Blizzard on Diablo III Security

Blizzard has posted a message in response to the perception that recent reports of account hacking in Diablo III represent an uptick in such incidents. They say the number of compromised accounts does not represent anything unusual for their games, and that they continue to recommend the use of the Battle.net Authenticator or the Battle.net Mobile Authenticator for best security of your Battle.net account:
We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. Historically, the release of a new game -- such as a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III. We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well. You can read about ways to help keep your account secure, along with some of the internal and external measures we have in place to help us achieve our security goals, at our account security website here: www.battle.net/security.

We also wanted to reassure you that the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises, and we encourage everyone to take advantage of them. In addition, we also recently introduced a new service called Battle.net SMS Protect, which allows you to use your text-enabled cell phone to unlock a locked Battle.net account, recover your account name, approve a password reset, or remove a lost Authenticator. Optionally, you can set up the Battle.net SMS Protect system to send you a text message whenever unusual activity is detected on your account, keeping you aware of important (and possibly unwanted) changes.

For more information on the Authenticator, visit http://us.battle.net/support/en/article/battle-net-authenticator-faq

For more on the Battle.net Mobile Authenticator, visit http://us.battle.net/support/en/article/battle-net-mobile-authenticator-faq

For more on Battle.net SMS Protect, visit http://us.battle.net/support/en/article/battlenet-sms-protect

We also have other measures built into Battle.net to help protect players. Occasionally, when Battle.net detects unusual login activity that differs from your normal behavior -- such as logging in from an unfamiliar location -- we may prompt you for additional information (such as the answer to one of your security questions) and/or require you to perform a password reset through the Battle.net website. World of Warcraft players might be familiar with this security method already, and Diablo III players may begin to encounter it as well.

As always, if you think you've been the victim of an account compromise, head to the "Help! I've Been Hacked!" tool at http://us.battle.net/en/security/help for assistance.
View : : :
28.
 
Re: Blizzard on Diablo III Security
May 23, 2012, 01:18
28.
Re: Blizzard on Diablo III Security May 23, 2012, 01:18
May 23, 2012, 01:18
 
Teddy wrote on May 23, 2012, 00:40:
Kitkoan wrote on May 22, 2012, 21:29:
In short, its your fault if our security is broken, thanks for the money.

Not to mention, they totally dodged the issue. So, what happened with this? A lot of accounts got hacked, why? Your security at fault or the users security at fault? What steps are being taken to prevent further problems? Are their steps being taken? Is it being looked into? Or are you just going to point at the Authenticator and hope the problem goes away?

Here's someone that's never had to deal with account security before.

General tip for you, it's almost ALWAYS the user's fault when it comes to security breaches, whether it's games or network security within companies. Users choose poorly constructed passwords, re-use passwords over and over, release their information constantly to phishing scams and other unseemly sources, get viruses on their home machines that consistently need to be weeded out as they transfer files in.

You can protect against direct breaches of your own system. You can't protect against stupid users that don't maintain their own security. That goes for Blizzard just the same as it goes for any other company out there.

Short of Blizzard taking control of your computer and filtering or blocking out any questionable websites for you, what exactly would you like them to do?

Its not almost ALWAYS the users fault. Many times its an inside job, more so when money is involved. And while many users don't always use the best security skills, its seems like there might be more to this to see a sudden jump in these hijacked accounts.

As for what can Blizzard do? Well I mentioned that in another post. Their systems can make note of IP locations when the user logs in. If someone who last logged in 2 hours ago in the state of New York is now suddenly logging in from Washington, flags should go up. The Warden program should also send warnings off that it is sending information to Blizzards systems from the same system but with different account information in a short span of time.

Are the IP connections coming from in the country or out?

Is a character giving 90%+ of its equipment and/or gold to another account and receiving little to nothing back in the trade? Does this person have a history with the character they are giving these items/gold to? People don't randomly give all their worn equipment/gold to a random stranger in these games, this is unusual behaviour and should at least be noted by the system and have the items/gold noted with a GM-only-seeable tag to keep dibs on it to see if something is up).

Is the character that is getting the items/receiving all this gear from strangers doing it to more then 10 accounts in a short time span? This should make a notice go to a GM to start looking at the account. Blizzard keeps a record log of all communications in game and if one account, not character but account, is getting 90%+ of random players equipment and/or gold without any chatting between them and have no past records of being in touch through the account (WoW, SC2, D3 in the past), this should be looked into.

A system can have many flags in place to look for unusual behaviour that should at least try to get a GM's attention to watch for this kinda of stuff.
*automatically refuses to place horse heads in anyone's bed*
Avatar 56087
Date
Subject
Author
1.
May 22, 2012May 22 2012
2.
May 22, 2012May 22 2012
23.
May 23, 2012May 23 2012
 28.
May 23, 2012May 23 2012
   Re: Blizzard on Diablo III Security
4.
May 22, 2012May 22 2012
6.
May 22, 2012May 22 2012
9.
May 22, 2012May 22 2012
10.
May 22, 2012May 22 2012
5.
May 22, 2012May 22 2012
39.
May 23, 2012May 23 2012
7.
May 22, 2012May 22 2012
8.
May 22, 2012May 22 2012
12.
May 22, 2012May 22 2012
15.
May 22, 2012May 22 2012
16.
May 22, 2012May 22 2012
18.
May 22, 2012May 22 2012
20.
May 23, 2012May 23 2012
21.
May 23, 2012May 23 2012
22.
May 23, 2012May 23 2012
38.
May 23, 2012May 23 2012
42.
May 23, 2012May 23 2012
47.
May 23, 2012May 23 2012
48.
May 23, 2012May 23 2012
24.
May 23, 2012May 23 2012
26.
May 23, 2012May 23 2012
27.
May 23, 2012May 23 2012
29.
May 23, 2012May 23 2012
30.
May 23, 2012May 23 2012
31.
May 23, 2012May 23 2012
32.
May 23, 2012May 23 2012
33.
May 23, 2012May 23 2012
34.
May 23, 2012May 23 2012
36.
May 23, 2012May 23 2012
37.
May 23, 2012May 23 2012
            Re: Blizzard on Diablo III Security
45.
May 23, 2012May 23 2012
             Re: Blizzard on Diablo III Security
49.
May 23, 2012May 23 2012
35.
May 23, 2012May 23 2012
50.
May 23, 2012May 23 2012
17.
May 22, 2012May 22 2012
13.
May 22, 2012May 22 2012
19.
May 22, 2012May 22 2012
43.
May 23, 2012May 23 2012
11.
May 22, 2012May 22 2012
14.
May 22, 2012May 22 2012
25.
May 23, 2012May 23 2012
40.
May 23, 2012May 23 2012
41.
May 23, 2012May 23 2012
44.
May 23, 2012May 23 2012
46.
May 23, 2012May 23 2012
51.
May 24, 2012May 24 2012