An alleged Chinese gold farmer has come forward to talk with Markee Dragon, a video game enthusiast who has been investigating the mass amount of Diablo III account infiltration claims. Turns out, a lot of accounts that have been farmed were due to using the same username/passwords in forums and fansites, and this particular gold farmer is making 4 million gold an hour off these compromised accounts.
In a lengthy but tediously slow interview on YouTube with Markeed Dragon, the anonymous gold farmer masks his voice and identity to answer a number of questions regarding farming accounts in Diablo III. A lot of what he says makes sense, and anyone who used the same username/e-mail/password on a forum, fansite or any other internet hub was basically prime bait for the gold farmers. When asked if account information was retrieved from Blizzard's forums, Mr. Gold says "they're bulletproof." That statement probably makes Blizzard fanboys blush where the sun don't shine.
Take note that the gold farmer does not deny other means of infiltration, simply that it's not a direct breach on Blizzard's end. He simply notifies viewers that from his end they do things as easily and simple as possible to make as much money as possible.
Mr. Gold also says some other interesting things, such as selling account information to the Russian Mafia; testing usernames and passwords against PayPal accounts, banking information, checking, and other financial information. Ultimately, if your account has been compromised in Diablo III please change your login details immediately for every single other website you visit, right now.
Mr. Gold also points out that there are other hackers, farmers, botters and spammers he wants Blizzard to get rid of. They're cramping his style, apparently. Officially he calls it "over-inflating" the gold economy. He wants Blizzard to update their security protocol named Warden to weed out the small-time bots and gold farmers who are eating into his profits. He's assured that his methods are mostly undetectable for the next couple of months, but by then they will already have enough gold to make millions in real-life money.
I found it amazing that he admits to being on pretty much 24/7 and when Dragon asks if Blizzard bans or investigates the account(s) for suspicious activity he says "No". Baffling. You would think Blizzard would at least monitor an account that stays in the hub all day while other accounts come and go, dumping money and goods into the vendor.
Also, be very, very, very wary of the Real-Money Auction House. All of the account infiltrations are allegedly being stored for the Real-Money Auction House. Mr. Gold wants to make sure that his gold farming institution has a monopoly on Legendary item drops, so that's another reason he wants Blizzard to update Warden so that they can maintain a steady stream on both selling gold and manipulating commerce for the RMAH. I think the golden nugget of the interview was when Mr. Gold says from their gold farming "Blizzard makes money, too". It's true, they will, since they get a 15% cut of all virtual good transactions that are changed into real-money transactions.
Anyways, if you want to check out the interview head on over to Markee Dragon's YouTube. How truthful or real is the information Mr. Gold provided? Who knows. Could it just be some guy pretending to be a gold farmer to boost hits? Yeah sure could be. I'm sure fanboys will say that the video wasn't proof enough, but then what is? Anyways, it's a good enough explanation on some of what's been happening.
The shocking part to me is that Blizzard doesn't have it setup where accounts automatically ask for a third-tier account confirmation when logging in from a new IP address, whether you have an authenticator or not. I mean, some guy who logs in from New York in North America who mystically logs out and then re-logs in from Jingsu, China should instantly raise red flags.
Realistically, an authenticator shouldn't even matter because Blizzard knows other people's real-life money will be on the line with the RMAH. Security should have been the number one priority.
As mentioned, consumers have no idea when or if they've been compromised. The information in the video is somewhat scary because that's even worse than the session spoofing claims. In fact, it basically means that if you've used the same login information ANYWHERE you're already at risk of being compromised.
Hopefully Blizzard takes the necessary steps to secure Diablo III so players can at least enjoy a game they paid $60 for without looking over their shoulders and being paranoid. Whether you have an authenticator or not, Blizzard should have made it mandatory in the boxed editions and should make a free version available online for people who don't have smartphones.
It's never the consumer's fault for lacking the proper information to be risk-averse.
Blizzard should have made it known from the start that the game was such a high-risk hacking target, especially when they admitted that it wasn't uncommon for popular new games to have such high amount of "hacking" claims.
And just for good measure, a lot of this would have easily been avoided for people who just wanted to play Diablo III offline.
(Update: Just like to point out that LinkedIn was recently hacked and many usernames and passwords were lifted. If you use LinkedIn and play Diablo III or other high-profile gold-farming targets, be sure to change your password ASAP.
