Jump to content
Sign in to follow this  
Captain Awesome!

Battlenet account banned!

Recommended Posts

Below is a copy of a "ticket" that, Captain Awesome, submitted to having his Diablo 3 account banned.

 

Suffice it to say that Awesome have never hacked on Battlenet, Diablo or anything else. Unfortunately there is a character limit when submitting tickets, so the language isn't perfect, but he's sure you get the gist:

 

"I played the game for a period of a couple of weeks immediately after release, after which I attempted to play again today. I thought I'd give Reaper of Souls a go after hearing that a number of featured or discarded. Not least of which is the Auction House.

 

To be completely frank, I am disappointed with Blizzard for building in this vulnerability to the game. I did receive (and ignored) a number of emails which may or may not have been legitimate, asking me to reset my password. I did not respond because, at the time, I wasn't playing the game, and thought that there was as much chance that the emails I was receiving were phishing as legitimate.

 

Whilst I playing the game I did not use the online features. It is highly irritating to me as a single player customer to have online features forced upon me for which I have no use, and which serve only as a barrier to entry into the game. The result of this, in my opinion, is that, in creating the Auction House, Blizzard created an economy that was attractive to hackers and, by forcing single players to be online, exposed those players to having their security compromised by the very hackers that Blizzard attracted.

 

The net result is that I am now not allowed to play a game for which I paid a substantial amount of money for (around AUD$80), and now am forced to "appeal" like some sort of criminal.

 

Can you see how this is problematic?

 

In 30-odd years of gaming I have never had my account banned and this is the first time that any account has, evidently, been hacked.

 

Honestly, I'm past the point of caring whether you reinstate my account. If you do, great! If not, I guess I won't be able to purchase any more of your Diablo products, and will extremely wary of purchasing more Blizzard products in future. If developers such as yourself are going to continue in this way, then perhaps a little lost revenue might be a good way of illustrating why forcing such "features" onto players are a bad idea."

 

As you can see, Awesome is quite awesomely annoyed with the whole debacle.

 

What do you think? Do you agree with these awesome points or do you see things differently?

Edited by Captain Awesome!

Share this post


Link to post
Share on other sites

Looks to me like you're so busy trying to convey your self-importance and moral outrage that you've all but completely omitted any explanation of what your bloody problem is!

Edited by Catweazle

Share this post


Link to post
Share on other sites

I have had many emails like resetting password too ,usually Phishers are too blame .

 

What i did was contact Blizzard by their GM channels they where very helpful in understanding the issues. They even advised me to change email address which i did and now spamming had ceased . And too even backup my security i bought an Authenticator which is annoying due adsl router/ modem retraining all the time. But i can sleep knowing my account is safe and well.

 

Up too 3 weeks ago i thought it was safe until i found someone in China using my old email address for playing D3 ,so i contacted Blizzard and they shut him down.

 

The point is if you get one of those emails confirm it with GM's at Blizzard and never trust an email with links in it about passwords resets.

Share this post


Link to post
Share on other sites

so the tldr is that its silly that offline players have to log in online; and that we're forced to be 'exposed' to online risks to play single player?

 

If so, yeah, everyone on the bloody planet has said that from day1 with bloody Diablo.

It was highlighted when it was new and we kept getting DC's from a game we bought when playing single player.

Share this post


Link to post
Share on other sites

Most phishing emails will have pretty absurd URLs if you hover over the links in them.

 

The legit ones should tell you that you need to log in to your bnet account and do it.

 

Same for pretty much any account warning system, I think? Shrug.

Share this post


Link to post
Share on other sites

Most phishing emails will have pretty absurd URLs if you hover over the links in them.

 

The legit ones should tell you that you need to log in to your bnet account and do it.

 

Same for pretty much any account warning system, I think? Shrug.

Blizzard denies it, but I reckon that the problem is at their end.

 

I use a unique password for my email, and one that is a long Aboriginal place name. So unless hackers are "brute forcing" obscure Aboriginal names, they didn't get in through my email account.

 

As mentioned, I did receive a number of emails, but I ignored all of them at the time because I wasn't playing the game. So That rules out the possibility of following a malicious link.

 

Which leaves only two options that I can think of - someone hacked or leaked Blizzards databases (unlikely but possible) or, more likely, my account was password was "brute forced".

 

Either way, Blizzard created an unnecessary vulnerability in my opinion. I appreciate that many people use and like the online capabilities, but there is no reason why those capabilities couldn't have been handled from "in game". You want to play online, you log on after starting the game. This would have isolated the threat to those people using the capabilities, and what I understand to be the vast majority of players who play single player could do so offline with the added benefit that they wouldn't have to jump through the hoops just to play single player or be subject to fairly regular server outages.

 

Anyway, that's the way the world is going, full online play that acts as a quasi-DRM.

Edited by Captain Awesome!

Share this post


Link to post
Share on other sites

You're an old user under a new name arent you..... ive had someone tell me their password was an obscure aboriginal name too... hmmmmm

Share this post


Link to post
Share on other sites

"I played the game for a period of a couple of weeks immediately after release, after which I attempted to play again today. I thought I'd give Reaper of Souls a go after hearing that a number of featured or discarded. Not least of which is the Auction House.

 

To be completely frank, I am disappointed with Blizzard for building in this vulnerability to the game. I did receive (and ignored) a number of emails which may or may not have been legitimate, asking me to reset my password. I did not respond because, at the time, I wasn't playing the game, and thought that there was as much chance that the emails I was receiving were phishing as legitimate.

 

Whilst I playing the game I did not use the online features. It is highly irritating to me as a single player customer to have online features forced upon me for which I have no use, and which serve only as a barrier to entry into the game. The result of this, in my opinion, is that, in creating the Auction House, Blizzard created an economy that was attractive to hackers and, by forcing single players to be online, exposed those players to having their security compromised by the very hackers that Blizzard attracted.

 

The net result is that I am now not allowed to play a game for which I paid a substantial amount of money for (around AUD$80), and now am forced to "appeal" like some sort of criminal.

 

Can you see how this is problematic?

 

In 30-odd years of gaming I have never had my account banned and this is the first time that any account has, evidently, been hacked.

 

Honestly, I'm past the point of caring whether you reinstate my account. If you do, great! If not, I guess I won't be able to purchase any more of your Diablo products, and will extremely wary of purchasing more Blizzard products in future. If developers such as yourself are going to continue in this way, then perhaps a little lost revenue might be a good way of illustrating why forcing such "features" onto players are a bad idea."

I have no trouble assuming that this righteous indignation found its way directly into the trash.

 

Perhaps if you were less of a cunt towards the lowly customer service reps that have to deal with this garbage on a daily basis, they'd be more willing to help you.

 

Not to say your concerns are unjustified, but communicating like you have here is not how you win friends and influence people.

Share this post


Link to post
Share on other sites

To be fair squall, its not something you think of unless you've worked in an office environment.

 

Only now am I realising how refreshing it is to get a "Hi mate, hows things? Ive been having a hell of a time with X, which is supposed to be doing Y, can you help?" as opposed to a "Dear Mr XYZ, I am writing to inform you"

Share this post


Link to post
Share on other sites

To be fair squall, its not something you think of unless you've worked in an office environment.

 

Only now am I realising how refreshing it is to get a "Hi mate, hows things? Ive been having a hell of a time with X, which is supposed to be doing Y, can you help?" as opposed to a "Dear Mr XYZ, I am writing to inform you"

Either of those are preferable to the very first piece of correspondence being a pious rant about the company's decisions and what you believe they "force" on people, and what they "should" do.

Share this post


Link to post
Share on other sites

At the end of the day, Captain Awesome would have known full well that he was purchasing an "always online" product, no one forced him to buy it. I hope the blizzard customer support guys got a good laugh out of the email before they deleted it :P

Share this post


Link to post
Share on other sites

I get tons of emails about resetting passwords on my Diablo and WOW accounts from Battlenet... which is interesting because I don't have either game.

 

But yes, I am with you that when I buy a game for the solo experience it shouldn't be forced on me to sign up online.

 

For example the "Wargame" series. I don't want to play that game online (yet) so it's good that I'm not forced to register.

 

Games like DOWII annoy me too. I don't want to have to register for a Microsoft Live profile thanks. And I personally think there should be a different description for "online registration required" vs "online account required"

 

But in many cases you are warned (as NukeJockey said) - so simply do not buy the game. That's what stopped me buying Ubisoft games. "Always online" is simply not an option for me when I buy single player games.

 

 

 

 

But in case you don't know - there was a video on YouTube a couple of years ago interviewing a Goldfarmer who explained how people get hacked:

(This is pretty obvious stuff - but I'll repeat it since many people apparently don't know!?)

 

You buy a game.

You create a game account with Username <XYZ> and password <ABC> - usually game company accounts are pretty good for security.

...

You play for a while and like it, so you join an online community or fan forum - These are not so secure.

You use the Fan Forum Username <XYZ> (since that's how the community knows you!) and because you are lazy you use the password <ABC> on the fan forum too (easy to remember! amirite?)

And if you are really clever this is the same password as your email account too! That makes things much easier!

In some cases they use software with known vulnerabilities, in some cases they sell the data (legally or not) and in some cases these sites are owned by goldfarmers and hackers to begin with (yes. really.).

....

You start getting spam mail to your email address. .... hmmm how did they know that? (the one you registered on the fan forum with???)

And about a week/month later your game account gets hacked...weird.

Must be the game company's fault.

...

You get another game.... Username <XYZ> and password <ABC> (because you are lazy - and this is a different game after all...)

Bam! Hakzored!

etc etc.

And you can't figure out why?

 

So, simple solution

1/ have a 'fan forum' email which is NOT your private email. Hotmail or Gmail will do fine (That way you can dump it if you need to) Password <DEF> This is the address you use when registering on a fan forum.

2/ never use password <DEF> for anything else ever.

3/ If you are organised have a game registration email which is NOT your private email or your 'fan forum' email. Password <GHI>

4/ never use password <GHI> for anything else ever.

5/ Use a different password for each game. You can keep the same username "<XYZ>" but never use the same password twice - even a slight change will probably be enough to greatly reduce the chance of getting hacked.

 

"Hackers" and Goldfarmers keep databases matching known usernames, passwords and email addresses (everything they need to access accounts and change passwords).

Every time a new game comes out they run through this database.

So If your WoW account <XYZ> password <ABC> got hacked in 2008, then your RIFT account <XYZ> password <ABC> will be sure to be hacked in 2012 too.

 

Sound simple. So many people get it wrong.

 

If you are really keen - you can even create a new email for each forum registration and see which ones get hacked.

Speaking for myself - I started getting phishing emails after I created an account on a guild forum. Over the next year I saw many of my guild mates having problems getting hacked in other games but never the one related to that guild. Weird huh?

Edited by gyrus

Share this post


Link to post
Share on other sites

Out of curiosity, CA, did you associate a smart-phone centric (or fob-based) two-step authenticator with your bnet account?

Share this post


Link to post
Share on other sites

Perhaps if you were less of a cunt towards the lowly customer service reps that have to deal with this garbage on a daily basis, they'd be more willing to help you.

 

Not to say your concerns are unjustified, but communicating like you have here is not how you win friends and influence people.

Advice on how to win friends from a guy who called me a cunt.

 

Go fuck yourself!

 

Atomic's a friendly place.

Edited by Captain Awesome!

Share this post


Link to post
Share on other sites

Perhaps if you were less of a cunt towards the lowly customer service reps that have to deal with this garbage on a daily basis, they'd be more willing to help you.

 

Not to say your concerns are unjustified, but communicating like you have here is not how you win friends and influence people.

Advice on how to win friends from a guy who called me a cunt.

 

Go fuck yourself!

 

Atomic's a friendly place.

 

Atomic can be a friendly place, just don't expect people to sympathize with you over such an issue, when you took more effort berating a company than actually explaining your issue.

 

Especially when 1. You weren't forced to buy the game and 2. Blizzard were always very open about the always online thing well before the game was released, meaning you should have known exactly what you were buying into. You can't buy a product, knowing full well what its limitations are (in this case its always on DRM) and then complain about them. No one twisted your arm.

 

What sort of response were you expecting?

Share this post


Link to post
Share on other sites

Strange this is how Battlenet have opened your email address to everyone to see.

 

Was playing D3 last night and noticed my email address was being plastered over the general chat screen if i wanted to chat to someone.

 

I feel Battle.net opened the door to hacking when they started to force logins to World of Warcraft via email addresses. And now all games on the internet force the same thing.

Edited by codecreeper

Share this post


Link to post
Share on other sites

Strange this is how Battlenet have opened your email address to everyone to see.

 

Was playing D3 last night and noticed my email address was being plastered over the general chat screen if i wanted to chat to someone.

 

I feel Battle.net opened the door to hacking when they started to force logins to World of Warcraft via email addresses. And now all games on the internet force the same thing.

Yeah, that's not smart for the reason I gave above.

(this guy says the same thing http://us.battle.net/d3/en/forum/topic/5730073438#1)

 

It removes a level of 'security'.

 

Let's face it people are lazy/forgetful. We don't use random passwords. We use stuff we can remember. And we attach stuff to 'hooks' in our minds.

Password for games is "Game$$"

Password for Diablo 3 is "G4me"

Password for WoW is "GA^^Ez"

Password for login email address is...er... well it's for games so I guess "gammezz" will do huh?

 

Not to mention that while stuff like this remains true

https://xato.net/passwords/more-top-worst-p...s/#.Uz-eUlf4tJQ

 

giving people a target to brute force hack is just dumb.

 

Edit: and interestingly, even my 'joke' passwords above are more secure than the passwords used by most users apparently? That's a scary thought.

Edited by gyrus

Share this post


Link to post
Share on other sites

Perhaps if you were less of a cunt towards the lowly customer service reps that have to deal with this garbage on a daily basis, they'd be more willing to help you.

 

Not to say your concerns are unjustified, but communicating like you have here is not how you win friends and influence people.

Advice on how to win friends from a guy who called me a cunt.

 

Go fuck yourself!

 

Atomic's a friendly place.

 

I didn't call you a cunt.

 

I said you were being one in the email you sent to blizzard.

 

There's a difference. Based on all your other posts here, I have no reason to believe you are a cunt in general.

Share this post


Link to post
Share on other sites

Im sure the support staff where falling over themselves running to deliver your outrage about the online delivery of the game to the game developers. Threatening to boycott their future products is always a good way to get your point across.

 

Did you download the FREE mobile authenticator program? Im pretty sure the hacking issue was identified a few years ago (when it was anounced it will be an always online game) and blizzard said that everyone should have an authenticator to stop people from hacking. They even said everyone who has been hacked has not had an authenticator.

 

A good rule of thumb for every system you need to remote into via the wild internet needs an extra level of protection, i have been using authenticator tokens for work for years.

 

 

TL:DR

 

"I am disappointed with Blizzard for building in this vulnerability to the game."

 

Blizzard releases mobile and token Authenticators, they are super effective!

Share this post


Link to post
Share on other sites

Strange this is how Battlenet have opened your email address to everyone to see.

 

Was playing D3 last night and noticed my email address was being plastered over the general chat screen if i wanted to chat to someone.

you can't be too concerned if you haven't worked out what a battletag friend is and what a realid friend is.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×