Sigh... I've been Hacked. Be careful.

[Corale]

guys, I would be very careful of accepting anecdotal evidence regarding "apparent" hacking methods like database injections and what not, the word "apparently" is no guarantee of accuracy, and as someone who works in IT (no, I really do!), it is an unlikely attack vector, as it requires access to the database, behind Blizzards firewalls, and secured (I can assure you) with very high levels of authority.
If such an attack was possible, it would be catastrophic, they could walk off with millions of account details, and any such attack would leave obvious traces behind, Blizzard would immediately know a security breach had occurred.

Now I do hate to say this, but over 6 million copies of Diablo 3 were sold, many hundreds of thousands of people are logging on to the Blizzard servers every day, and a small percentage have been hacked.

Diablo is going to be a huge draw card for professional hackers, goods acquired can be sold for real money, a MAJOR incentive to attract negative attention of this type.

Now, I know everyone who gets hacked says "I checked my PC for viruses, and it's clean" but your PC may have been compromised months or years ago, a little database is built up of email addresses and passwords, which are then used to brute force accounts.

I also hate to add this, but I don't think you had an authenticator BEFORE you were hacked, and not AFTER, as a result of that very attack.

It is all to easy to leap up and down, point fingers, and accuse blizzard of poor security, and much harder to admit that you slipped up somewhere .
Blizzard is a billion dollar company with a long history of hosting massive numbers of online connections, you are some average Joe end user, where is the mistake more likely to be have occurred?
The common trend in modern account violations is to attack via social engineering, not other, more sophisticated methods that have been suggested as possible causes.
Indeed, this very site links to gold farming sites, where you can "Buy Diablo Gold!" Guess where you can be compromised...?

It isn't by joining an MP game
it isn't by clicking on the auction house (that's just silly, you have ALREADY logged on at that stage!)

On the other hand, it would be very short sighted to assume that these attacks are all because of personal and individual failures to keep your details secure. I work as a programmer (why are we talking about our work? ) and several colleagues have had there accounts hacked, and these are fairly security minded people. Not proof of anything of course, but ignoring either possibility is not right.

And gaining access to a database with active sessions is not the same as gaining access to an account database. In fact if it is indeed the chat system that has an injection weakness for example, that explanation would make sense on a high level. We can't really know more without more knowledge about the systems or an official explanation from Blizzard though.

[kestegs]

If the problem is in the chat system then why would they force us to join general chat when we log in?

[Grisu]

And maybe it is for everyone's best to reiterate, that dial-in authenticaters and physical/mobile authenticators aren't the same. Dial-in authenticators don't work for D3 and can't protect the account like physical/mobile authenticaters do. There were a lot of reports from people who thought they were safe, got hacked, and realized only afterwards that the dial-in authenticator didn't offer any protection at all...

If the problem is in the chat system then why would they force us to join general chat when we log in?

Because they are the hackers...?

[Thyiad]

Leave channel is your friend.

[Helx]

I think they made you automatically join the General channel in the last update as a quick and easy fix to people being disconnected every few minutes. It was even a Blizzard-approved "fix" to join to the General channel to prevent these disconnects. I can play only 10-15 minutes before being disconnected when not on the General channel, and one of my friends has the same problem. Another friend we play with doesn't have that problem, so I'm assuming it's ISP-related.

[muzzz]

guys, I would be very careful of accepting anecdotal evidence regarding "apparent" hacking methods like database injections and what not, the word "apparently" is no guarantee of accuracy, and as someone who works in IT (no, I really do!), it is an unlikely attack vector, as it requires access to the database, behind Blizzards firewalls, and secured (I can assure you) with very high levels of authority.
If such an attack was possible, it would be catastrophic, they could walk off with millions of account details, and any such attack would leave obvious traces behind, Blizzard would immediately know a security breach had occurred.

"Database injection" (a.k.a. SQL injection) actually doesn't require any sort of special access. The whole point of it is to use a public interface to the database, like a login form. Firewalls don't really come into the picture. Fortunately, it's also easily thwarted.

As others have pointed out, the word on the grapevine is that it's a form of session spoofing. All of the eyewitness accounts I've read support this. The only problem is that most eyewitnesses know as much about computer security as a blind man knows about color. Honestly, I doubt we'll ever get any verifiable info.

[yxalitis]

ANY ads like that need to be screenshotted and reported to either a Moderator or an Admin, with information of where you are from (country) and any other information you can give.

Gold Farm.jpg
Well, here are two in one page!
In Australia, we get the guy4game links all the time.

I really hope NO ONE is buying that gold, not just because of the hack risk, but because it is STUPIDLY expensive!!

$32 for 1 million, no way!
I expect when the RMAH comes on line for the exchange rate to be $5 for 1 mill.
Any more then that , and Blizzard are smoking crack.
(Unfortunately, the world is full of idiots that WILL pay too much, in which case I will be selling loot and retiring!)