account successfully at 4:27 on June 23th form the 125.87.108.* range, but our system shows the 125.10.151.* IP range exists a large number of hackers. As too many customer complaints, the 125.98.104.* IP range has been blacklisted.

 

We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, visit click:

https://www.battle.net/account/support/password-verify.html

 

website fill out some information to facilitate our investigation.

 

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

 

Sincerely,

Blizzard account system

Blizzard Entertainment

 

-----------------------------------

Further, your IP range was not in any of the quoted compromised ranges, and in any event IP range is not a predictor for whether an account is likely to be compromised for any common attack...

Share this post


Link to post
Share on other sites

your email was probably on some data base when you signed for a newsletter or something - probably related to gaming in some way. with many millions of people having d3 or wow, there chances of emailing someone with an account is pretty high (that's my theory anyway). I've had a blizzard account since wow was released and i get emails on my Hotmail account even though my account is through my internet provider ;)

 

but re read what dysfunction said nor blizzard or yourself have been hacked.

 

edit: I'll also point you here:

http://us.battle.net/en/security/

Edited by corky

Share this post


Link to post
Share on other sites

TBH i ignore most emails in regards to my account i get from blizzard, i assume most things i get from blizzard are fake emails and if i everythink anything might be wrong, i log into my account which is normally fine, if i still think anything is a miss from there i will find an email adress for blizzard support off there website and email them directly asking if anything is wrong.

 

That little process has saved me alot of grief with fake emails.

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

your email was probably on some data base when you signed for a newsletter or something - probably related to gaming in some way. with many millions of people having d3 or wow, there chances of emailing someone with an account is pretty high (that's my theory anyway). I've had a blizzard account since wow was released and i get emails on my Hotmail account even though my account is through my internet provider ;)

 

but re read what dysfunction said nor blizzard or yourself have been hacked.

Cool. I get what you're saying, but I would question whether Blizzard hasn't at least had it's user lists compromised. It's interesting to note that, on all of my email adresses (I have three), this is the only one that has receivedsuch an email. It also happens to be the email address that I log into D3 with. This is supposedly my "secure" email address that I use for logins, and where I sign up to forums or newsletters, I do so with an alternate address for that very reason.

 

I'm not saying you're wrong and I'm willing to accept the possibility that they just so happened to know my email address, and just so happened to know that I had Diablo 3, and just so happened to know that I logged into the game at approximately the time they mention in the email, and just so happened to send an email to the one of three email addresses that I use to log into Blizzard with. It just seems like a hell of a coincidence. A little too coincidental that I've never received emails like this for any other game that I either own or don't own, and a little too coincidental for me to really believe wholeheartedly that it is just a coincidence.

 

Again, I just can't help but feel that a lot of this could have been avoided had they chosen not to "protect" the game in the way in which they have. It's a convergence of events that is either extremely unfortunate at best, or extremely suspicious at worse, and it's been brought about by their decisions around having to play the game online.

 

EDIT:- Grammar

Edited by xyzzy frobozz

Share this post


Link to post
Share on other sites

your email was probably on some data base when you signed for a newsletter or something - probably related to gaming in some way. with many millions of people having d3 or wow, there chances of emailing someone with an account is pretty high (that's my theory anyway). I've had a blizzard account since wow was released and i get emails on my Hotmail account even though my account is through my internet provider ;)

 

but re read what dysfunction said nor blizzard or yourself have been hacked.

Cool.

 

I get all that, and I'm willing to accept the possibility that they just so happened to know my email address, and just so happened to know that I had Diablo 3 and just so happened to know that I logged into the game at approximately the time they mention in the email. Even if it does seem to be a hell of a coincidence. It also seems a little too coincidental that I've never received emails like this for any other game that I either own or don't own.

 

But, again, I just can't help but feel that a lot of this could have been avoided had they chosen not to "protect" the game in the way in which they have. It's a convergence of events that is either extremely unfortunate at best, or extremely suspicious at worse, and it's been brought about by their decisions around having to play the game online.

 

Just looked in my junk email, 15 emails from Blizzard Entertainment alerting me to all kinds of account activity. Not one genuine though :)

Unfortunately their customers are easily exploited, and the explotation can be profitable.

 

There is little point in doing this with other games, as there would be no profit.

 

I think that is why blizzard games are targeted so aggressively by scammers, hackers and botters.

 

Edit: Don't get me wrong, I agree with you Blizz have fucked up big. Using email address as the primary login is a big fuck up to begin with.

I feel sorry for most of the people who've been taken advantage of, however obvious the con may have been.

 

Its been happening in WoW for years, login one day, all your shit is gone. They have the technique down, they can just apply it to D3 now too. If you have a wow account, bonus for them, two accounts for the price of none.

 

Edit2: This looks familiar.

Dear customer,

 

This is an automated notification sent from our account security system. You logined your account successfully at 4:27 on June 19th form the 125.87.108.* range, but our system shows the 125.10.151.* IP range exists a large number of hackers. As too many customer complaints, the 125.98.104.* IP range has been blacklisted.

 

We are concerned about whether your account has been stolen. In order to guarantee the legitimacy of your account, visit click:

https://www.battle.net/account/support/password-verify.html

 

website fill out some information to facilitate our investigation.

 

Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

 

Sincerely,

Blizzard account system

URL above == very dodgy link masked in HTML

Edited by p0is0n

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

There is little point in doing this with other games, as there would be no profit.

 

I think that is why blizzard games are targeted so aggressively by scammers, hackers and botters.

Yeah, I agree with you. The question I have is, do you have a number of email addresses and, if so, do you receive scam emails to just the same address that you use to log into battle.net?

 

It just seems coincidence beyond belief that all of a sudden I start getting these emails a couple of day after I sign up to an account. Just too coincidental.

Share this post


Link to post
Share on other sites

farking phishers man, i get 12 of these emails a week for WOW and D3 and others for games i've never played before as well. Buggered if i know why my email address is known to the fuckers but yeah, always check that the link goes where it says i.e. if it says https:\\bnet... but when you mouse over the link it is actually http://...

 

when my account was actually compromised I received an email but i lumped it in with all the others...week later i noticed the little green shield next to that email in my hotmail and then was able to sort it out. I reckon you did the right thing though by going direct to the blizzard/bnet website rather than following the link :) they'll warn you the account has been compromised when you attempt to log into their page.

Share this post


Link to post
Share on other sites

if you keep that line of thought going i'd say your computer has been compromised, not your account or blizzard.

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

if you keep that line of thought going i'd say your computer has been compromised, not your account or blizzard.

That's a possibility.

 

But, as I mentioned in the OP, I have updated security software, I've performed full system scans and nothing comes up.

 

So, it is possible that hackers are going around installing malware on the millions of PCs around the world in the hope they strike one that happens to have Diablo 3 installed. It's possible that they've written unique code for this malware that is undetectable by security software. But I just don't think that it stands up to Occam's razor. Furthermore, if they have infected my computer, how did they do it? Was it just by spreading a virus (the first one I've had in 3 years of owning this computer), or did Blizzard's software alert them to the fact and open a back door?

 

I think the simplest explanation is that the user lists have been compromised.

Share this post


Link to post
Share on other sites

There is little point in doing this with other games, as there would be no profit.

 

I think that is why blizzard games are targeted so aggressively by scammers, hackers and botters.

Yeah, I agree with you. The question I have is, do you have a number of email addresses and, if so, do you receive scam emails to just the same address that you use to log into battle.net?

 

It just seems coincidence beyond belief that all of a sudden I start getting these emails a couple of day after I sign up to an account. Just too coincidental.

 

I have 2 main email addresses, one "good" email and one "crap" email address.

 

I get them only at my "crap" email address which I use to sign up to forums and stuff, it's an email address i use when I am certain im going to be spammed. I use a different email for my battle.net login which receives no spam whatsoever, as its as protected as I can make it. I don't write it out in full or submit it to anywhere that isn't reputable and necessary.

 

My good email is protecting 4 WoW accounts, SC2, D3, D2+LOD, WC3+TFT and SC1+BW all of which are attached to my battle.net. I also use an authenticator for good measure.

Edited by p0is0n

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

There is little point in doing this with other games, as there would be no profit.

 

I think that is why blizzard games are targeted so aggressively by scammers, hackers and botters.

Yeah, I agree with you. The question I have is, do you have a number of email addresses and, if so, do you receive scam emails to just the same address that you use to log into battle.net?

 

It just seems coincidence beyond belief that all of a sudden I start getting these emails a couple of day after I sign up to an account. Just too coincidental.

 

I have 2 main email addresses, one "good" email and one "crap" email address.

 

I get them only at my "crap" email address which I use to sign up to forums and stuff, it's an email address i use when I am certain im going to be spammed. I use a different email for my battle.net login which receives no spam whatsoever, as its as protected as I can make it. I don't write it out in full or submit it to anywhere that isn't reputable and necessary.

 

My good email is protecting 4 WoW accounts, SC2, D3, D2+LOD, WC3+TFT and SC1+BW all of which are attached to my battle.net. I also use an authenticator for good measure.

 

OK, well there you go. Perhaps it is all a coincidence, but you'd have to agree, it's a hell of a coincidence!

Share this post


Link to post
Share on other sites

OK, well there you go. Perhaps it is all a coincidence, but you'd have to agree, it's a hell of a coincidence!

is the name you use in this special email address used by you or others else where?

 

Have you tried googling this email address just to see what comes up?

 

Does someone else have this email address in their address book?

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

OK, well there you go. Perhaps it is all a coincidence, but you'd have to agree, it's a hell of a coincidence!

is the name you use in this special email address used by you or others else where?

 

Have you tried googling this email address just to see what comes up?

 

Does someone else have this email address in their address book?

 

Good questions!

 

I'm the only user of this address.

 

There's no record of the address publicly on the intertubes (at least on Google).

 

It's quite possible that someone else would have the address saved in their address book. None of them would be "gamers" though. Not that that probably makes much difference, but they certainly wouldn't be signed up to battle.net.

Share this post


Link to post
Share on other sites

OK, well there you go. Perhaps it is all a coincidence, but you'd have to agree, it's a hell of a coincidence!

after using the same email address anywhere for a few years, chances are its going to end up on a spammers list and i think those lists are constantly being exchanged between spammers, therefore unknowingly, thousands of people could have your email in a list ready to hit with spam.

 

most D3 players are getting hacked, because when they sign up to a forum, they use their email, and they pick the same password as they use elsewhere. When the forums get hacked, and the user list exported and decrypted, they then have thousands of email+passwords to try EVERYWHERE.

 

Not just D3 and WoW but paypal, ebay, anywhere they think its worthwhile to steal from you.

 

Its certainly coincidental you got an email that happened to reflect your exact situation but not coincidental that you received it at all, if that makes sense.

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

... if that makes sense.

Yeah it does. I'm still sus, but!

Share this post


Link to post
Share on other sites

https://www.battle.net/account/support/password-verify.html

...

Finally, if I copy and paste the link provided in the email into my browser, I get an error message that asks me to click back to account management.

Sounds like you just copy/pasted the email - therefore missing the URL of the link, and the Atomic forums have auto converted your URL to a link, but NOT the same link as in the email.

 

It sounds like, in the email, the TEXT of the link is different from the URL of the link.

Think about a link which says "click here".

You're obviously not going to a place called click here (lest all of the internet is pointing there! :-P ), but instead there is a URL which you are going to.

 

Even though the text says that address, it sounds like you are actually being linked to a completely different URL.

 

The thing you tried is also a good idea (if it looks a valid URL that is) - don't CLICK the link, but copy paste the address.

And this is where you should realise what's going on - the copied text is an error on the Blizzard website BECAUSE it's not a real page.

Blizzard don't have a page there, and likely never will, and if not anything else, then THIS should key you off that this is a fake email with bad intent.

 

The reason the URL looks correct; correct domain, plausible address, etc. is because they want you to think it's valid ... and you did, hook, line and sinker!

Good think Chrome was there to help catch this attack! Consider yourself lucky, and take this as a warning.

 

If you didn't have Chrome tell you about the bad URL / phishing, then you would of found yourself on a page that looks EXACTLY like a form on Blizzard.net, but instead just sends the details onto a hacker.

 

 

It's good that you know part A of what to do: know about valid URLs, and what to look for with domains, etc.

 

Part B :: Hover over the link and check the ACTUAL place the link is going to!

 

 

I hope this helps you understand the plausible nature of the link, and what to look out for in future! :-)

Edited by ozacube

Share this post


Link to post
Share on other sites

your right ozacube, although hopefully anyone frequenting these forums knows how <a> tags work.. :)

 

FWIW heres the link in my email from "blizzard". Gmail doesn't even allow you to click the link, I had to view the source to see it.

<A href="http://eu.battle.net.login.account.security.inspection.xml.zh-bcy.in/login.html?app=wam&ref=https://www.worldofwarcraft.com/account/&eor=0&app=bam/">https://www.battle.net/account/support/password-verify.html</A>
They have enough cleverly used subdomains that at a glance it even looks legit. eu.battle.net.login.security might be all you see in the bottom left corner of your browser as you hover over the link. Edited by p0is0n

Share this post


Link to post
Share on other sites
Guest xyzzy frobozz

The reason the URL looks correct; correct domain, plausible address, etc. is because they want you to think it's valid ... and you did, hook, line and sinker!

Good think Chrome was there to help catch this attack! Consider yourself lucky, and take this as a warning.

Yep! It could'a ended badly alright. I consider myself pretty savvy with this sort of stuff, but this time around they got me.

 

It just goes to show how easily these scams work. You're right, I got lucky this time around. The convergence of events, and the fact that I've never had spam to my (no longer) "secure email" nearly brought my account undone.

 

Bullet dodged!

Share this post


Link to post
Share on other sites

Indeed. And this means:

Get an account authenticator. It really could save you from little slips like this.

 

Next: Blizzard have said that they will never send you an email with a link. They'll direct you to browse to their website yourself and check it.

 

So...

 

Glad you didn't get stung.

 

But still. Change your password. Just in case.

 

Get an authenticator. It's free if you get a smartphone download.

 

Good hunting.

 

See you in game.

 

AD

Share this post


Link to post
Share on other sites

On the topic of account security, a little something that might raise an eyebrow from the LoL hack a few weeks ago.

 

"Please use a good password. We compared encrypted password hashes and discovered that 11 passwords were shared by over 10,000 players each. A double-digit percentage of individuals had the same password as at least one other person. "

Share this post


Link to post
Share on other sites

Most people that get hacked are getting hacked because they use the same email and password everywhere on the net. Account thieves usually hack fan forums and try their password database on the diablo 3 client to see if they can log in.

 

It's also how people who buy gold from the farmers get hacked all the time. They sign up for a gold selling service and use the same email and password to create an account there. Then they buy some gold and a few weeks later they get hacked.

 

Stupidity.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×