Author Box
Articles Categories
All Categories
Articles Resources

Diablo III Hacked And Blizzards Security System

June 21, 2012 | Comments: 0 | Views: 155

Last month, the gaming giant Blizzard Entertainment, had their security system breached. Hackers had their eyes set on the company's new game that just launched, Diablo III. Users of the game Diablo III have had many of their online valuables wrongfully stolen from them. Some of the valuables consist of online currency and precious hard to obtain gear. These may not seem like much, but as a gamer, one would know that all this equates to time consuming efforts in making one's character stronger and better, which is part of the rewarding gaming experience. Hackers often targeted items like the user's online currency and gear because this could be easily transfer to either the hacker's own Diablo III account or sold to anyone who wished to purchase them. The game itself had had a lot of issues while launching, such as several launch issues, server downtime, securing their systems, and much more.

Blizzard Entertainment does offer a service called Blizzard Authenticator. However, this system of authenticating users is flawed. The authenticator, the Mobile Authenticator app or the Authenticator, is not adopted and used by most users. Blizzard states that, "... in all of the individual Diablo III related compromise cases we've investigated, none have occurred after a physical authenticator or mobile authenticator app was attached to the player's account, and we have yet to find any situation where a Diablo III player's account." Although Blizzard states the above, some Diablo gamers say they have had their accounts hacked while they have implemented Blizzard's Authenticator. The Authenticator is a 2 factor authentication security system but is not the best form of 2 factor authentication that is available out in the market.

The Authenticator uses an authenticator's identity to verify the validity and a user's login credentials. This is essentially a two factor authenticating security system that Blizzard has implemented, with one factor being the user's credentials and the second factor being the password on the mobile authenticator app or the actual authenticator which validates the user and authorizes him/her to access their online account.

The most successful game launch, Diablo III, selling over 10 million copies since the product launched, has generated over $500 million in sales revenue for the company. This staggering amount of revenue brings the attention to many, which some wonders whether if Blizzard will give back to the gaming community. There are some users that are hesitant in purchasing Diablo III because of the data breach that has occurred recently. Many gamers do not want to see all their hard earned work one day just disappear just because of the lack of proper security that Blizzard possess when handling users' accounts. Blizzard does have a way of helping out Diablo III users in recovering their accounts by restoring their account to an earlier point in which they can continue from a point prior to the hacking. Not until the hacking has occurred, most users were unaware that the authenticator service was available to them.

Despite having said that users who subscribed to Blizzard's Authenticator have not been hacked, there are copious amounts of Diablo III users stating on forums that they have been hacked. The Authenticator and the Mobile Authenticator app are flawed in a couple of different ways. The way the authenticator works is by generating a password every 30 seconds. This is fine but the problem is that there is a section where you can enter in a previous password anywhere from 2 to 6 minutes. "Man in the Middle" attacks can easily use this loop hole in order to gain access to Diablo III user accounts. Once permitted to these accounts, the hackers can steal and pawn off the user's hard earned goods. The other main problem with Blizzard's Authenticator is that the one time password that they send out, are in fact not a true OTP (One Time Password). The authenticating security system uses a time based interval system which uses an algorithm that can be easily hacked because the server is on the same network and not an out of band authentication network. With an out of band authentication network, the one time password sent would be less likely compromised.

Blizzard has an abundance of users and should consider beefing up their security system, especially when the company is expected generate $4,500,000,000. Allocating a fraction of this enormous amount of revenue would only keep their customers happy and willing to continue playing as much as they do. Blizzard should be looking into two factor authentication with the added layer of protection, out of band authentication network.

David is a network security professional who believes out-of-band authentication is the most secure form of two factor authentication utilizing a one-time password. He writes to inform businesses about upcoming changes to government regulatory compliance and remote access security.

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

One Time Password


Out Of Band Authentication


Blizzard Hacked


Diablo Hack


Two Factor Authentication

Windows 8 will change the way you work and play, says Microsoft and we agree. Nearly all of the previous iterations of the Windows OS have been evolutionary but Windows 8 is set to change all that.

By: Sakshi Sharma l Computers & Technology > Mobile Computing l April 03, 2013 lViews: 660

Many antivirus programs available today have various features but it entirely depends on the user to make the best choice from among these different computer virus protection programs online. Before

By: Alex l Computers & Technology > Software l December 28, 2012 lViews: 369

You can add a new color to your entertainment life with iskysoft video converter for mac & iskysoft dvd creator for mac and make your Christmas holidays all the more special. iskysoft video

By: Zaithyn Galter l Computers & Technology > Software l December 23, 2012 lViews: 1070

The choices you make regarding the type of recruiting software you choose to use are important. Being an informed consumer is essential to getting a system or components that complement systems of

By: Maria Warne l Computers & Technology > Software l December 14, 2012 lViews: 305

The Cisco certification has become the most popular IT training in recent days and it offers three different levels of these certifications include as: associate, professional and expert-level.

By: sandidas chakma l Computers & Technology > Certification Tests l December 11, 2012 lViews: 236

Millions of prospective 12th standard students are gearing up their preparations for the Joint Entrance Exam for engineering seats. From 2013, it has been decided by the IITs, CBSE, JEE organizing

By: Sarkariexam l Computers & Technology > Certification Tests l December 07, 2012 lViews: 632

SCADA typically refers to computer based industrial control system which basically aids to monitor and control facility based industrial processes and infrastructure. Here industrial processes

By: Ananta Modakl Computers & Technology > Computer Forensicsl June 20, 2012 lViews: 182

The reason why the PCI DSS is often seen as overly prescriptive and over-bearing in its demands for so much security process is that card data theft still happens on a daily basis. What's more

By: Mark Kedgleyl Computers & Technology > Computer Forensicsl June 20, 2012 lViews: 149

An important part of an private investigation can be preliminarily accomplished with nothing more than a telephone, reliable laptop and an Internet connection. Conducting thorough and successful

By: Joseph C Gioconda, Esql Computers & Technology > Computer Forensicsl June 14, 2012 lViews: 252

Since the birth of computers and computer crimes, a relatively new field called computer forensics has served to expertly retrieve data or evidence from these devices. There are various computer

By: Samora Jinqual Computers & Technology > Computer Forensicsl June 13, 2012 lViews: 156

The best SEO companies provide e-marketing services. These firms train online businesses specifically small-scale proprietors to sell their merchandise in a highly cost effective way to intended

By: Roy Allensl Computers & Technology > Computer Forensicsl June 12, 2012 lViews: 152

When an individual (known as a Registrant) creates and registers a new Internet domain name, he leaves clues, pieces of a large complex data puzzle, behind. Understanding and interpreting these clues

By: Joseph C Gioconda, Esql Computers & Technology > Computer Forensicsl June 11, 2012 lViews: 147

To retain the trust and ensure that user's information is safe, Google invests in security and tools for users such as 2-step verification (also called two factor authentication) and encryption.

By: David Kyl Computers & Technologyl April 10, 2012 lViews: 77

Discuss this Article

comments powered by Disqus