There are SO many arguments in this thread about whose fault it is that your account gets hacked...
Which is kind of sad because I think they COMPLETELY miss the point.
Why do you guys think D3 accounts getting hacked is "news?" Battle.NET accounts get hacked ALL THE TIME. You're not going to see all this discussion because someone's WoW account got hacked...trust me. It's like a daily occurence.
The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked. You simply weren't exposed to it at all.
But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO. Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.
So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player. Discussing who is at fault for the hacking is pointless, that's not what this is really about. This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.
This.
Dubya can say "well this wouldn't stop the problems", and he is right, to a point. It wouldn't stop it from those who play online. Want to do a LAN party for friends on Diablo on your own network? You could in previous versions. You can't now. You have to only use Blizzard. want to play single player? You have to connect to Blizzard first.
Blizzard left the door wide open on this. If they didn't think this through to provide some extra layers of protection, they deserve some blame. Whether it is something like what Steam does (email to your account if you are logging in from another IP with a code), or something else, whatever.
What you have here are people who were playing solo, didn't want to play online, and their account got compromised, in a way that simply wouldn't happen in D1 or D2. not because of advances in tech (most of these hacks are pretty low-tech), but because of a design feature that Blizzard made, for no other reason than they wanted to ring people into the RMAH.
Even something as simple as forcing authenticators with every login would fix a lot of the problems. Hacking, like pirating, will always occur, and any strategy that will "eliminate it" might as well eliminate gravity. yet there are simple things that can be done to mitigate the damage this causes, on both the "end user" side, and the "company" side.
There are SO many arguments in this thread about whose fault it is that your account gets hacked...
Which is kind of sad because I think they COMPLETELY miss the point.
Why do you guys think D3 accounts getting hacked is "news?" Battle.NET accounts get hacked ALL THE TIME. You're not going to see all this discussion because someone's WoW account got hacked...trust me. It's like a daily occurence.
The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked. You simply weren't exposed to it at all.
But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO. Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.
So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player. Discussing who is at fault for the hacking is pointless, that's not what this is really about. This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.
This.
Dubya can say "well this wouldn't stop the problems", and he is right, to a point. It wouldn't stop it from those who play online. Want to do a LAN party for friends on Diablo on your own network? You could in previous versions. You can't now. You have to only use Blizzard. want to play single player? You have to connect to Blizzard first.
Blizzard left the door wide open on this. If they didn't think this through to provide some extra layers of protection, they deserve some blame. Whether it is something like what Steam does (email to your account if you are logging in from another IP with a code), or something else, whatever.
What you have here are people who were playing solo, didn't want to play online, and their account got compromised, in a way that simply wouldn't happen in D2 or D3. not because of advances in tech (most of these hacks are pretty low-tech), but because of a design feature that Blizzard made, for no other reason than they wanted to ring people into the RMAH.
These accounts aren't necessarily hacked but more likely easily guessed by other players who already have their login names via places like the forums. Once they got a login name they use a bot to try thousands of passwords to try login to that account.
I do not get why they say acounts were "hacked" when most of the time the person with the acount either recived a keylogger or just plain out gave their info threw scams. So much missleading info flying around its makes me want to throw up. Buy a authenticator and dont use the password jim1234 and the chances of anything happening to your acount goes down the drain.
Dunno if anyone's mentioned this, but it has just come out recently as well that Battle.net passwords aren't case-sensitive. What the hell kind of idiot made that call? It's one of the most basic possible security measures one can take! Even SONY isn't that fucking stupid!
I'm loving Diablo 3, but I'm pissed off as all hell at Blizzard. It's pretty goddamn obvious they're letting the interns handle network security over there. If I lived anywhere near their HQ I'd be over there wanting to smack the security lead upside the head for sheer dumb-fuckery.
I really can't put into words how pissed off I am about that. Of all the... Jesus, no wonder people are having trouble.
The really funny part, is that the CM's response was "Oh yeah, works like that for all our games! Try it in SC2 and WoW too! "
::sigh:: ::Dusts off the pic from the Real Id kerfuffle::
"You do it to yourself, you do And that's what really hurts Is that you do it to yourself Just you and no one else You do it to yourself You do it to yourself"
Maybe if these twonks would stop trying to be the Facebook/Twitter/Google of gaming and just go back to focusing on making GOOD games instead, they wouldn't get their teeth knocked out every time they turn around.
i recommend just staying away from gaming in multiplayer mode - and not buying gold. i can't imagine how anyone could hack my account if they dont know it exists...
I still think the it is in the public chat not the games.
Wish someone would ask this on the offical forums. If you were hacked did you use public chat? What channel?
In OB I got this message I was logged in form a different location, got booted and the only thing I did was go to open chat. Didn't think much of it because I was back in game nothing missing or anything out of the ordinary. I think the hackers were testing their program at that time to see if it worked.
There are SO many arguments in this thread about whose fault it is that your account gets hacked...
Which is kind of sad because I think they COMPLETELY miss the point.
Why do you guys think D3 accounts getting hacked is "news?" Battle.NET accounts get hacked ALL THE TIME. You're not going to see all this discussion because someone's WoW account got hacked...trust me. It's like a daily occurence.
The D3 account hacks are "news" because if you were just playing D1 or D2 single player, your account could NEVER be hacked. You simply weren't exposed to it at all.
But with D3, you are forced to be exposed to all the annoying things that go along with being an MMO. Lag, account hacks, disconnects, inability to play offline, server outages, etc. etc.
So the news of these account hacks is just another reminder that you are forced to deal with this crap in D3 even if you want to play single player. Discussing who is at fault for the hacking is pointless, that's not what this is really about. This is really about being forced to play single player online and being exposed to hackers that would have never been a problem before.
This.
Dubya can say "well this wouldn't stop the problems", and he is right, to a point. It wouldn't stop it from those who play online. Want to do a LAN party for friends on Diablo on your own network? You could in previous versions. You can't now. You have to only use Blizzard. want to play single player? You have to connect to Blizzard first.
Blizzard left the door wide open on this. If they didn't think this through to provide some extra layers of protection, they deserve some blame. Whether it is something like what Steam does (email to your account if you are logging in from another IP with a code), or something else, whatever.
What you have here are people who were playing solo, didn't want to play online, and their account got compromised, in a way that simply wouldn't happen in D1 or D2. not because of advances in tech (most of these hacks are pretty low-tech), but because of a design feature that Blizzard made, for no other reason than they wanted to ring people into the RMAH.
Even something as simple as forcing authenticators with every login would fix a lot of the problems. Hacking, like pirating, will always occur, and any strategy that will "eliminate it" might as well eliminate gravity. yet there are simple things that can be done to mitigate the damage this causes, on both the "end user" side, and the "company" side.
This is possible. Thing is, people need to activate it themselves. Same with the authenticator. I read some posts here that say that it's not foulproof because you only need to input a key once every 5-7 days and that it should be every time you log on. Back when the authenticator was introduced, you did need to input the code every time you logged on. People didn't like it, because they want the easiest to play, which is completly understandable. Blizzard acknowledge this and changed it to the current way, as in, using the authenticator once every 5-7 days. However you can still change it to the old way, so that you need to use the authenticator every time you login to a Blizzard game. It's just a little checkbox under the authenticator options. It's listed in the authenticator FAQ too. The only thing Blizzard didn't do, is shouting it from the roof, you know, in a forced message that players don't read through anyway.
The same for the Steam example that you mentioned. This is also a service that Blizzard provides, though not through an e-mailservice (well, if there is one, I'm not aware of it). In case of changes too your Battle.net account or supicious activity. This is what it lists for Diablo 3 specific:
If you play Diablo III...
We may also text you verification codes if we detect suspicious activity and for approving transactions in the real-money auction house.
For I guess security reason, they opted for a SMS service, which is fine with me. After all, if your login details are compromised, changes are that your e-mail details are too compromised.
In the end it's probably better if they would just force people to use the authenticator with every login. Problem is, people don't like that. Which is also the whole problem with Information Security in general. There's this thought of: "It will never happen to me, so I don't need to take these kind of preventing measures!", untill the moment your data does get compromised. I don't think that Blizzard handles the Information Security poorly. No company wants to be in the position that Sony was in not long ago.
So yes, these tales that are going around, of people being 'hacked' and what not, are most likely people who have only themselves to thank for it. Even that article from the reviewer from Tom's Hardware I take with a healthy dose of sceptism. I mean, just mere speculation here, perhaps a co-worker/lover/child logged in on her account when she was away. Because she already used her authenticator two days ago, only her login and password were needed. It sounds silly and childish, but it wouldn't be the first time.
Like I said, I'm not taking Blizzard's side here, it's just that someone has to come with solid proof before to back up claims that they've been hacked, while using an authenticator. If Blizzard's security is compromised however, I'll be reconsidering buying whatever game they'll release next.
Doesn't surprise me to see hacked accounts, it is a blizzard game after all.
My wow account was suspended 2 weeks ago due to suspicious activity. I have not played wow for 3 years and through 3 pc rebuilds. All my passwords are different everywhere so it's not from my side where security issues are. I have never had any other account hack issues with other games.
Everyone knows that when accounts get stolen 99.9% of the time it is the users own fault. Everything in that article is speculation.. words like 'suggested' are evidence that the whole article is completely factless. Even the word 'hacked' isn't accurate right now because no one knows why those items went missing.
Well....honestly I think its more to do with the Battle.Net system than the user. The reason I say this, I had/have a WoW account for 4 years (from Launch),and as soon as they switched to the Battle.Net for WoW my account got hacked 3 times in 6 months,and im a very well versed user.
Agree with that. I never had any problems with wow account, until bliz start using battle.net.. after that, my account got hacked...
Its pretty pointless to say that I dont click anythink like "get free gold" or use same psw .. and so on, coz most of ppl on forum will simply say its my fault anyway.
Im a big bliz fan, have like all their games. But the thing with acounts beeing hacked right after your not beeing active for some time is sad. But its exactly what is happening.
There are other possibilities besides "IT'S ALL BLIZZARDS FAULT" or "IT'S ALL THE USERS FAULT"
Well, do you see any "its all bliz fault" in my post? guess not...
The security issues of Battlenet are currently the biggest thing keeping me from buying the game. The one time I tried creating an account to briefly try WOW, which lasted all of a week, I was getting emails claiming my acount had been hacked within a week of the account going inactive. I don't know or really care about the details of what the source was, but I'm pretty sure that if it was on my end, I'd be seeing that kind of problem a lot more than with just Battlenet, yet in all the time I've been on the internet, the only game account I've ever had problems with was with Blizzard. I didn't do anything special or unusual on my end with that particular account, so I'm left with the conclusion that something on Blizzard's end is out of whack and has been for some time. Now I read about the "recommendation" to buy an authenticator, and I get a bit suspicious that it may not be hackers, but Blizzard, or one of it's employees, out to make a fast buck one way or another, either by getting me to buy an authenticator or by selling information on inactive accounts. Either way, makes me glad I didn't bother buy the game yet; doesn't matter how good the game is if the surrounding environment is unsecure. Whether or not I eventually buy the game will be directly effected by how this shakes out, espicially after the RMAH is added.
The security issues of Battlenet are currently the biggest thing keeping me from buying the game. The one time I tried creating an account to briefly try WOW, which lasted all of a week, I was getting emails claiming my acount had been hacked within a week of the account going inactive. I don't know or really care about the details of what the source was, but I'm pretty sure that if it was on my end, I'd be seeing that kind of problem a lot more than with just Battlenet, yet in all the time I've been on the internet, the only game account I've ever had problems with was with Blizzard. I didn't do anything special or unusual on my end with that particular account, so I'm left with the conclusion that something on Blizzard's end is out of whack and has been for some time. Now I read about the "recommendation" to buy an authenticator, and I get a bit suspicious that it may not be hackers, but Blizzard, or one of it's employees, out to make a fast buck one way or another, either by getting me to buy an authenticator or by selling information on inactive accounts. Either way, makes me glad I didn't bother buy the game yet; doesn't matter how good the game is if the surrounding environment is unsecure. Whether or not I eventually buy the game will be directly effected by how this shakes out, espicially after the RMAH is added.
Battle.net is is more ways then one more secure then most other MMO's out there, probably all of them. It's just a side effect of hosting a few of the most popular gaming franchises out there. The spam e-mails you've been getting, I get them too. Though not on the e-mail account I registered my Battle.net or even back in the day, my WoW account too. I get those e-mails on my gmail account, which I mostly use for registering purposes. So the spam isn't necessarly linked to you creating a WoW account.
Concerning the authenticator, for most purposes on the internet I use a two-way-authentication system like this (two-way as in a login/password and the code you get from the authenticator). It's way more secure then just a loginname and a password. I work in the Information Security branch and I can't keep up with all the ways, holes, bugs and exploits floating around. Patchnotes from Microsoft, Adobe and Sun Microsystems (the company behind Java) are an interesting read, just to see how many holes have been patched this time.
There's by the way a free authenticator app for Andriod, iPhone and a few others. If you find this environment unsecure, you should watch out for similar environments too. For example, Steam, Origin, etc.
Battle.net is is more ways then one more secure then most other MMO's out there, probably all of them. It's just a side effect of hosting a few of the most popular gaming franchises out there. The spam e-mails you've been getting, I get them too. Though not on the e-mail account I registered my Battle.net or even back in the day, my WoW account too. I get those e-mails on my gmail account, which I mostly use for registering purposes. So the spam isn't necessarly linked to you creating a WoW account.
Concerning the authenticator, for most purposes on the internet I use a two-way-authentication system like this (two-way as in a login/password and the code you get from the authenticator). It's way more secure then just a loginname and a password. I work in the Information Security branch and I can't keep up with all the ways, holes, bugs and exploits floating around. Patchnotes from Microsoft, Adobe and Sun Microsystems (the company behind Java) are an interesting read, just to see how many holes have been patched this time.
There's by the way a free authenticator app for Andriod, iPhone and a few others. If you find this environment unsecure, you should watch out for similar environments too. For example, Steam, Origin, etc.
For being more secure than most companies, it still has way too many problems. I don't know precisely what those problems are, or what would be needed to be done to fix them, but I've never received anything like it from any other game from any other company, and I've tried most of the big name games at some point in time at least briefly. Given the level of problems, I'm not even inclined to say that outside sources are the problem; there is something within how Blizzard sets up the games and/or handles the account data that just seems to cause problems. I don't usually jump on companies for security issues, especially online security issues, but Blizzard seems to have more than their fair share, and has a long history of having more than their fair share. Whether its internal or external, I just don't like what I see with their security track record, even after accounting for the presence of big target names like WoW and Diablo.
For being more secure than most companies, it still has way too many problems. I don't know precisely what those problems are, or what would be needed to be done to fix them, but I've never received anything like it from any other game from any other company, and I've tried most of the big name games at some point in time at least briefly. Given the level of problems, I'm not even inclined to say that outside sources are the problem; there is something within how Blizzard sets up the games and/or handles the account data that just seems to cause problems. I don't usually jump on companies for security issues, especially online security issues, but Blizzard seems to have more than their fair share, and has a long history of having more than their fair share. Whether its internal or external, I just don't like what I see with their security track record, even after accounting for the presence of big target names like WoW and Diablo.
If by 'way too many problems' you refer to the whole 'not able to play online'-situation, then yes, that should be fixed, rather yesterday then tomorrow. I don't think that Blizzard is just twiddling their thumbs though or swimming in money like Scrouge McDuck. In at most a month I think that the problems concerning server availability will be fixed.
Concerning security, there isn't much more Blizzard can do really. They warn for a lot of things, most importantly for phising attempts, scams, goldsellers, etc. It's more that the general knowledge of most players is severly lacking on these matters. Blizzard recently posted (yesterday I believe) that they still need to encounter a case of someone whose account has been compromised, while he was using the authenticator. Knowing the relative safety a two-way-authentication system provides, rather believe them than some random forum poster that makes the most outrages claims, more often then not witout providing any shred of evidence. Of course it's frustrating if your account get compromised, but more likely then not, it's Blizzard who's to blame, but the ignorance of the user. It sounds harsh, but it's the truth.
These days on the internet isn't a very safe environment. That's a simple fact. In your specific case you only made a trial account for WoW. Now this part is pure speculation, but let's say you did it by clicking on a WoW Trial banner on Cursegaming or another fansite. There is a change that these sites may have been compromised or that the banner was infected. All kinds of tracking malware can already be installed at that point. Some aren't even detected by antivirus software or blocked by the browser. It's hard to get account details directly for these malware, but getting an e-mailadress is not at all impossible. Hence your spam. When I made my account for WoW and later on Battle.net, I did it through first the CD of WoW itself. The upgrade to Battle.net too, I did it through the old WoW account setting site. Both were under secure connections, hence any potential malware would have a hard time getting that e-mailadress. On the other hand, I used my gmail account to register to various forums, from which multiple have probably been compromised already. That's why I get a crapload of spam on that account.
The reality is that it's way easier to get crucial information through other means, like third party sites, then it's to 'hack' Blizzard services. Hell, like some people said on a Dutch forum, if hackers already had access to information like the 'SessionID', then it would mean that:
Blizzard's server would already have been hacked, in which the whole stealing of SessionID's would only give away the fact that the servers had been compromised. This would be a very silly move from the people that found a leak in Blizzard's security.
Or that crucial information is send in plain-text instead of encrypted, like what happens in practically every MMO. In this case, we would see people posting Youtube movies of 'How I hack Diablo 3 accounts', etc. The only thing that some searches produce are silly phising attempts, like the spam you recieved.
A good tip for practically everyone using the internet, is to be very carefull with the information you put up there. There is a reason that people use multiple e-mailaccounts. There is a reason that two-way-authentication gets more and more accepted (and in a sad way, more necessary).
Didn't use any third party site to do anything with WoW. Went straight to Blizzard's site. While I understand your point that the internet is not a safe place, I didn't do anything different with WoW than I did with any other MMO I've tried out, and yet Blizzard is the only one that has had account difficulties of any kind. If it was on my end or related to my surfing habits, I can gaurantee that I would have noticed it with other games and accounts as well. The fact that I haven't makes is highly suggestive that a significant part of the problem lies with Blizzard and how they write and implement their games.
As for the authenticator, if I have to even consider getting an authenticator to play what is still at it's core a single player game without having to worry about my account getitng hacked, I'm not going to be buying the game, it's that simple. I'm not going to be shell over 60 dollars for the game and even more for the authenticator just to play an updated D2 with social features. It may be a good game, but it ain't that good. I wouldn't do it for the vast majority of MMOs, either. If the security issues are truly that serious, and the company consistently has them, I can find better companies to support or other forms of entertainment. The idea that you would need an authenicator to get reliable access to something that is simply entertainment is crazy, and if that's the trend, I won't be buying very many computer games going forward.
Didn't use any third party site to do anything with WoW. Went straight to Blizzard's site. While I understand your point that the internet is not a safe place, I didn't do anything different with WoW than I did with any other MMO I've tried out, and yet Blizzard is the only one that has had account difficulties of any kind. If it was on my end or related to my surfing habits, I can gaurantee that I would have noticed it with other games and accounts as well. The fact that I haven't makes is highly suggestive that a significant part of the problem lies with Blizzard and how they write and implement their games.
As for the authenticator, if I have to even consider getting an authenticator to play what is still at it's core a single player game without having to worry about my account getitng hacked, I'm not going to be buying the game, it's that simple. I'm not going to be shell over 60 dollars for the game and even more for the authenticator just to play an updated D2 with social features. It may be a good game, but it ain't that good. I wouldn't do it for the vast majority of MMOs, either. If the security issues are truly that serious, and the company consistently has them, I can find better companies to support or other forms of entertainment. The idea that you would need an authenicator to get reliable access to something that is simply entertainment is crazy, and if that's the trend, I won't be buying very many computer games going forward.
It's becoming a trend, so that will mean less games for you I guess, at least on the PC. You didn't give any examples of the other MMO's you played, but I can say from experience that my Aion account and my Rift account both got hacked. The companies in question admitted it that it was their own fault (I wasn't even subscribed to Aion at that moment). They got compromised. Till this day this hasn't happened to Blizzard. The only known security issue with Battle.net, are the users themselves. There're tools that prevent that your account gets compromised, but if you don't want to use them, it's your own fault if it happens.
It's becoming a trend, so that will mean less games for you I guess, at least on the PC. You didn't give any examples of the other MMO's you played, but I can say from experience that my Aion account and my Rift account both got hacked. The companies in question admitted it that it was their own fault (I wasn't even subscribed to Aion at that moment). They got compromised. Till this day this hasn't happened to Blizzard. The only known security issue with Battle.net, are the users themselves. There're tools that prevent that your account gets compromised, but if you don't want to use them, it's your own fault if it happens.
Didn't try either of those two games, at least in part because the vibe I was getting from the companies that made them wasn't encouraging. Sounds like I may have saved myself a headache.
My biggest issue with these tools that you mention is that if someone is going to add to the hassle of getting into the actual game, they better make it worth it by making sure the game itself is just that good, especially if they plan on charging the standard 60 dollars to buy the game in the first place. Not the extra stuff around the game, but the game itself. I just don't see that in Diablo 3, and that's probably the best of the bunch of recent releases quality wise. You're right, though, that I'm probably not going to be buying very many games in the future. Even before this, the list was short. Skyrim was the first one I got excited about in a long time, and will probably be the last for a long while. I
I'll get TL2 because they are smart enough to price the game at a reasonable level, and I expect it will be a good, solid game, even if it isn't groundbreaking. For me to accept the online only and/pr authenticator, the game behind is going to be have pretty dang amazing and ready to blow me away, startiing from the time I click the icon to open the game. I just don't see that happening any time in the near future. Until then, I have other forms of entertainment that will get the majority of my entertaiment dollars.
So little people understand about information security.
It's sad actually.
Well, I've never had an account of any kind hacked, mmo or otherwise. It's really quite simple.
Even when companies had security breaches (like SOE or anyone else) my accounts were safe and sound. An encrypted and salted hash of my passwords will do a hacker no good.
Accross all games, authenticators available or not, not once.
Several people in this thread claim to haveperfect security practices, but I doubt that very much. It's easier to blame he big bad Blizzard or imply that something fishy is going on.
I wish high schools would teach basic level security classes.
session jacking Diablo 3 attacks are made up. Fake. It's a hoax. This can be easily verified with basic security tools. If you believe this rumor, you get an F in security.
Blizzards user database was NOT compromised and never has been. Companies are required by law to report data breaches involving personal information. Even if you believe this is the case, you still share part of the blame if your account gets hacked in this manner. The database would only include encrypted passwords. If yours is one that is easily brute forced, that is your fault.
No database is totally secure. Hackers have penetrated the most secure networks in the world. If your password is dictionary based, you get an F in security. If your password is cracked from a user database, you get an F.
If you don't change your passwords regularly, you guessed it, F.
If you use the same password for high value targets such as email, blizzard games, banking, paypal, or anything else of value...F minus. There is no F minus, I just invented it for this particular failure.
If you don't run adblock, noscript or even a sandbox for your browser...well D- for that one.
If you click on links in emails, detention.
If your operating system is pirated, you get an E. It's lower than F minus. E sounds good, but I'm making a new grade for this one because it's about the stupidest thing you can possibly do to your system. Seriously. E minus. Or double F or something. Just don't pirate software. Geez.
If your wireless router isn't encrypted with the latest encryption using a non dictionary password...well can I have your address? No, nevermind. F.
Firewall, antivirus, updated system, blah blah blah...F, F, F.
If you use Internet explored....get out of this classroom. Now.
If you use a Mac (I have one, btw not a hater) and you think your system is invincible to all attacks and therefore don't ever have to think about it: I'm going to rip your MacBook in half. I don't care what metal it's made out of.
If you always click allow just to get the window off your screen, F.
I could keep going but this is starting to sound a bit like Jeff Foxworthy.
Bottom line is this people, no matter what the service, you are responsible for a large degree of your own security. Sure there are security flaws out there on the web that could be used to attack you, but a large portion of them require some sort of failure to be secure on your part.
We can speculate all day about what might be wring with Battle.net or any other service, but it doesnt make your accounts more secure.
This isn't about the blame game. It's about your own personal responsibility.
Nine times out of ten (or more) an attack like this is directed at the users not the service. Even IF the service is flawed, there are practices that can eliminate or lessen the damage from an attack on the service itself. Again, nothing is secure.
Blizzard is not any less secure than any other company out there. As far as gaming companies go they offer a very high level of personal security. You just have to take advantage of it.
If you don't lock your front door and someone steals your TV, you don't blame the lock maker becaue you are the idiot that didn't lock up.
Again, I have been playing Blizzard games since the 90's. Not one hack ever. I started wow in vanilla. Haven't been hacked in nearly a decade. You might think it's luck, but I know there is more to it than that.
I am taking responsiblity for my own securty. If I don't believe a company is capable of handling my information properly, they don't get it. For whatever reason, Blizzard has caused me problems where others have not, despite everything on my end being handled the same way. Even if they are not to blame, they have come across as extremely unconcerned until dollar signs were involved. For that reason, they will not be getting my information, and in this case, because of how they setup the game, my business. I find that to be far more effective than any authenticator will ever be. If at some point, they are able to demonstrate a higher level of concern for protecting private information and action than what I've seen in the past regarding their customer service, I will certainly reconsider, but for now, I'm just not seeing enough concern or quality in the game to make me want to bother with it all.
There are victims following the hackers/exploiters around in d3 (since they appear on the recently played list) and they're ransacking approximately 1 account per minute each. And there are dozens of them doing it. And it is drastically escalating as of this morning.
There are video's on youtube and on stream sites that show it going down in real time.
This is spiralling out of control fast.
Not to mention the fact that the AH may have been compromised as well. It is routinely eating people's money and items as of last night.
Originally posted by dubyahite So little people understand about information security.
It's sad actually.
Well, I've never had an account of any kind hacked, mmo or otherwise. It's really quite simple.
Even when companies had security breaches (like SOE or anyone else) my accounts were safe and sound. An encrypted and salted hash of my passwords will do a hacker no good.
Accross all games, authenticators available or not, not once.
Several people in this thread claim to haveperfect security practices, but I doubt that very much. It's easier to blame he big bad Blizzard or imply that something fishy is going on.
I wish high schools would teach basic level security classes.
session jacking Diablo 3 attacks are made up. Fake. It's a hoax. This can be easily verified with basic security tools. If you believe this rumor, you get an F in security.
Blizzards user database was NOT compromised and never has been. Companies are required by law to report data breaches involving personal information. Even if you believe this is the case, you still share part of the blame if your account gets hacked in this manner. The database would only include encrypted passwords. If yours is one that is easily brute forced, that is your fault.
No database is totally secure. Hackers have penetrated the most secure networks in the world. If your password is dictionary based, you get an F in security. If your password is cracked from a user database, you get an F.
If you don't change your passwords regularly, you guessed it, F.
If you use the same password for high value targets such as email, blizzard games, banking, paypal, or anything else of value...F minus. There is no F minus, I just invented it for this particular failure.
If you don't run adblock, noscript or even a sandbox for your browser...well D- for that one.
If you click on links in emails, detention.
If your operating system is pirated, you get an E. It's lower than F minus. E sounds good, but I'm making a new grade for this one because it's about the stupidest thing you can possibly do to your system. Seriously. E minus. Or double F or something. Just don't pirate software. Geez.
If your wireless router isn't encrypted with the latest encryption using a non dictionary password...well can I have your address? No, nevermind. F.
Firewall, antivirus, updated system, blah blah blah...F, F, F.
If you use Internet explored....get out of this classroom. Now.
If you use a Mac (I have one, btw not a hater) and you think your system is invincible to all attacks and therefore don't ever have to think about it: I'm going to rip your MacBook in half. I don't care what metal it's made out of.
If you always click allow just to get the window off your screen, F.
I could keep going but this is starting to sound a bit like Jeff Foxworthy.
Bottom line is this people, no matter what the service, you are responsible for a large degree of your own security. Sure there are security flaws out there on the web that could be used to attack you, but a large portion of them require some sort of failure to be secure on your part.
We can speculate all day about what might be wring with Battle.net or any other service, but it doesnt make your accounts more secure.
This isn't about the blame game. It's about your own personal responsibility.
Nine times out of ten (or more) an attack like this is directed at the users not the service. Even IF the service is flawed, there are practices that can eliminate or lessen the damage from an attack on the service itself. Again, nothing is secure.
Blizzard is not any less secure than any other company out there. As far as gaming companies go they offer a very high level of personal security. You just have to take advantage of it.
If you don't lock your front door and someone steals your TV, you don't blame the lock maker becaue you are the idiot that didn't lock up.
Again, I have been playing Blizzard games since the 90's. Not one hack ever. I started wow in vanilla. Haven't been hacked in nearly a decade. You might think it's luck, but I know there is more to it than that.
Hehehehe, funny, but I think you are asking WAY too much of your average joe gamer / computer user.
Many of us on this forum are IT professionals of some kind or other and it's easy to get a bit of an elitist attitude because of that. You can act like it's easy for everyone to adhere to all these good security practices...but I think you vastly overestimate the computer savvy of many gamers.
I mean...some of my friends not in IT play computer games but they seriously don't even know how to use Windows Explorer. Do you expect these people to be able to install all these anti adware things and know what links are okay and which are bad?
The only people at fault for hacking attacks are the HACKERS. That's it. The victims aren't at fault. Maybe they could have done more to prevent an attack, but that doesn't make them guilty.
Just like in your "didn't lock the door" example...do you know who is at fault for stealing the guy's TV? I'm gonna say it was the thief...not the homeowner.
To those who keep saying that they haven't been hacked and had a Blizzard account for many years, I'm willing to bet it's never gone inactive for any reason. They are going to protect active accounts, because that's active dollar generation, but inactive accounts seem to be treated as too unimportant to care about, despite the fact that they still hold private information. I don't think it's an accident that almost all the problems stated have come from inactive accounts. Blizzard may not be able to control everything, but they can certainly control that aspect, and the fact that they don't is troublesome.
Everyone knows that when accounts get stolen 99.9% of the time it is the users own fault. Everything in that article is speculation.. words like 'suggested' are evidence that the whole article is completely factless. Even the word 'hacked' isn't accurate right now because no one knows why those items went missing.
Well....honestly I think its more to do with the Battle.Net system than the user. The reason I say this, I had/have a WoW account for 4 years (from Launch),and as soon as they switched to the Battle.Net for WoW my account got hacked 3 times in 6 months,and im a very well versed user.
I was hacked twice in six months after the very same thing. Funny thing is I quit WoW a month after the first incident, and it was no longer even installed on my computer when the second incident happened. Whoever got access to my account, did so more than four months after the last time I used those login credentials. Must be some very patient hackers out there who are willing to sit on account information that long, before making use of it.
It's the first time I've ever had my account compromised in any game. It was also the last time. No further problems after I stopped using Battle.Net.
Hehehehe, funny, but I think you are asking WAY too much of your average joe gamer / computer user.
Many of us on this forum are IT professionals of some kind or other and it's easy to get a bit of an elitist attitude because of that. You can act like it's easy for everyone to adhere to all these good security practices...but I think you vastly overestimate the computer savvy of many gamers.
I mean...some of my friends not in IT play computer games but they seriously don't even know how to use Windows Explorer. Do you expect these people to be able to install all these anti adware things and know what links are okay and which are bad?
The only people at fault for hacking attacks are the HACKERS. That's it. The victims aren't at fault. Maybe they could have done more to prevent an attack, but that doesn't make them guilty.
Just like in your "didn't lock the door" example...do you know who is at fault for stealing the guy's TV? I'm gonna say it was the thief...not the homeowner.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.
When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.
Comments
This.
Dubya can say "well this wouldn't stop the problems", and he is right, to a point. It wouldn't stop it from those who play online. Want to do a LAN party for friends on Diablo on your own network? You could in previous versions. You can't now. You have to only use Blizzard. want to play single player? You have to connect to Blizzard first.
Blizzard left the door wide open on this. If they didn't think this through to provide some extra layers of protection, they deserve some blame. Whether it is something like what Steam does (email to your account if you are logging in from another IP with a code), or something else, whatever.
What you have here are people who were playing solo, didn't want to play online, and their account got compromised, in a way that simply wouldn't happen in D1 or D2. not because of advances in tech (most of these hacks are pretty low-tech), but because of a design feature that Blizzard made, for no other reason than they wanted to ring people into the RMAH.
Even something as simple as forcing authenticators with every login would fix a lot of the problems. Hacking, like pirating, will always occur, and any strategy that will "eliminate it" might as well eliminate gravity. yet there are simple things that can be done to mitigate the damage this causes, on both the "end user" side, and the "company" side.
this x100000000
cant agree more
These accounts aren't necessarily hacked but more likely easily guessed by other players who already have their login names via places like the forums. Once they got a login name they use a bot to try thousands of passwords to try login to that account.
I do not get why they say acounts were "hacked" when most of the time the person with the acount either recived a keylogger or just plain out gave their info threw scams. So much missleading info flying around its makes me want to throw up. Buy a authenticator and dont use the password jim1234 and the chances of anything happening to your acount goes down the drain.
Dunno if anyone's mentioned this, but it has just come out recently as well that Battle.net passwords aren't case-sensitive. What the hell kind of idiot made that call? It's one of the most basic possible security measures one can take! Even SONY isn't that fucking stupid!
I'm loving Diablo 3, but I'm pissed off as all hell at Blizzard. It's pretty goddamn obvious they're letting the interns handle network security over there. If I lived anywhere near their HQ I'd be over there wanting to smack the security lead upside the head for sheer dumb-fuckery.
I really can't put into words how pissed off I am about that. Of all the... Jesus, no wonder people are having trouble.
The really funny part, is that the CM's response was "Oh yeah, works like that for all our games! Try it in SC2 and WoW too!
"
Yes, a smiley...
Edit: CM, not GM
I still think the it is in the public chat not the games.
Wish someone would ask this on the offical forums. If you were hacked did you use public chat? What channel?
In OB I got this message I was logged in form a different location, got booted and the only thing I did was go to open chat. Didn't think much of it because I was back in game nothing missing or anything out of the ordinary. I think the hackers were testing their program at that time to see if it worked.
Seriously
If you are interested in making a MMO maybe visit my page to get a free open source engine.
This is possible. Thing is, people need to activate it themselves. Same with the authenticator. I read some posts here that say that it's not foulproof because you only need to input a key once every 5-7 days and that it should be every time you log on. Back when the authenticator was introduced, you did need to input the code every time you logged on. People didn't like it, because they want the easiest to play, which is completly understandable. Blizzard acknowledge this and changed it to the current way, as in, using the authenticator once every 5-7 days. However you can still change it to the old way, so that you need to use the authenticator every time you login to a Blizzard game. It's just a little checkbox under the authenticator options. It's listed in the authenticator FAQ too. The only thing Blizzard didn't do, is shouting it from the roof, you know, in a forced message that players don't read through anyway.
The same for the Steam example that you mentioned. This is also a service that Blizzard provides, though not through an e-mailservice (well, if there is one, I'm not aware of it). In case of changes too your Battle.net account or supicious activity. This is what it lists for Diablo 3 specific:
If you play Diablo III...
We may also text you verification codes if we detect suspicious activity and for approving transactions in the real-money auction house.
For I guess security reason, they opted for a SMS service, which is fine with me. After all, if your login details are compromised, changes are that your e-mail details are too compromised.
In the end it's probably better if they would just force people to use the authenticator with every login. Problem is, people don't like that. Which is also the whole problem with Information Security in general. There's this thought of: "It will never happen to me, so I don't need to take these kind of preventing measures!", untill the moment your data does get compromised. I don't think that Blizzard handles the Information Security poorly. No company wants to be in the position that Sony was in not long ago.
So yes, these tales that are going around, of people being 'hacked' and what not, are most likely people who have only themselves to thank for it. Even that article from the reviewer from Tom's Hardware I take with a healthy dose of sceptism. I mean, just mere speculation here, perhaps a co-worker/lover/child logged in on her account when she was away. Because she already used her authenticator two days ago, only her login and password were needed. It sounds silly and childish, but it wouldn't be the first time.
Like I said, I'm not taking Blizzard's side here, it's just that someone has to come with solid proof before to back up claims that they've been hacked, while using an authenticator. If Blizzard's security is compromised however, I'll be reconsidering buying whatever game they'll release next.
My wow account was suspended 2 weeks ago due to suspicious activity. I have not played wow for 3 years and through 3 pc rebuilds. All my passwords are different everywhere so it's not from my side where security issues are. I have never had any other account hack issues with other games.
Well, do you see any "its all bliz fault" in my post? guess not...
The security issues of Battlenet are currently the biggest thing keeping me from buying the game. The one time I tried creating an account to briefly try WOW, which lasted all of a week, I was getting emails claiming my acount had been hacked within a week of the account going inactive. I don't know or really care about the details of what the source was, but I'm pretty sure that if it was on my end, I'd be seeing that kind of problem a lot more than with just Battlenet, yet in all the time I've been on the internet, the only game account I've ever had problems with was with Blizzard. I didn't do anything special or unusual on my end with that particular account, so I'm left with the conclusion that something on Blizzard's end is out of whack and has been for some time. Now I read about the "recommendation" to buy an authenticator, and I get a bit suspicious that it may not be hackers, but Blizzard, or one of it's employees, out to make a fast buck one way or another, either by getting me to buy an authenticator or by selling information on inactive accounts. Either way, makes me glad I didn't bother buy the game yet; doesn't matter how good the game is if the surrounding environment is unsecure. Whether or not I eventually buy the game will be directly effected by how this shakes out, espicially after the RMAH is added.
Battle.net is is more ways then one more secure then most other MMO's out there, probably all of them. It's just a side effect of hosting a few of the most popular gaming franchises out there. The spam e-mails you've been getting, I get them too. Though not on the e-mail account I registered my Battle.net or even back in the day, my WoW account too. I get those e-mails on my gmail account, which I mostly use for registering purposes. So the spam isn't necessarly linked to you creating a WoW account.
Concerning the authenticator, for most purposes on the internet I use a two-way-authentication system like this (two-way as in a login/password and the code you get from the authenticator). It's way more secure then just a loginname and a password. I work in the Information Security branch and I can't keep up with all the ways, holes, bugs and exploits floating around. Patchnotes from Microsoft, Adobe and Sun Microsystems (the company behind Java) are an interesting read, just to see how many holes have been patched this time.
There's by the way a free authenticator app for Andriod, iPhone and a few others. If you find this environment unsecure, you should watch out for similar environments too. For example, Steam, Origin, etc.
For being more secure than most companies, it still has way too many problems. I don't know precisely what those problems are, or what would be needed to be done to fix them, but I've never received anything like it from any other game from any other company, and I've tried most of the big name games at some point in time at least briefly. Given the level of problems, I'm not even inclined to say that outside sources are the problem; there is something within how Blizzard sets up the games and/or handles the account data that just seems to cause problems. I don't usually jump on companies for security issues, especially online security issues, but Blizzard seems to have more than their fair share, and has a long history of having more than their fair share. Whether its internal or external, I just don't like what I see with their security track record, even after accounting for the presence of big target names like WoW and Diablo.
I blame Porn !
If by 'way too many problems' you refer to the whole 'not able to play online'-situation, then yes, that should be fixed, rather yesterday then tomorrow. I don't think that Blizzard is just twiddling their thumbs though or swimming in money like Scrouge McDuck. In at most a month I think that the problems concerning server availability will be fixed.
Concerning security, there isn't much more Blizzard can do really. They warn for a lot of things, most importantly for phising attempts, scams, goldsellers, etc. It's more that the general knowledge of most players is severly lacking on these matters. Blizzard recently posted (yesterday I believe) that they still need to encounter a case of someone whose account has been compromised, while he was using the authenticator. Knowing the relative safety a two-way-authentication system provides, rather believe them than some random forum poster that makes the most outrages claims, more often then not witout providing any shred of evidence. Of course it's frustrating if your account get compromised, but more likely then not, it's Blizzard who's to blame, but the ignorance of the user. It sounds harsh, but it's the truth.
These days on the internet isn't a very safe environment. That's a simple fact. In your specific case you only made a trial account for WoW. Now this part is pure speculation, but let's say you did it by clicking on a WoW Trial banner on Cursegaming or another fansite. There is a change that these sites may have been compromised or that the banner was infected. All kinds of tracking malware can already be installed at that point. Some aren't even detected by antivirus software or blocked by the browser. It's hard to get account details directly for these malware, but getting an e-mailadress is not at all impossible. Hence your spam. When I made my account for WoW and later on Battle.net, I did it through first the CD of WoW itself. The upgrade to Battle.net too, I did it through the old WoW account setting site. Both were under secure connections, hence any potential malware would have a hard time getting that e-mailadress. On the other hand, I used my gmail account to register to various forums, from which multiple have probably been compromised already. That's why I get a crapload of spam on that account.
For another realistic example you should read JeroKane's post here from earlier in this thread: http://www.mmorpg.com/discussion2.cfm/post/5009785
The reality is that it's way easier to get crucial information through other means, like third party sites, then it's to 'hack' Blizzard services. Hell, like some people said on a Dutch forum, if hackers already had access to information like the 'SessionID', then it would mean that:
A good tip for practically everyone using the internet, is to be very carefull with the information you put up there. There is a reason that people use multiple e-mailaccounts. There is a reason that two-way-authentication gets more and more accepted (and in a sad way, more necessary).
Didn't use any third party site to do anything with WoW. Went straight to Blizzard's site. While I understand your point that the internet is not a safe place, I didn't do anything different with WoW than I did with any other MMO I've tried out, and yet Blizzard is the only one that has had account difficulties of any kind. If it was on my end or related to my surfing habits, I can gaurantee that I would have noticed it with other games and accounts as well. The fact that I haven't makes is highly suggestive that a significant part of the problem lies with Blizzard and how they write and implement their games.
As for the authenticator, if I have to even consider getting an authenticator to play what is still at it's core a single player game without having to worry about my account getitng hacked, I'm not going to be buying the game, it's that simple. I'm not going to be shell over 60 dollars for the game and even more for the authenticator just to play an updated D2 with social features. It may be a good game, but it ain't that good. I wouldn't do it for the vast majority of MMOs, either. If the security issues are truly that serious, and the company consistently has them, I can find better companies to support or other forms of entertainment. The idea that you would need an authenicator to get reliable access to something that is simply entertainment is crazy, and if that's the trend, I won't be buying very many computer games going forward.
It's becoming a trend, so that will mean less games for you I guess, at least on the PC. You didn't give any examples of the other MMO's you played, but I can say from experience that my Aion account and my Rift account both got hacked. The companies in question admitted it that it was their own fault (I wasn't even subscribed to Aion at that moment). They got compromised. Till this day this hasn't happened to Blizzard. The only known security issue with Battle.net, are the users themselves. There're tools that prevent that your account gets compromised, but if you don't want to use them, it's your own fault if it happens.
Didn't try either of those two games, at least in part because the vibe I was getting from the companies that made them wasn't encouraging. Sounds like I may have saved myself a headache.
My biggest issue with these tools that you mention is that if someone is going to add to the hassle of getting into the actual game, they better make it worth it by making sure the game itself is just that good, especially if they plan on charging the standard 60 dollars to buy the game in the first place. Not the extra stuff around the game, but the game itself. I just don't see that in Diablo 3, and that's probably the best of the bunch of recent releases quality wise. You're right, though, that I'm probably not going to be buying very many games in the future. Even before this, the list was short. Skyrim was the first one I got excited about in a long time, and will probably be the last for a long while. I
I'll get TL2 because they are smart enough to price the game at a reasonable level, and I expect it will be a good, solid game, even if it isn't groundbreaking. For me to accept the online only and/pr authenticator, the game behind is going to be have pretty dang amazing and ready to blow me away, startiing from the time I click the icon to open the game. I just don't see that happening any time in the near future. Until then, I have other forms of entertainment that will get the majority of my entertaiment dollars.
It's sad actually.
Well, I've never had an account of any kind hacked, mmo or otherwise. It's really quite simple.
Even when companies had security breaches (like SOE or anyone else) my accounts were safe and sound. An encrypted and salted hash of my passwords will do a hacker no good.
Accross all games, authenticators available or not, not once.
Several people in this thread claim to haveperfect security practices, but I doubt that very much. It's easier to blame he big bad Blizzard or imply that something fishy is going on.
I wish high schools would teach basic level security classes.
session jacking Diablo 3 attacks are made up. Fake. It's a hoax. This can be easily verified with basic security tools. If you believe this rumor, you get an F in security.
Blizzards user database was NOT compromised and never has been. Companies are required by law to report data breaches involving personal information. Even if you believe this is the case, you still share part of the blame if your account gets hacked in this manner. The database would only include encrypted passwords. If yours is one that is easily brute forced, that is your fault.
No database is totally secure. Hackers have penetrated the most secure networks in the world. If your password is dictionary based, you get an F in security. If your password is cracked from a user database, you get an F.
If you don't change your passwords regularly, you guessed it, F.
If you use the same password for high value targets such as email, blizzard games, banking, paypal, or anything else of value...F minus. There is no F minus, I just invented it for this particular failure.
If you don't run adblock, noscript or even a sandbox for your browser...well D- for that one.
If you click on links in emails, detention.
If your operating system is pirated, you get an E. It's lower than F minus. E sounds good, but I'm making a new grade for this one because it's about the stupidest thing you can possibly do to your system. Seriously. E minus. Or double F or something. Just don't pirate software. Geez.
If your wireless router isn't encrypted with the latest encryption using a non dictionary password...well can I have your address? No, nevermind. F.
Firewall, antivirus, updated system, blah blah blah...F, F, F.
If you use Internet explored....get out of this classroom. Now.
If you use a Mac (I have one, btw not a hater) and you think your system is invincible to all attacks and therefore don't ever have to think about it: I'm going to rip your MacBook in half. I don't care what metal it's made out of.
If you always click allow just to get the window off your screen, F.
I could keep going but this is starting to sound a bit like Jeff Foxworthy.
Bottom line is this people, no matter what the service, you are responsible for a large degree of your own security. Sure there are security flaws out there on the web that could be used to attack you, but a large portion of them require some sort of failure to be secure on your part.
We can speculate all day about what might be wring with Battle.net or any other service, but it doesnt make your accounts more secure.
This isn't about the blame game. It's about your own personal responsibility.
Nine times out of ten (or more) an attack like this is directed at the users not the service. Even IF the service is flawed, there are practices that can eliminate or lessen the damage from an attack on the service itself. Again, nothing is secure.
Blizzard is not any less secure than any other company out there. As far as gaming companies go they offer a very high level of personal security. You just have to take advantage of it.
If you don't lock your front door and someone steals your TV, you don't blame the lock maker becaue you are the idiot that didn't lock up.
Again, I have been playing Blizzard games since the 90's. Not one hack ever. I started wow in vanilla. Haven't been hacked in nearly a decade. You might think it's luck, but I know there is more to it than that.
Shadow's Hand Guild
Open recruitment for
The Secret World - Dragons
Planetside 2 - Terran Republic
Tera - Dragonfall Server
http://www.shadowshand.com
I am taking responsiblity for my own securty. If I don't believe a company is capable of handling my information properly, they don't get it. For whatever reason, Blizzard has caused me problems where others have not, despite everything on my end being handled the same way. Even if they are not to blame, they have come across as extremely unconcerned until dollar signs were involved. For that reason, they will not be getting my information, and in this case, because of how they setup the game, my business. I find that to be far more effective than any authenticator will ever be. If at some point, they are able to demonstrate a higher level of concern for protecting private information and action than what I've seen in the past regarding their customer service, I will certainly reconsider, but for now, I'm just not seeing enough concern or quality in the game to make me want to bother with it all.
There are victims following the hackers/exploiters around in d3 (since they appear on the recently played list) and they're ransacking approximately 1 account per minute each. And there are dozens of them doing it. And it is drastically escalating as of this morning.
There are video's on youtube and on stream sites that show it going down in real time.
This is spiralling out of control fast.
Not to mention the fact that the AH may have been compromised as well. It is routinely eating people's money and items as of last night.
Hehehehe, funny, but I think you are asking WAY too much of your average joe gamer / computer user.
Many of us on this forum are IT professionals of some kind or other and it's easy to get a bit of an elitist attitude because of that. You can act like it's easy for everyone to adhere to all these good security practices...but I think you vastly overestimate the computer savvy of many gamers.
I mean...some of my friends not in IT play computer games but they seriously don't even know how to use Windows Explorer. Do you expect these people to be able to install all these anti adware things and know what links are okay and which are bad?
The only people at fault for hacking attacks are the HACKERS. That's it. The victims aren't at fault. Maybe they could have done more to prevent an attack, but that doesn't make them guilty.
Just like in your "didn't lock the door" example...do you know who is at fault for stealing the guy's TV? I'm gonna say it was the thief...not the homeowner.
Are you team Azeroth, team Tyria, or team Jacob?
To those who keep saying that they haven't been hacked and had a Blizzard account for many years, I'm willing to bet it's never gone inactive for any reason. They are going to protect active accounts, because that's active dollar generation, but inactive accounts seem to be treated as too unimportant to care about, despite the fact that they still hold private information. I don't think it's an accident that almost all the problems stated have come from inactive accounts. Blizzard may not be able to control everything, but they can certainly control that aspect, and the fact that they don't is troublesome.
I was hacked twice in six months after the very same thing. Funny thing is I quit WoW a month after the first incident, and it was no longer even installed on my computer when the second incident happened. Whoever got access to my account, did so more than four months after the last time I used those login credentials. Must be some very patient hackers out there who are willing to sit on account information that long, before making use of it.
It's the first time I've ever had my account compromised in any game. It was also the last time. No further problems after I stopped using Battle.Net.
And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.
Rest my case.
A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.
When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.