http://www.forbes.com/sites/insertcoin/2012/05/30/the-horror-of-being-hacked-in-diablo-3/
It’s a bit like walking into your house after a robbery. There’s that same feeling in the pit of your stomach as you approach a front door that’s been kicked in, but instead here you’re greeted by a naked character at the Diablo 3 selection screen. My poor monk, clad only in the scraps he started in, armor and weapons stripped, a sad look in his eye that tells me everything I need to know about what I’m going to find when I log in.
It’s gone, it’s all gone. Every piece of his gear, every treasure I’ve been amassing in my stash for the past eighty hours of gameplay. Every cent I’ve earned from the auction house, every legendary weapon that took fifty hours to drop. All of it, gone. As a final jab from the hackers, he’s equipped only with my account bound Cow Level staff, the only thing they couldn’t steal and salvage. They’re laughing at me.
You hear stories, but you think it won’t happen to you. The sadness in the forums is too distant to be real. But then it happens to your friend. His level 50 wizard lost everything, putting our dual-questing on hold indefinitely. He rages over Skype, and you say “Yeah man, I feel you. I’d be mad too if that happened to me.”
And then, as his support ticket still sits in the service bay, it does happen to you. And you finally know the pain of being hacked firsthand.
To Blizzard’s credit, they do have a very specific system of restoring an account. Allegedly they can restore a character to an earlier point in time, and you’ll have your items and gold back. This has yet to come through for myself or my friend, but it appears all hope is not lost.
But that begs the question, why the hell does this happen in the first place?
If this problem is so widespread and prevalent as to have an automated recovery system in place, how on earth has Blizzard not devised a better way to keep your account secure? Yes, they have an optional “authenticator” which sends a secret code to your phone to login like you’re working at the CIA, but who thought you’d need a security measure like that? I hadn’t even heard of it for D3 until after the hack took place, and though I know authenticators exist, I’ve been just fine without one for literally every other account I’ve ever had from email to banking to every other video game I own. How is that with me clicking on no shady links, and sharing my login or password with no one, my account has been hacked? And how has this happened to so many people there’s an entire assembly line process in place for the apparently inevitable time some thief comes in and steals all your items?
You’re telling me there’s nothing you can do to prevent this? That no alarm bells should go off in-game when a character is stripped of everything it owns, an entire stash is emptied and a gold pile is depleted to zero? How about when such a drastic thing occurs, you prompt whoever’s doing it to answer my security question? Or respond to an email in my inbox? Who on earth would ever ditch an entire character’s gear and gold and have that not be a hacker at play? It’s frustrating how stupid this all seems, and how Blizzard wants to just efficiently maximize clean-up rather than invest in protection.
While the specifics of how I was hacked elude me, one thing remains clear. This is made entirely possible by the fact that I’m forced to always, always be online while playing Diablo 3. This form of DRM is supposed to make the game safe from pirates, but all it seems to have done is to expose all its players to possible plunder. Despite the fact that I’ve only played either by myself or with a friend (which could have been done via LAN), I must be online at all times, and as such, hackers have what appears to be an open door directly into my characters and loot.
I’ve never experienced this in a game before, and it’s jarring, unsettling. To know that a game so heavily invested in online play is this unsecure? It’s terrifying. If they can get my email and password to steal all my virtual goods, I can only imagine what might have happened if the Real Money Auction House was live, and my credit card was linked to it. Instead of looking at a sad, armorless monk, I’d be staring at a $3,000 credit card bill and receipts for a few hundred legendary weapons I’ve bought against my will.
Will I get my stuff back? Probably. Just like real life, the insurance check will come and I’ll be able to replace what was lost. But my sense of security is shattered, and I’m seriously thinking about moving out of the neighborhood. I don’t trust you Blizzard. Not after this.
