As if Blizzard weren’t taking enough heat for a rocky Diablo III launch, reports are coming in on the official forums that user accounts have been hacked and stolen. While this isn’t anything terribly new in the world of online gaming, some of the users claim to have Authenticators linked to their accounts. The Authenticator provides an additional layer of protection for Battle.net users, or at least it’s supposed to.
For those that opt in for one of these (either as a small standalone device or a mobile app), a randomly generated number must be entered at every login. The code changes frequently (approximately every 40 seconds by my count), providing protection against key loggers and phishing scams. There seems to be no downside other than an additional step and having your phone or device nearby when you want to play or login on the Blizzard website.
The other explanation that has been floated by some users in the forums is that there is a server glitch that is cleaning out items and gold from unlucky gamers. In some instances, users have been granted a rollback to pre-compromised status, while in others no illicit account access has been discovered. In the latter cases, Blizzard has supposedly declined to assist. While a malicious little bug is certainly a possibility, it doesn’t explain the experience that two Eurogamer editors shared, including a conversation with an alleged black-market account purchaser. Likely it’s a combination of the two, with some users suffering from a programming error and others victims of a heinous crime.
Given the concerns surrounding the real-money auction house (now delayed again until May 29), these hacking reports are particularly alarming. Instead of in-game currency and items at stake, come next week there will be real cash in the system.
We’ve reached out to Blizzard for comment on the matter. At the time of publishing, we have not yet received a reply. However, users are reporting that in cases where accounts have been verifiably compromised, support tickets are being updated with the following boilerplate language:
Thank you for contacting Blizzard Customer Support regarding restoration for your Diablo III account.
Restorations for Diablo III accounts are limited, and we cannot guarantee the availability of future restorations after one is performed. Because of this, we require your approval to use a limited restoration to address this situation. If you would like us to proceed, please respond to this ticket and clearly tell us that you would like to use a limited restoration. If you do not respond, no restoration will be made for this issue.
Any progress made since the compromise may be lost when the restoration is performed. For additional information on how compromise restorations are handled for Diablo III accounts, see (http://www.battle.net/support/article/compromised-diablo-iii-account).
Note: After the first compromise restoration occurs on a Battle.net account, that account’s access to the Diablo III Real Money Auction House will be restricted until an authenticator is attached. If the account is compromised a second time, access to the Diablo III Real Money Auction House will be permanently revoked. For more information on authenticators, see (http://www.battle.net/support/article/battle-net-authenticator-faq).
Account security is critically important. To help protect your account, we recommend following the Security Checklist (http://www.battle.net/security/checklist) on our Account Security site (http://www.battle.net/security/).
If you have further questions, please reply to this ticket. If you prefer to speak to a representative directly, please see our contact information (http://www.battle.net/support/article/contact).
Thank you again for contacting us. We hope you continue to enjoy your experience in Diablo III!
Blizzard needs to cast a wide net with the real-money auction house bans. There’s too much room for fraudulent hacking claims. Thankfully, the official Blizzard support FAQ also includes this statement that should give comfort to those only seeking restorations due to legitimately compromised accounts:
Note: This policy applies only to restorations. If access to an account is lost due to a compromise, Customer Support will assist in restoring access no matter the number of times the account has been compromised in the past.
This story is still developing, and we’ll be sure to keep you updated.