Diablo 3: Blizzard Server HACKED!

Ok, so we all can expect some glitches here and there, and we all know how to take some basic prevention in order to keep our accounts safe. But what happens when the problem isn't us, it's the game company? This is what's happened to Blizzard and Diablo 3.

Diablo 3, Professional Gold and Leveling services

Blizzard has stated that the RMAH will likely go live on May 22nd, but with the now recent breach and a WORKING DUPE BUG, we figure the RMAH is going to be delayed, yet again. In fact, if Blizzard isn't able to recover the missing gold and items, there is a good chance that the RMAH will never get off the ground. What's holding it up? PayPal! They are concerned about digital items in the first place, and Blizzard promised them a safe mode of delivery and security.

Quote: Forbes

The reports are starting to filter in from users on the Battle.net user forums. Missing gold, characters stripped naked, items vanished into thin air. What’s happening to Diablo 3 players’ gear and gold?

Blizzard is rolling back affected accounts often resulting in whatever progress players made between the account changes to the rollback being lost. That means thousands of gold, multiple levels, and possibly valuable equipment simply gone forever.

At first this looked like it might have been yet another glitch on the Blizzard servers. Now it looks like we’re dealing with something far more nefarious: hackers exploiting security flaws in Diablo 3 and stealing peoples’ virtual items in order to sell them later in the Real-Money Auction House.

Eurogamer reports that there have been multiple reports of hacked accounts sprouting up online, including a hacked account of one of their own writers, Christian Donlan.

“The reports coincided with the EU Diablo 3 servers going offline on Sunday afternoon for around four hours,” Eurogamer reports, “preventing players from logging in (error 33). It has been suggested that the EU servers were taken offline following a SQL injection attack, but this remains unconfirmed.”

They continue: “One theory suggested by players on the Battle.net forum revolves around hijacking session identifiers, which would allow hackers to take over accounts without alerting Blizzard’s authentication server. Again, this remains unconfirmed.”

Whatever the case, Blizzard authenticators don’t seem to be working properly, allowing hackers to bypass the system entirely.

So far Blizzard has only offered users the roll back of their accounts. No official word on what’s going on with player accounts or what security measures the company is taking. I’ve reached out to Blizzard for comment and will update when and if they respond.

I can only imagine how frustrating this would be, having not had an account breach (yet) myself. Hopefully whatever is happening, Blizzard puts an end to it quickly.

If this is a matter of digital thieves taking advantage of the RMAH, it certainly raises concerns about the security of such an in-game system, and the bad black market incentive it creates.

I am beginning to wonder if the constant lag spikes aren't in part due to the DDOS that D3 players have also experienced.

More on this subject: http://translate.google.dk/translate?sl=da&tl=en&js=n&prev=_t&hl=da&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.eurogamer.dk%2Farticles%2F2012-05-21-hackere-lukkede-diablo-3-server-i-gaard (note that an authenticator won't help deter hackers).

Quote: a nameless hacking site

An exploit was discovered by duplicating a session ID. Basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anything. If you play with people, try not to play in public games.

Talonz D3 Guide and Coaching Videos

Leave a Reply

Your email address will not be published. Required fields are marked *