The term "hacked" has been apparently debunked amongst the moderators and support staff at Blizzard. They've actively said that it's really not hacking going on regarding the Diablo III account infiltrations. Well, if it's not hacking, then what is it?
The common response has been password usurping. Apparently a lot of Diablo III players have either tried buying gold or not using proper authenticators or having too much malware on their PC. The authenticator one seems to be the method Blizzard reps are sticking to, as mentioned in the Joystiq article, where Bashiok mentions...
"Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password,"
We've seen this kind of quote, or variations of it, reiterated in a number of other Battle.net forum posts and websites, which we reported on earlier. But how are they getting the passwords? And how come there are no flags being set off when individuals from different IP addresses are logging into an account usually associated with a specific IP address?
For the most part, this has all been completely avoided. Blizzard has yet to say if any of the perpetrators have been caught or banned, or exactly how they managed to nab the passwords from so many players. While it's easy to say that compromised accounts are the result of players seeking out extra gold for Diablo III or putting sensitive account information in the hands of gold farmers, I tend to doubt that writers from The Examiner and Eurogamer were visiting Chinese gold farmers to get a leg up on the competition.
So exactly, what happened?
It's easy to tell people to "get an authenticator" and pretend that it makes everything okay, however I'm more of the mind-frame that getting an authenticator doesn't resolve an issue that has yet to be clarified. Blizzard has also yet to publicly state if these are individual cases of hackers infiltrating accounts, a group effort or an actual organization working together to get into accounts.
What's most surprising is that despite all the claims of hacked/compromised/infiltrated accounts, we've had very little transparency or openness about the cases. The account infiltrations were obviously on a scale large enough for Blizzard to indefinitely delay the Real-Money Auction House, yet they won't say what's really going on. The closest thing we've had to any real insight is a support staffer explaining how a World of Warcraft account even with an authenticator managed to get infiltrated, but that doesn't really explain what's happening with Diablo III.
This also doesn't spell very good news for casual players who step into the game and don't visit the forums very often or read news sites regularly because they're mostly likely going to be ripe targets for hackers and account infiltrators.
Other forum posters also brought out the very incisive observation that if Blizzard was anticipating that there would be a surge of "hacked accounts" in the early goings of Diablo III's launch, which they attest to in their official press release, why didn't physical authenticators ship with the product to protect said casual gamers? Otherwise, how else would these people know that they are potential victims for account infiltration?
Hopefully, Blizzard will be a bit more forthcoming about the issue so players don't have to feel so paranoid logging into Diablo III. And maybe there will be a clear indicator of how some of these virtual-loot thieves are doing what they do, especially if Blizzard plans to move forward with the Real-Money Auction House.