The Great Diablo 3 Heist of 2012

Thousands of Diablo 3 players have been victims of a widespread hacker attack, logging in to find their entire inventory has disappeared into thin air.

Blizzard posted this brief response to the ever-increasing number of users crying out for help on their forum.

“We are very aware of these reports and are taking them very seriously,”

“Please keep an eye on the General Discussion forums as Community members will be posting something soon.”

If you want to protect your account. Use Blizzard’s account authenticator, which adds a second, one-time password to your battle.net account. This doesn’t guarentee security though. Many users have fallen victim to hacking attacks despite using the authenticator. Though Blizzard seems unaware of this.

“While the authenticator isn’t a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.”

The likeliest explanation for this massive security breach is that the servers may have been hacked via SQL injection during the 4 hours the D3 servers were on downtime on Sunday. It’s also possible that an exploit in the system allows hackers to take over players sessions while they’re playing as many victims have reported the hacking taking place during a play session, causing them to lose connection.

All Blizzard had to say on the matter of how they were compromised was this:

“Despite the claims and theories being made, we have yet to find any situations in which a person’s account was not compromised through traditional means of someone else logging into their account through the use of their password.”

Hacked users can submit a request to Blizzard for an account rollback, which will put their characters back a few levels and return some of their stolen gear.

It seems that this issue wasn’t entirely unexpected by Blizzard, although I don’t think they quite expected anything on this scale.

“Historically, the release of a new game – such as a World of Warcraft expansion – will result in an increase in reports of individual account compromises, and that’s exactly what we’re seeing now with Diablo III.”

“We know how frustrating it can be to become the victim of account theft, and as always, we’re dedicated to doing everything we can to help our players keep their Battle.net accounts safe — and we appreciate everyone who’s doing their part to help protect their accounts as well.”

Diablo 3 has had a troublesome release; plagued by intermittent server issues from day one.