Battle.net authenticator fails to prevent account hacking - Image Courtesy Blizzard
Talk about a false sense of security. Many players on Battle.net, Blizzard’s online gaming portal, snapped up authenticators in the hopes that they would not share the same fate as fellow players who saw their game gold and gear disappear into the hands of shadowy hackers. Well, it looks like the cyber rogues may still snap up your stash and there is nothing you can do about it-authenticator or no authenticator. According to Blizzard’s latest statements on recent hackings, it did not matter if accounts had authenticators or not, they were still hacked. Earlier, the company said that compromised/infiltrated/hacked accounts were not protected by authenticators. Predictably, game forum members dumped on victimized users and blamed their own negligence for their sad situation. Well, it turns out that the Irvine, CA-based game giant has now backtracked on its earlier claims.
It turns out that some of the compromised Battle.net accounts had authenticator protection and these did not do the account holders any good. This news broke out when an irate user posted on a forum regarding a refund. As proof, a compromised account with an authenticator was given as an example. The user said that he still got hacked even though he had to dial-in a code and use an SMS protector as part of his authenticator protection process. Neither steps did no good. His account still got compromised. Sadly, community response has not been encouraging or supportive. Many said the hacked user should have paid $6.50 instead of using the dial-in authenticator. In essence, it was his fault.
A forum support staffer named Kalthonis left an interesting statement. First he distinguished between “hacking” and “account compromises” (yeah, quite reassuring to someone who lost their in-game gold and items). He went on to claim that most of the account compromises occur when people buy game gold/credits from third-party game gold supply companies. He said that account compromises that were not perpetrated by gold supply companies are very rare. In essence, these companies strip one user and sell their stuff to another.
How did the account compromises happen? According to Kalthonis, he reviewed the MSInfo files of some of the compromised WoW players with authenticators. He said that these players had tons of spyware and malware installed on their machines. These users also were running file-sharing and P2P file programs, including some applications that are commonly known to be risky.
The bottom line? To avoid being compromised, make sure your system is clean. This means no spyware/malware Install spyware/malware-busting applications like Kaspersky/Eset. Make sure they are updated. Also, steer clear of file-sharing programs. For ultimate protection, play Diablo 3 offline. This “solution” strikes most gamers as absurd and it does highlight the frustration many feel regarding “authenticators” and their lack of protection.
Definitely keep an eye out when playing Wow or Diablo 3.