Blizzard recently issued a hotfix for Diablo III over the weekend. Supposedly this hotfix was to make a number of quick changes that weren't addressed in the patch released earlier in the week. Turns out, the hotfix was for something far more serious. Item duping.
So you know how you're forced to play Diablo III online because it supposedly prevents hacks, exploits and the infamous item duping that pervaded Diablo II so much? Well, the forced always-on DRM is pointless, pervasive and useless. A new video shows off how to item dupe...yes, it shows you how to item dupe. Check it out below.
If you think it's fake there is a second video showing the same thing here.
After Blizzard was notified about it they tried to fix it by initiating the hotfix patch to absolve the problem. The details showcased in the above videos are explained on the Owned Core forum thread here. After Blizzard released the patch forum goers have mentioned that the item duping no longer works (nice stealth-fix, Blizzard).
This begs the question: how is it safer, more convenient or less of a hassle playing always-on when all the problems from Diablo II are still spilling over into Diablo III? Not only is item duping a problem but compromised accounts have been a rampant thing up until the patch that was released earlier last week, in which case all hacked account claims have ceased.
However, some gamers are speculating that account compromising has not ceased but instead Blizzard is using the limitation of account rollbacks as a means of threatening players from continuously making a fuss about the issue. We've received several e-mails from players who were told by Blizzard staff that if their accounts were compromised again that they would be permanently banned from the RMAH. As stated in the staff response from Vangourd, a customer service rep....
After the first compromise restoration occurs on a Battle.net account, that account's access to the Diablo III Real Money Auction House will be restricted until an authenticator is attached. If the account is compromised a second time, access to the Diablo III Real Money Auction House will be permanently revoked.
What's more is that anyone who has sought any sort of clarification into their account compromise has not received any detailed feedback or information on how the account was actually compromised. We originally posted a response from Game Master Cerville saying...
I got your forwarded report about the recent losses in Diablo III, and checked into this, but we weren't able to find the malicious access. For cases where we *can* find a malicious access point, we'll happily restore the Diablo III progress back to the way it was before the intrusion.
This has changed to the game support staff completely foregoing any sort of indication about the intrusion methods or infiltration methodology behind compromised accounts. We received e-mails from users with compromised accounts who were issued the following responses from Blizzard's staff in regards to how their accounts were infiltrated, with Game Master Rhiethorn saying...
With your concerns about why your account may have been compromised, I'd like to bring your attention to the recent blue post made on our forums at "http://us.battle.net/d3/en/forum/topic/5149619846". This entire post is in regards to account compromises and what can typically cause them. It's full of some great information about what steps to take to also help secure your account.
I find it absolutely hilarious that Rheithorn mentions that "Our security at Blizzard has not been breeched", completely trying to safeguard himself in case his response was shared on a website like this. No one asked if Blizzard's security was breached, the question was HOW was this particular gamer's account infiltrated.
After further pressure, another Game Master steps into the picture, this time using legal ramifications as a designation for not disclosing how one of their consumer's accounts were infiltrated, stating...
We can see IP addresses, I apologize that we are not at liberty to provide the specific IP addess information through this method of contact. I can't promise that it will be able to be provided, by you can definitely request information like that from [email protected] In these cases, for legal reasons, it is unlikely specific IP addresses would be able to be released without a warrant or some kind of legal or law enforcement related request.
I still don't see what this has to do with disclosing HOW an account was compromised. Was it because someone else used the password to login? Did it show that someone else from a different location logged into the account? Was it brute-forced? How many attempts did it take to get in? Did they login quickly or did they stay on the account for a while? Have they logged into the account from a different location before? Was there anything suspicious about the account activity when they were logged on? All of that is ignored. An actual explanation of what happened is completely ignored.
If patch 1.0.2b really did absolve the problem then it obviously wasn't because of consumer negligence. And what's worse is that people are forced to be at risk because of this always-on nonsense.
We've yet to reach the point where the real-money auction house has been released and everything so far points to it being nothing but a danger zone for consumers. If hackers, dupers, exploits and gold farmers are this gung-ho before the RMAH has been released, just imagine what it will be like when it does go live?