DIII Account Security

[Kylearan]

Hi,

Just got hacked myself. Looks like putting stuff on the second tab of your stash is no longer safe; all that was gone too.

I don't know if you know this, but you can file a ticket with Blizzard and they can do a roll-back to a point in time before you got hacked, to get your stuff back.

(Funny thought: Is this a way to dupe items? )

My brother is warning me about playing the game with a browser open, says that they can get your log in information that way, usually through malicious code in certain ads. That make sense to people here?

You can get infected with malware via malicious or hacked websites, theoretically through ads too, and malware can steal your battle.net credentials. But then you no longer need to have the browser open while playing for the malware to do its thing.

But in this case I'm pretty sure it works differently; it's either a brute force attack, trying weak passwords or passwords stolen from other sites, or an actual exploit where the user doesn't need to do something wrong for it to work.

-Kylearan

[Roland]

Oh, and I have their mobile authenticator. Didn't go off.

Do you have the dial-in authenticator, or the mobile authenticator? Makes a difference.

Greetings XXXXXX,
Our records indicate that the Battle.net® account associated with this email address is currently protected by the Battle.net Dial-In Authenticator. While the Dial-In Authenticator provides an additional layer of security to help guard your Battle.net account against unauthorized access, we'd like to make
sure you're aware that it is only supported for World of Warcraft® at this time. The Dial-In Authenticator is not supported for Diablo® III or StarCraft® II, which means that your Battle.net account is not protected by the Dial-In Authenticator service when logging in to these games.

If you have already purchased Diablo III or StarCraft II -- or are considering purchasing these games in the future -- and wish to protect your Battle.net account from unauthorized access when logging in to these games, we recommend one of the following:


- Battle.net Authenticator - a physical device that you can carry on your keychain, available from the Blizzard Store

- Battle.net Mobile Authenticator - a mobile app available as a free download for iPhone, iPod touch, and Android

To learn more, please see the Battle.net Authenticator FAQ and Mobile Authenticator FAQ.

Important: If you***8217;d like to attach a Battle.net Authenticator or Battle.net Mobile Authenticator to your account, you must first remove the Battle.net Dial-In Authenticator. You can change your active security method at any time through Battle.net Account Management at http://www.battle.net/account.

You might also be interested in signing up for Battle.net SMS Protect, a free optional service that helps you manage your Battle.net account using any text-enabled cell phone. Battle.net SMS Protect also gives you the option to receive text notifications about important changes to your Battle.net account. For more information, see the Battle.net SMS Protect FAQ.

For more information regarding the Battle.net Dial-In Authenticator, please see the FAQ. To learn about Blizzard Entertainment***8217;s security commitment, visit http://us.battle.net/en/security/.
Thank you,

- The Battle.Net Team

[pindicator]

Do you have the dial-in authenticator, or the mobile authenticator? Makes a difference.

Yeah, this was my problem and i felt like quite the idiot once i had someone inform me of the distinction. When i set it up i don't know what i was thinking, because obviously with a mobile app authenticator you would need to download an app.

But what has happened since then has been just maddening.

In order to set up a mobile app authenticator or physical authenticator you need to remove the dial-in. Which is understandable that you can only have only one authenticator on an account. But when i attempted to remove the authenticator i received an error message saying there was a problem with removing my authenticator. I did the steps listed: dialed the required phone number, entered my PIN, and had a confirmation on the call that the authenticator had been removed. But when i look at my account it is still there and active, and hitting the 'verify' button gives the error i mentioned earlier.

So its support ticket time. First blizzard rep response is to tell me to read the FAQ on authenticators and close the ticket. Not cool blizzard. I write a second ticket detailing everything and this time ask for a refund because i'm so upset. Just got the recent response which is that they can take the authenticator off if i do the following:

* Submit a request in writing
* Attach scanned copy a gov't issued ID

Call me crazy, but why is a video game company asking for a digital copy of my ID? There is no way i'm going to scan and email that for a video game: they tell us they never will ask for a pw but am i alone in thinking that asking for this is worse?

Anyway i have responded telling them as much and repeating that i just need them to fix the problem that prevents me from removing the authenticator on my own. Barring that i will ask for the game to be removed and refunded though i doubt that will happen.

[pindicator]

I should add that the process to roll my char back and reverse the effects of being hacked was the one thing that has gone smooth. But i am not going to log in until the authenticator issue is resolved, because the last thing i want is to have this happen all over again

Edit: just did a search on battle.net forums and I am not the only one with the problem of not being able to remove the dial-in authenticator. Oh blizzard :rolleyes:

[Tyrmith]

I don't know if it helps you now, but you shouldn't start a second ticket, if you just use the website to revive the first ticket (there's a button there to do it), it should be kick it up the chain of command.

I will also say I've had some bad experiences with their help. They have some weird computer operated sorting system that looked at my ticket and randomly thought it was a totally different problem, gave me a random q+a and ended the ticket. Another time I waited a week before they finally got back to me. When I do finally talk to them online in person they've always been very helpful and knowledgeable though in my experience, even willing to bend the rules for me on a couple things.

[pindicator]

I figured out my problem today -- I've been entering in the wrong PIN when I was trying to remove the Dial-In Authenticator. Mind you, the service never told me that I entered the wrong PIN. It just implied I had entered the right one by saying if I wanted to attach a dial-in authenticator again I could do so at battle.net

So I let them know that my issue was resolved but that they really needed to have that software tell the person when they didn't enter the right PIN. I wonder if it's something out of their control, like a contracted service from a third party. I remember Customer Service nightmares with issues like that when I worked in the field before: you know it's not working, you personally can do nothing nor can your company, but if you try to say that a third party has to fix it then it just sounds like you're trying to pass the buck.

And yes, aside from the first response that told me to read the FAQ and closed my ticket they seemed nice. But not helpful.

[Kylearan]

Hi,

In order to set up a mobile app authenticator or physical authenticator you need to remove the dial-in. Which is understandable that you can only have only one authenticator on an account.

Honestly: No, I do not understand this. If I'm paranoid and want to have several layers of security, then let me. This shouldn't be hard to implement on their side.


-Kylearan

[Tyrmith]

It's not an additional layer of security, it's a weaker version of the same thing.