Last week, I postulated that Diablo III’s perpetual internet connection requirement was, despite claims to the contrary, largely a thinly-veiled method of DRM. I was, of course, told that I was wrong – that the reason you had to authenticate was because of the game’s persistent economy and to prevent character hacking. While the latter still holds true – people aren’t hacking their way to victory (yet) – the always-on requirement hasn’t done the persistent economy any good.
Reports have begun circulating that a number of Diablo III accounts have been compromised – and that player’s loot and gold stashes have disappeared.
One such victim is Eurogamer’s own Chris Donlan – whose for account the hacky-slashy-looty RPG was accessed by someone who claimed to have bought it. It’s a situation that’s echoed all over the official Diablo III forums, with users complaining of unauthorised account access and rampant gold theft . According to forum users, hacker-types have managed to find a way to bypass Blizzard’s Mobile Authenticator, an extra layer of security.
There are no solid details and a lot of speculation; many forum users claim that people have found a way to spoof session ID’s, allowing them to take over, and subsequently loot characters.
“an exploit was discovered by duplicating a session ID. basically, if you join a public game with people, they can view your session ID and spoof it to login as you without need for a password or email or anyting (sic),” said one forumite. “if you play with people, try not to play in public games bro, only with people you know”
Seemingly aware of the issues, Blizzard responded with :
“We are very aware of these reports and are taking them very seriously. Please keep an eye on the General Discussion forums as Community members will be posting something soon.”
The company’s also released a lengthy statement, which you can read here.
It’s a been a rocky launch week for Diablo III, a game that people have been waiting over a decade for; first it was hit with server collapse, preventing people from playing the game they’d just bought, then Blizzard was forced to postpone its real-money auction house – and now it looks like user accounts might be compromised.
Always online single-player games? The future!
Last Updated: May 22, 2012