Filed under: Account Security

Diablo 3 bug sees trillions in gold duping, auction houses shutdown

by Matthew Rossi May 8th 2013 at 11:00AM

Sure, we all like gold. But even the most gold hungry among us can see the problem with a bug that allowed players to accumulate trillions of in-game currency, which is exactly what happened with Diablo III's patch 1.0.8. As a result, the game's Auction House was taken down, and Blizzard is still debating what actions to take to correct the issue, but Lylirra posts on the official forums that roll backs won't be necessary.

Lylirra - Auction Houses Temporarily Offline -- Update

12:00 a.m. PDT: At this time (and after careful consideration), we've decided to not move forward with rolling back the servers. We feel that this is the best course of action given the nature of the dupe, how relatively few players used it, and the fact that its effects were fairly limited within the region. We've been able to successfully identify players who duplicated gold by using this specific bug, and are focusing on these accounts to make corrections. While this is a time-consuming and very detailed process, we believe it's the most appropriate choice given the circumstances. We know that some of you may disagree, but we feel that performing a full roll back would impact the community in an even greater way, as it would require significant downtime as well as revert the progress legitimate players have made since patch 1.0.8 was released this morning.

source

I know it would be a pretty big blow to lose character levels or gear acquired legitimately, so if they can go after the actual accounts that used the exploit and remove just their duplicated gold, that seems like the best option to me.

Filed under: Analysis / Opinion, Blizzard, Economy, Account Security, Diablo 3

Blizzard offers WoW and antivirus combo ... in South Africa

by Elizabeth Harper Apr 30th 2013 at 8:00PM

Good news! Antivirus maker Kapersky Lab teamed up with Blizzard Entertainment to offer bundle that includes WoW, Burning Crusade, Wrath of the Lich King, and Kaspersky Internet Security 2013. Basically, the package is a World of Warcraft Battle Chest plus antivirus package. We think this would be a great package for friends who haven't yet gotten into the game because computer security is awfully important to keeping your WoW account in your hands. Kapersky in particular is designed with gamers in mind with a "game mode" that postpones processor-gobbling scans to free up power for gameplay. The only thing that would make this package better would be if it also included an authenticator, so you really wouldn't have to worry about account security.

The only downside to this package? Currently it's only available in South Africa, where it sells for 399 Rand (or about $44). Perhaps if it's successful there, Blizzard will offer similar packages elsewhere, but for now, new players will need to purchase their game of choice and their antivirus software separately. And don't forget your authenticator!

Filed under: Blizzard, Account Security

Watch out: Most game hacks are actually malware

by Elizabeth Harper Apr 16th 2013 at 1:00PM

We know that all of our readers are swell guys and gals who would never cheat at World of Warcraft, but just in case you needed another reason to avoid that kind of thing, anti-virus maker AVG is reporting that 90% of game hacks contain malware. And beyond the fact that using a hack will get your account banned by Blizzard, malware has a good chance to steal your WoW account and other sensitive information -- like bank account information or credit card numbers.

We know it seems to take forever to grind for gold or levels sometimes, but if you see something offering to get you gold, levels, achievements, or anything else with the click of a button -- don't click! If these things sound too good to be true, they probably are. So instead, keep your account secure by avoiding hacks and being sure you only download addons from trusted sources. Your account, safe and secure, will thank you!

[Via The Escapist]

Filed under: Account Security

Ever wonder what a game master does?

by Matthew Rossi Jan 23rd 2013 at 3:00PM

Well, Blizzard would like to tell you. And they've done so via the medium of clever video. Whatever your troubles in game are, the game masters are the ones who deal with them. The video explains the options you have to get the help you need, both in game and out of game. Whether it's phone support, web live chat, or in-game tickets, this video not only explains your options but gives a walk through of the typical tasks a Game Master undertakes in a day. There's even details on the various automated processes players can take advantage of to resolve issues faster than waiting for a GM.

So if you're curious, go take a gander at what, exactly, GM's do for you.

Mists of Pandaria is here! The level cap has been raised to 90, many players have returned to Azeroth, and pet battles are taking the world by storm. Keep an eye out for all of the latest news, and check out our comprehensive guide to Mists of Pandaria for everything you'll ever need to know.

Filed under: Analysis / Opinion, Blizzard, Account Security, Mists of Pandaria

Authenticators temporarily unavailable from EU Blizzard online store

by Matthew Rossi Dec 18th 2012 at 5:00PM

From December 17th, players in Europe will no longer be able to order a physical Battle.net Authenticator from the Blizzard online store. CM Takralus broke it down for everyone playing in the EU realms. Why are authenticators going to be unavailable? Because the online store in Europe is being revamped.

Takralus - Battle.net Authenticators Temporarily Unavailable

From December 17 2012, physical products including Battle.net Authenticators will be temporarily unavailable on the Blizzard Online Store in Europe. This is in preparation for a revamp of the store which will take place during 2013. In the meantime, many items can be found on the US Blizzard Store.

Players wishing to acquire a Battle.net Authenticator have several options. The Battle.net Mobile Authenticator is available for many types of smartphone, and you can find out more about it here. For many people, this is the easiest and cheapest option!

If you prefer to have a physical Battle.net Authenticator, you can get hold of one from several sources including the online retailers and high-street stores listed here.
.

source

I admit I don't know how reasonable it is to order an authenticator from the US store for players in Europe, so hopefully the store won't be down for long. It should be noted that Takralus specifically points out that physical products will be unavailable, so presumably you can still buy items like pets and mounts.

Filed under: Blizzard, Account Security, Mists of Pandaria

Breakfast Topic: When was the last time you changed your WoW password?

by Lisa Poisso Nov 23rd 2012 at 8:00AM

Hey there -- Mom here! I know you're busy trying to hide the fact that you licked your plate to get all the stuff that was stuck in the gravy. (We see that little dab on your jaw there, just so you know.) I also know that the reason you keep jumping up to offer refilling people's drink is because you're actually mooching off tiny slivers of pie when nobody's watching ... But even on a holiday, it's my duty as a mother to remind you that you need to change your account password regularly.

It might be true that I don't practice what I preach quite as often as I should. (I didn't say it is true. But it could happen.) So my breakfast questions to you this morning are threefold: How long has it been since you changed your account password? Do you follow any set schedule or password schema for keeping your password up to date? And do you use an authenticator and any other security measures to keep your WoW account safe?

Poll: When did you last change your WoW password?
Within the last month	718 (12.1%)
Within the last three months	1398 (23.5%)
Within the last six months	1038 (17.5%)
Longer than six months ago	1176 (19.8%)
I can't remember	522 (8.8%)
I don't think I've ever changed my account password	1095 (18.4%)

Filed under: Breakfast Topics, Account Security

Why Blizzard isn't opening a gold shop

by Matthew Rossi Nov 7th 2012 at 4:00PM

Last year, Blizzard started an experiment with the Guardian Cub, a pet store purchase that could be bought and sold in game with gold as well, since it was Bind on Equip. At the time, a lot of WoW players (including us) saw this as an experimental foray into Blizzard finding ways to allow people to get extra gold using real life money without directly selling gold. In part, that was because Blizzard came right out and admitted that's what it was. Since that time, we've seen no new Blizzard Store purchases that were BoE in this fashion.

Since then, we've heard a lot of complaints about botters who use hacked accounts to not only steal all the gold said account possesses, but also then use it as a farming bot for as long as they can keep hold of it. Some players are even suggesting that Blizzard should simply sell gold itself, cutting out the middleman and putting gold sellers out of business. Why isn't this a good idea?

Filed under: Analysis / Opinion, Blizzard, Account Security, Mists of Pandaria

Blizzard increases security with SMS Protect

by Olivia Grace Sep 13th 2012 at 9:00PM

If you're concerned about account security, there's a new feature Blizzard want you to know about. They've been reminding us all about this feature via the forums, and have posted this informative, if somewhat bizarre video to tell us all about it.

The new feature, introduced a few months back, is Battle.net SMS Protect. It's a free service, as long as your mobile phone service provider doesn't charge you to receive text messages, in which case text messages would be charged at the usual rate. SMS Protect cannot use any type of messaging other than text messaging, and doesn't require a smartphone to work -- all your phone needs is the ability to receive SMS text messages, making this a nice feature for those players who don't have smartphones.

There have been mixed reports on whether it works with prepaid mobile phones, but where it hasn't been working that's usually because carriers don't allow the receipt of SMS text messages.

SMS Protect is not designed to replace the authenticator, either the phone authenticator or the physical authenticator. Rather, it is an alert system, designed to warn you about suspicious activity on your account, and allow you to perform certain actions with your phone. Hit the break for more information!

Filed under: Account Security

North American players may now update their security questions

by Anne Stickney Aug 15th 2012 at 9:00PM

As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators.

In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.

Nethaera

As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one.

source

Filed under: News items, Account Security

Blizzard security breach, no evidence that financial data was compromised

by Chase Hasbrouck Aug 9th 2012 at 6:40PM

Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here.

The full post is below.

Mike Morhaime

Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,

Mike Morhaime

source

Filed under: News items, Account Security

The day Fox's account got hacked -- and how you can learn from his mistakes

by Fox Van Allen Jun 15th 2012 at 9:00AM

Ladies and gentlemen, hello. My name is Fox Van Allen. I've been playing World of Warcraft for nearly four years. And despite all I know and all my warnings I've given you, the reader, it still happened. Last week, I, Fox Van Allen, had my account hacked.

The first question I'm inevitably asked is, "You? What excuse do you have to not have an authenticator?" Well, truth is, I do have an authenticator. I use my iPhone. But one day a few weeks ago, that ever-changing number display just somehow fell out of sync with what WoW was expecting me to enter. Trying to re-sync did nothing. To get back into my account, I had to have the folks at Blizzard take my authenticator off the account.

And that's how it happened. I foolishly forgot to reattach it right away -- I really haven't played a heck of a lot of World of Warcraft on account of my move to Los Angeles. It just wasn't on my mental list of things to do. And wouldn't you know it, barely a week after I had my authenticator disconnected from my account, I started getting emails from Blizzard. Not the usual spam, but legit receipts. Receipts for $105 worth of server transfers and faction changes that I didn't authorize.

That's when the pit of my stomach gave way. I knew immediately the emails were legit. And if the emails were legit, then I had to have been hacked. It's one of the worst feelings in the world.

Filed under: News items, Account Security

Blizzard issues account security alert after Riot Games breach

by Matthew Rossi Jun 14th 2012 at 6:30PM

Blizzard issues Account Security Alert after Riot Games hack

Not the first time we've seen something like this: Nakatoir of the EU community team posted this account security alert after Riot Games' EU branch warned its users that hackers "gained access to certain personal player data contained in certain EU West and EU Nordic & East databases." This information included email addresses and encrypted account passwords, and more than half of the passwords were considered simple and at risk of being cracked.

Blizzard issues its security alert because many players who play various Blizzard games like WoW and Diablo III or StarCraft II also play League of Legends; therefore, if they use the same email address for Battle.net as League of Legends or the same passwords, those Battle.net accounts may also be at risk.

This is not an announcement that Blizzard itself has been hacked, mind you. It's simply a precaution based on the habits of players of many games to use the same passwords and login information for multiple accounts. If you're not a League of Legends player in the affected EU regions, there's no way for this to affect you.

The full announcement is after the break.

Filed under: Blizzard, News items, Account Security

Thousands of players banned in Diablo 3

by Matthew Rossi Jun 12th 2012 at 2:00PM

You read that right: Several thousand suspensions and bans have gone out to Diablo III players using account hacks or bots or otherwise cheating at the game. Zarhym (he who often shows up in monster form while I'm playing Diablo III) posted to the official forums to announce the action.

Diablo® III Players Banned

We recently issued a round of account suspensions and bans to several thousand Diablo® III players who were in violation of the Battle.net® Terms of Use for cheating and/or using botting or hacking programs while playing. In addition to undermining the spirit of fair play that's essential to everyone's enjoyment of the game, botting, hacking, and other such exploitive behavior can contribute to stability and performance issues with the Battle.net service. As always, maintaining a stable, safe, and fun online-gaming experience for legitimate players is a top priority for us, and we'll be continuing to keep watch on Battle.net and take action as needed.

source

Seems fairly straightforward to me -- don't cheat, won't get banned. With the move to require an authenticator for the Real-Money Auction House and now this, it is pretty clear Blizzard is taking Battle.net very seriously moving forward.

Evil has returned! 1.2 million WoW players are getting Diablo III for free thanks to the Annual Pass. You can get prepared for the evil with WoW Insider's launch coverage. From the lore of Diablo, to the important blue posts and the basics of Diablo gameplay, we'll get you on the inside track for the return of evil.

Filed under: Analysis / Opinion, Blizzard, Account Security, Diablo 3

You cannot get hacked by playing public games in Diablo 3

by Michael Sacco Jun 1st 2012 at 12:00PM

After years of keyloggers and trojans from unsafe browsing, unsecured computers, or just plain bad luck, WoW players should be pretty used to the concept of a compromised account and how said compromises happen. Unfortunately, Diablo III players don't appear to be as familiar with them, which has resulted in some pretty maddening discourse on the official forums and across the internet.

Just like WoW accounts, Diablo III accounts are worth real money. Blizzard has had experience dealing with compromised accounts for years. This is why it introduced the Battle.net Authenticator, a second level of security that makes it very, very difficult to get your account compromised. Authenticators don't make it impossible to get your account compromised, but they do make compromising your account much more trouble than it's worth in the face of mass keylogging, which is how accounts are normally stolen.

Some people who haven't had a WoW account before but bought Diablo III were undoubtedly surprised when their accounts were compromised, which is understandable. An editor at Eurogamer had his account hacked and responded with an article suggesting that players were getting their sessions hijacked by joining public games and that people were getting compromised with this method even with authenticators attached to their account. Unfortunately, sites all over the internet picked up the story and also reported the session hijacks and bypassed authenticators as fact.

The problem is that neither of those things were correct. In fact, Blizzard says it's actually impossible to do with Diablo III due to the way the infrastructure is set up.

Filed under: Blizzard, Account Security, Diablo 3

How to replace a keyfob authenticator with a smartphone Battle.net authenticator

by Michael Gray Mar 31st 2012 at 6:00PM

I've had my authenticator for years. Taking the sound advice of persons wiser than me, I picked up an authenticator way before it was cool. No hackers or n'er-do-wells were getting into my account and sharding my purples! Those purples vindicate my life choices, and criticizing my life choices is my wife's job, not some random stranger who scammed my password from Facebook!

But like many things in life, this authenticator too must pass. In this specific case, this authenticator must pass between the jaws of my dog. It didn't work so well after Sylvanas got done unleashing some Dark Puppy-level fury on it.

If you too find yourself needing to replace your trusty old authenticator, here's how you get it done. In this case, we're replacing the old sexy keyfob with a new, nearly-as-sexy iPhone authenticator app.

Filed under: Account Security

WoW Insider Show

Subscribe via iTunes for our latest show.

Hot Topics

Upcoming Events

Event	Date
Call to Arms: Isle of Conquest	5/14 - 5/16
Call to Arms: Alterac Valley	5/17 - 5/20
Call to Arms: The Battle for Gilneas	5/21 - 5/23
Call to Arms: Warsong Gulch	5/24 - 5/27
Call to Arms: Twin Peaks	5/28 - 5/30
Call to Arms: Strand of the Ancients	5/31 - 6/3
Darkmoon Faire	6/2 - 6/9
Call to Arms: Silvershard Mines	6/4 - 6/6
Call to Arms: Temple of Kotmogu	6/11 - 6/13
Call to Arms: Arathi Basin	6/18 - 6/20
Midsummer Fire Festival	6/21 - 7/5
Call to Arms: Eye of the Storm	6/25 - 6/27