Diablo 3 Accounts Being Hacked Even With Always-On DRM

There are reports coming in that hackers are gaining access to people's accounts, even with the always-on DRM to cut down on both hacking and piracy. Victims claim they are missing gold and loot and have sent in tickets. Blizzard has been quick to respond by doing short roll-backs.

According to Geek.Pikimal, the reports of hacked accounts are stationed mostly on forum boards and reddit threads. There are warnings about the potential dangers of not safely securing your account. The reddit thread here indicates a measure of precautions to take to safeguard your Battle.net account as well as to use the mobile app authenticator instead of the dial-in authenticator, as the latter is less effective than the former.

The PSA is also attached to a number of individuals on the forums claiming their accounts have been hacked even while they are in the game. And while it might seem like a roll-back scam to sell items, get more and sell it again (similar to what GamersFirst mentioned in a very similar case), it was later revealed by Tara Swadley of the Examiner (whose account was also infiltrated) that there are certain account names to look out for and avoid letting into your game (even if you're playing single-player). The names are as follows: “leyiong”, “Nevin”, “SBJunkie”, “luckllezz”, “McLeast”. Swadley suggests not to let anyone into your game that you haven't played with before and to always ensure that your games are not public.

We've reached out to potential victims of these hack-attacks to try to get more insight into the specific route Blizzard is taking to deal with them, as well as to further secure accounts, but we haven't received any word yet from them. The only response so far, on the forums, from Blizzard has been...

If your characters are missing, please double check what region you're logging in to by clicking on Options and checking under the Account section before logging in. There is a bug that may change what region you're defaulted to, and thus it may appears your characters are missing when in fact they're on a different region.

If the account breaching is as prevalent as the forum and articles make it out to be then this could spell serious trouble for Blizzard, mainly because of the Real-Money Auction House or RMAH. Blizzard, allegedly has been sending out the following responses from their support team notifying players that rollbacks are limited and restrictions to the RMAH will be in place until an account gets attached to an authenticator.

Restorations for Diablo III accounts are limited, and we cannot guarantee the availability of future restorations after one is performed. Because of this, we require your approval to use a limited restoration to address this situation. If you would like us to proceed, please respond to this ticket and clearly tell us that you would like to use a limited restoration. If you do not respond, no restoration will be made for this issue.Any progress made since the compromise may be lost when the restoration is performed. For additional information on how compromise restorations are handled for Diablo III accounts, see (http://www.battle.net/support/article/compromised-diablo-iii-account).Note: After the first compromise restoration occurs on a Battle.net account, that account's access to the Diablo III Real Money Auction House will be restricted until an authenticator is attached. If the account is compromised a second time, access to the Diablo III Real Money Auction House will be permanently revoked. For more information on authenticators, see (http://www.battle.net/support/article/battle-net-authenticator-faq).Account security is critically important. To help protect your account, we recommend following the Security Checklist (http://www.battle.net/security/checklist) on our Account Security site (http://www.battle.net/security/).If you have further questions, please reply to this ticket. If you prefer to speak to a representative directly, please see our contact information (http://www.battle.net/support/article/contact).Thank you again for contacting us. We hope you continue to enjoy your experience in Diablo III!

Blizzard recently delayed the launch of the RMAH, which was set to go live later this week. Given these recent claims of security breaches, if I were a betting man I'd say that the delay is to accommodate further investigation from Blizzard and additional safeguards to protect consumers.

The real issue, however, is that the whole point of always-on DRM was to ensure that not only were pirates kept out of the game but to limit hackers exploiting the game as well. This makes it even worse, however, because people who don't even want to use the RMAH or play online with others are still potentially at risk, simply because they do have to login to a server where their information is out there, regardless.

With real-money on the line this time, Blizzard cannot afford to screw this one up. You can check out the reddit PSA about further protecting your account.

Will Usher

Staff Writer at CinemaBlend.