Hacked Diablo 3 Accounts Did Not Have Authenticators Attached Says Blizzard

All right, so we've now reached a plateau of ridiculousness where the embarrassment of Diablo III's launch is about equivalent to showing up to a class room without any pants on and a sock for underwear. It's just ridiculous.

If you haven't heard, people have been screaming to high-heaven about their Diablo III accounts being hacked. Blizzard has been working hard to keep these issues out of the press but they did finally make a forum statement about the compromised accounts and some gamers may not like it.

According to MSNBC (because yeah, so much digital feces hit the fan that mainstream news media are now getting involved) Blizzard has responded to the consumer uproar on the Battle.net forums with the following response...

We've been taking the situation extremely seriously from the start, and have done everything possible to verify how and in what circumstances these compromises are occurring. Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.

Basically, what Blizzard is saying is that accounts are being compromised the old-fashioned way: Hackers gaining access to your password either out of negligence, key-logging or brute force and logging into your account.

Some forum members and readers here at Gaming Blend mentioned that they already had an authenticator and were still hacked. So it's Blizzard's word against alleged hack victims.

For those that don't know, the job of Blizzard's authenticator is to add an extra layer of security by creating a random numerical passcode on top of your password and username login.

However, the Authenticator is not a guaranteed form of protection because if you try to login from the same location more than a few times you won't be required to enter the random authenticator passcode. In other words, if hackers were nifty enough to emulate a virtual environment of the user's login location they could potentially use that as a means to gain access to an account and bypass the authenticator. And hackers can easily ping a user from a public game and gain vital information. There's obviously more to it than that but we won't know for sure until Blizzard issues an official technical breakdown of the situation or a hacker willingly comes forward and spills the beans on how to breach an account.

Anyways, Blizzard mentioning that these hacked accounts not having authenticators attached beforehand has been seen by some people as an added ploy for not only helping Blizzard cover their tracks but also to coup some revenue in the process. A former Navy analyst who wishes to remain anonymous, speculated that it's possible that even with all the hacking going on, Blizzard still gains by selling authenticators during the process, which can cost up to $6.50. However, you can acquire a free version of the authenticator for your mobile phone, so it does put a bit of a damper in the above theory.

For now, Blizzard has yet to issue an official press statement on the issue. However the company remains vigilant in trying to fix the problem and address these concerns on the forums alone. They have up until the end of the month to resolve this scenario involving hacktivists before the Real-Money Auction House goes live, and believe me Blizzard's stock will plummet if hackers are still usurping accounts with a live RMAH. That would equate to a PR disaster on a mammoth scale.

Will Usher

Staff Writer at CinemaBlend.