Wednesday, May 23, 2012

Blizzard Diablo 3 Account Security (also WoW & Starcraft 2)

[Special Thanks to KavikTV & Ravager for their help on this post, all errors though are solely mine.]

Update:  If you have been hacked here is Blizz link to use to get problem resolved http://us.battle.net/support/en/article/compromised-diablo-iii-account

According to Blizzard, any time they release a new game, like Diablo 3, or when they release an expansion, there is an increase in the number of accounts reported being Hacked.

There are lots of reasons for this, but here some basic things you can do to help prevent this, these are things you should be doing to reduce your risk from these types of problem in general (ie internet banking, internet buying, etc).

First make sure your Operating System (OS) is up to date (as security problems are found, they are fixed, you need these to help keep hackers out, it is like getting a broken lock on your house door fixed), if your not sure see these links:

Second if your not using an AntiVirus/AntiMalware program already get one and use it!



Cliff recommends these two free AntiMalware products:
I can't recommend any other free ones at this time, I have been using Security Essentials for some time now since having serious problems with a different free product.

I haven't yet used the Sophos product, because I don't have a Mac yet, but I will be getting a Mac in a few weeks, and Sophos' AntiMalware is what my research leads me to use, I will report directly about that product in a future post.

Those two steps will do a lot to prevent a keylogger or something else bad from getting on your computer.

Third update your Browser, Blizzard has good guide to this

Next you should pick a strong password, and if you really want to do something extra get an Authenticator or a Mobile Authenticator from Blizzard, you can use these for Starcraft 2 & WoW as well.

What that does it lets Blizzard send you a 2nd temporary password to use in addition to the password you picked, it is like needing two keys to open a vault or launch a nuke.

I have at least one friend that has using this for some time, and it saved his account from getting hacked when all his local gaming buddies accounts got hacked.

VOD below from Blizzard describes these products and how to use them.

Cliff recommends the Authenticator over the Moble Authenticator, because most of us  will connect our phones to our computers at least some of the time, and if there is MalWare on the computer, it could infect the phone as well.

Friend of mine recently had that happen to his phone, his infected computer also infected his phone.

Or if you have MalWare on your phone, from App or something else, the Hackers might be able to access that 2nd password.

I REALLY recommend the Authenticator if you use a shared or public computer!!!!!!!

Hope that helps.

Stay Safe,

Cliff

See Also:
http://us.battle.net/en/security/checklist 




3 comments:

  1. I believe the recent D3 wave of hacks had more to do with an exploit that happens when you join public games. There is a save state that they can access that allows them to completely bypass the password stage, so not even an authenticator will save you. Most of these measures, while helpful, won't save you from the current exploits. Just don't open your game to the public if you don't want to risk it. There are quite a few threads on Reddit about this issue, which Blizzard has hopefully patched.

    ReplyDelete
  2. Thanks for the info, I'll dig into that after I get some sleep.

    ReplyDelete
  3. I have done more than a little digging, best Reddit post I found was this one http://www.reddit.com/r/diablo3/comments/ty6qk/psa_avoid_public_games_its_how_people_are_getting/

    but I'll admit I don't use Reddit much, more of RSS (Blogs, Tech Sites, etc), Tech Podcast listener & Google person.

    So there could be some much better Reddit threads that I have missed, Doc or others please feel free to post links.

    I'll delete spam, but I want my Blog to be a Gammer resource, and I certainly don't know it all.

    I am not positive, but from everything that I have seen, & things I have not seen (like no Pro SC2 people that are playing D3 atm getting hacked), I suspect that this problem is mostly on Gamer end.

    If the hacker has gotten malware on your computer, and uses ISP spoofing of some type [see: http://en.wikipedia.org/wiki/DNS_spoofing] that would fit what I have seen people complaining about.

    Also DNS issues have been in the news a lot recently http://krebsonsecurity.com/2012/05/google-to-warn-500000-of-dns-changer-infections/

    And Hackers tend to follow Security and Security Patch news & updates now to find exploits.

    Most people are bad about patching Security holes, unless they are a Computer Security person.

    Only reason I the basics at this point about computer security, is because my Credit Card info got hacked some time ago, never was able to figure out why.

    But I learned from friends that are professional Computer people, that even though I thought I was doing everything I should, ie good passwords, not using same passwords, etc.

    I had done some real stupid things, Noob mistakes to a real Computer Security professional, like I was running my computer as Admin instead of as a User.

    I also didn't have a Router, was plugged direct into modem, I didn't know then that the Firewall in even cheap Routers adds *some* protection (not a lot nowdays, but some) over exposing my computer directly to the net with only it's own firewall and AV software.

    Sorry for the long post, and that I couldn't find good support for it being Blizzards fault.

    Note: I mean evidence not opinion, and I am not saying it can't be Blizzards fault, only that I can't find any facts to support that currently.

    If any evidence of that turns up, I will certainly blog about it, giving full credit to whoever finds it!

    GL HF,

    Cliff

    ReplyDelete