just started not long ago...haven't join any public game nor adding people yet. Should be safe right?

Told you this is session hijacking. Random people get hacked.


For now only add the people you know. Sounds dangerous.


Until Blizzard fix the loophole if this session hijacking, random people will be hacked.

This post has been edited by Rei7: May 22 2012, 12:28 PM

Hmm, the high occurrence of hacking complains seems to suggest something is up. I think this has officially gone beyond end user compromise. Its really quite disturbing.

yeah, that for real......
they even change my password.
could you explain how they know my secret answer? and my email password.
both are total different.

and I don;t believe that so many keylogger flying around the world.

yes, i have Anti-malware, virus NOD32 every on....

wtf.... so many victims...

That is fairly new. Considering most hacked account doesn't get their password changed.
Have you ever log-in to any suspicious website? Might be a phishing website.

Ermm very dangerous. Any chance you got kicked out of the game?
For now the possible theory is it's a session hijacking but if they change password totally a different story.

This post has been edited by Rei7: May 22 2012, 12:32 PM

Just only happen?

Just attach your account to the battlenet authenticator.... And as well as SMS alerts.... That would give you at least some prevention.. Even if it got hacked at least you get a notice and could react to it.

can u tell me what we could do? call the blizz? email?

i don't know how they do it.
byt, when they hack my account, i was playing half way.
then system kick me out, i login again, kick them out.
surprisingly, after few time of "you kick me, I kick you".
they able change my password, without receive a email notification from my email account.

I mean, when they change my email account from battle net, they need to answer the secret question. > sent email to my email address.

unless, they could access to Battlenet Database.



This post has been edited by Walbur: May 22 2012, 12:37 PM

Yes. This is session hijacking. Where he gets your session key to go on your session and kicking you out.
The things that you should really do is kick him out, log out and change the password.
Damn I don't think i'll be wasting my time on this game yet. Will wait for Blizzard to close this loophole.

Probably true as well. A loophole in the database might also be a problem here.
They really need to secure it soon or more random people well get their acc hacked.

This post has been edited by Rei7: May 22 2012, 12:38 PM

Changing password requires a verification from email right? How does session hijacking change the password then

I uninstalled the game to prevent further addiction on diablo..
Few days ago just log-in to play and can't stop myself.. so uninstalled it first till I finish my exam.

Holy crap... seriously will not be able to play at ease if so many people getting hacked randomly

Did you use Bnet Authenticator and set it to Always Authenticate?

This post has been edited by polarzbearz: May 22 2012, 12:41 PM

Hmmm... i might as well share my experience with you guys. I have this issue trying to login to my starter account last night. The client keeps on telling me that i got the wrong password. I thought that it has something to do with the server. After an hour or 2 I can login just find. Nothing seems to be missing. I guess there arent much to take from a starter account eh?

Could this be another case of session hijack?

Don't think the current guy problem is session hijacking.
But most people who reported being hack says that their account password hasn't been changed.
Hacker might have access in the database.

who havent done these, just go add authenticator and sms alert

if they are able to hack without authenticator, at least sms alert tells you if someone else login and changed ur account

Like this then confirm mati la. Yesterday keep experiencing being removed from server few times. And I keep login in. Not sure its an aytempt or not. Haihzz

i had same issue yesterday night..hmmmm..

Hey guys the authenticator is only from ur mobile phone only right? say i borrow my friends device for the authenticator can it work?

Sorry about that, didn't climb the thread.

But seeing someone posted about session hijacking, i can see it to be legit, as for now. :S