Activision-Blizzard has a penchant and reputation for making excellent, blockbuster games and Diablo 3 has been no exception. As of it’s launch, it came with some expected caveats including an always-connected element that forces players to connect to an Internet account in order to play the game on Blizzard’s servers. This has been explained by the gaming giant as being necessary to keep the real money auction house safe and to prevent piracy.
However, this has opened a new trend for the gaming scene and introduced it squarely into Diablo culture: personal account hacking.
Many MMOs suffer the burden of hackers striking the personal accounts of players. Often hacked accounts are liquidated for gold and then re-sold by gold farmer outfits—which is why companies such as Blizzard do not encourage people to purchase from gold sellers. The introduction of the real money auction house to games such as Diablo, however, will forever change the landscape of gold selling; especially if people are trading in virtual commodities online.
This also means that hacked accounts may influence the loss of actual value when it comes to items that have dollar price tags attached to them.
A rising tide of rumors of hacked accounts has hit the Blizzard forums and a multitude of users are concerned that they’re going to be targeted next. Especially now that high level players with hard-earned weapons could be spirited away and then sold for cash on the auction house this has become a concern of not just gold selling but immediate cash flow. Of course, the cyber cat burglars would have to get past Blizzard and manage to sell the ill-gotten booty and receive payment before they’re caught for it to work.
As a result, in what’s called a “Blue post” when a moderator or developer from Blizzard speaks on the forums, a Blizzard employee has pointed out that hacked accounts have been few and far between. And for those with concerns, the company is urging caution and for players to use authenticators to protect their accounts:
Over the past couple of days, players have expressed concerns over the possibility of Battle.net® account compromises. First and foremost, we want to make it clear that the Battle.net and Diablo III servers have not been compromised. In addition, the number of Diablo III players who’ve contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we’ve investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player’s account, and we have yet to find any situation where a Diablo III player’s account was accessed outside of “traditional” compromise methods (i.e. someone logging using an account’s login email and password).
To that end, we’ve also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these “traditional” methods — for example, by “session spoofing” a player’s identity after he or she joins a public game. Regarding this specific example, we’ve looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we’ve determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.
The Battle.net Authenticator is a secure token generator embedded in a keychain fob given to people who own Blizzard products that connect to Battle.net (on their request.) With an Authenticator, when a player logs into their account they’re challenged with multi-factor authentication that not only asks for their username and password, but the current secure token being displayed by the Authenticator device.
It may not be entirely foolproof, but it would greatly reduce the number of people who could have their accounts hacked just by losing their password.
Also in reaction to the expectations of cybersecurity for individual players, Blizzard has begun what’s called the Battle.net SMS Project, “a free optional service that will help you manage your Battle.net account using any text-enabled cell phone with a data plan.” It would essentially give players another method to control their accounts via their cell phone, an item almost ubiquitous for many video gamers.
I expect that this might even lead to a the future social-integration of the Battle.net chat or even the RMT auction house with smartphone apps. We’ve already seen this with the Valve Steam social chat app and even Xbox LIVE mobile chat apps. These social venues will continue to link the personal cloud into mobile devices and give people the ability to stay in communication with friends playing the games that they play on a regular basis.