Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Blizzard on Diablo III Security

Blizzard has posted a message in response to the perception that recent reports of account hacking in Diablo III represent an uptick in such incidents. They say the number of compromised accounts does not represent anything unusual for their games, and that they continue to recommend the use of the Authenticator or the Mobile Authenticator for best security of your account:

We'd like to take a moment to address the recent reports that suggested that® and Diablo® III may have been compromised. Historically, the release of a new game -- such as a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III. We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well. You can read about ways to help keep your account secure, along with some of the internal and external measures we have in place to help us achieve our security goals, at our account security website here:

We also wanted to reassure you that the Authenticator and Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises, and we encourage everyone to take advantage of them. In addition, we also recently introduced a new service called SMS Protect, which allows you to use your text-enabled cell phone to unlock a locked account, recover your account name, approve a password reset, or remove a lost Authenticator. Optionally, you can set up the SMS Protect system to send you a text message whenever unusual activity is detected on your account, keeping you aware of important (and possibly unwanted) changes.

For more information on the Authenticator, visit

For more on the Mobile Authenticator, visit

For more on SMS Protect, visit

We also have other measures built into to help protect players. Occasionally, when detects unusual login activity that differs from your normal behavior -- such as logging in from an unfamiliar location -- we may prompt you for additional information (such as the answer to one of your security questions) and/or require you to perform a password reset through the website. World of Warcraft players might be familiar with this security method already, and Diablo III players may begin to encounter it as well.

As always, if you think you've been the victim of an account compromise, head to the "Help! I've Been Hacked!" tool at for assistance.

Post Comment
Enter the details of the comment you'd like to post in the boxes below and click the button at the bottom of the form.

33. Re: Blizzard on Diablo III Security May 23, 2012, 03:46 WaltC
It amazes me that people are buying this kind of software! I think I've made the point before and so have a lot of people: offline single-play and local LAN multiplayer play have, at worst, workable configuration issues--not friggin' security issues out of the *ss!! If you're playing an offline game and your loot disappears then *you* did it, somehow, or else the program is still very buggy. Case closed. Life is sweet when it's kept simple. This kind of D3 crap is for the birds.

I read so many posts today on battlenet written by people who were blaming other customers for the fact that hackers were breaking into Blizzard's D3 servers! How many times did I hear--"If you aren't running Norton's and this or that malware program, etc., then it's nobody's fault but yours if Blizzard's servers get ambushed and whacked, and all your account data is stolen." These posters weren't going to let a little thing called "good sense" interfere with their apocalyptic ramblings!

You know it's really, really bad when the self-appointed experts in these threads start yelling and screaming about the customer's *local* security--when, by golly, it isn't even the customer's box that's being hacked! Good grief, a third-grader could figure this out...;) Why should a Blizzard account hacker, any hacker, waste his time trying to hack into someone's individual machine at home when the client at home doesn't have the information he's looking for, even if our hypothetical idiot was to decide to hack it anyway!

All of the information the hackers want and need is right on the Blizzard servers--all of it. It's concentrated there so that information on literally millions of D3 accounts is at Blizzard's finger tips. So....not being stupid themselves, the hackers after this information for nefarious reasons look for it on the Blizzard servers! They don't need to break into individual boxes at home because those boxes wouldn't supply them with a microscopic fraction of the info they want.

I really would not think I'd have to spell it out for anybody these days, but if your D3 account has been hacked then *nobody broke into your home machine and got this information*--LoL--they get it all right from Blizzard's own servers! There's no way in hell they could get that kind of info from trying to hack individual systems in people's homes remotely! The idea is unbelievably dense and stupid, imo. People who have online D3 accounts with Blizzard and who are experiencing these hacked accounts should understand--your machine at home was not and is not now being hacked for that information! IE, *you* "didn't do it!" Hope this makes you feel better...;)

The account hackers--just like the game-play hackers--are *hacking BLizzard*--not Blizzard's customer base one at a time--Haw!--even assuming such a thing could be done, when it probably cannot because of the sheer scope and size of the hacking project itself.

In fact, trying to remotely hack into people's systems at home and when they are online is such a preposterous notion that I cannot believe anyone would so much as consider it. The people stealing from Blizzard account holders are stealing it with the information they have gleaned from their studies of the Blizzard network and how it might work. It is that network, the Blizzard owned and operated network, that is being hacked.

This darn "account verification" exercise seems a bit daft, to me. Apparently, in acknowledging that their security such as it is cannot adequately protect people's Blizzard account information, Blizzard seems determined to continue to pour gasoline on this fire by offering to *sell* its customers a service--does Blizzard call it the "authenticator"?

Anyway, I also heard this service was voluntary for the customer, although Blizzard is only providing these services [i]for a fee.[/i] I saw the figure of $10 in one post in which the fellow said that's what Blizzard charged him to set up the "authenticator" for his account. I have no idea at the moment whether this is just a temporary situation, however. Also--I don't have or want the authenticator service myself (it is called something very similar to "authenticator," so please forgive any inadvertent errors on my part.)

After account setup, an "authorization" signal simply cuts out all legitimast that whenever your BN account is being accessed or run, a phone number you supplied is rung, which means it has the highest probability of working as advertised. When you answer the call, a robot informs you that your Battlenet account has just been activated, but if you know about it then everything is fine (of course.) If not, the friendly but oil-guzzling robot provides you with a list of people and their telephone numbers if you suspect your account has been hacked. Presumably, these people can help.

Since it's Blizzard's network being illegally accessed in all of these account breaches, I certainly think it can be persuasively argued that Blizzard should be providing this service gratis for all current patients.

The service seems very simple: it is tied to your wired or wireless telephone number, and every time someone rings you up on it, a real Westerner dies in Western Yugoslavia, Africka...;)
Avatar 16008
It is well known that I do not make mistakes--so if you should happen across a mistake in anything I have written, be assured that I did not write it!
Reply Quote Edit Delete Report
      ;)   ;)   :(   :(   :o   :o   %)   %)   :)   :)   :|   :|   ;P   ;P   X|   X|   :D   :D   More
Login Email   Password Remember Me
If you have a signature set up, it will be automatically appended to your comment.
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
          Email me when this topic is updated.

Special Codes

  • b[bold text]b
  • i[italic text]i
  • u[underline text]u
  • -[strikethrough text]-
  • c[code text]c
  • +[bullet point]+
  • q[quote text (indented)]q
  • [quote="Author"]quote text (indented)[/quote]
  • [url=Link]text[/url]
  • r{red text}r
  • g{green text}g
  • b{blue text}b
  • m{maroon text}m
  • s{secret text (shows in the background colour)}s

Forum Rules

  1. Disagree all you want but attacks of a personal nature will not be tolerated.
  2. Ethnic slurs and homophobic language will not be tolerated.
  3. Do not post spam, links to warez sites, or instructions on how to obtain pirated software.
  4. Abusing the forums in any manner that could be construed as 'griefing' will not be tolerated.


Blue's News logo