What is it that you think about the authenticator, is it that blizzard is lying about? You do realize that blizzard isn't the only company that uses devices like that, right? They've been used in the financial industry for years without incident. Apparently you don't understand the repercussions of blizzard lying about such a vulnerability. Let me explain it for you as simply as I can:

MULTI-MILLION DOLLAR LAWSUIT

Besides ActivisionBlizzard being the target of such a suit, the manufacturer of the authenticators would be in a heap of crap(and by more people than just wow and diablo 3 players).

Again, Blizzard has said multiple times now that they can't find a single instance of someone being "hacked" while having an authenticator before the incident occurred. You have ZERO proof of this besides the moronic trolls on the bnet forum, and there is no reason to believe any of it. As far as Blizzard's sales are concerned, I don't think they have a hell of a lot to worry about with the whole industry-wide record setting sales figures thing that has been in the news. The one thing that could hurt their sales at this point? Massive lawsuits.

If there was a "session id" hack it would not be limited to just Diablo 3. Blizzard has a good decade of experience keeping Battle.net secure thanks to World of Warcraft.

EDIT: The people claiming that there is a "session id" hack are doing this.

You misunderstood me. I mean that maybe the people with authenticators really aren't getting hacked. That still doesn't mean there's not a vulnerability that only effects people without an authenticator.

And take it easy man we all know that the law doesn't always stop companies from lying to the people who are making them millions, so don't act like people are stupid or insane if they think they're being lied to just because of the law.

hahaha this ^

I love the invented attack: "SESSION ID HIJACKING!!!" I'm going to have to agree with jday that this REEKS of troll.

Even though it probably is trolling at its best, it's not impossible that there's a vuln that's local to d3. Even if the backend was nearly identical to wow (shouldn't be?), there could still be something wrong with the frontend that opened something up to an exploit.

What law?

And yes, people are being lied to by trolls on the bnet forum. As far as "Well I haven't ever been phished, I just formatted my PC right before diablo 3 came out" ok, but that doesn't deal with the people who had their battlenet passwords grabbed 6 months ago and only now did people do anything with it(because most people never bother to change passwords unless they have a reason to). Of course there are hundreds of thousands of idiots who see "ooh, I got into the mists of pandaria beta for WoW!" in an email, and instead of logging into battle.net they click the link in the email(that is phishing). Then there is all of the malware that logs keystrokes and can easily detect when a specific application opens(At one point during BC, curse.com had one in the ads on their site), and that's been going on for years. The keyloggers and phishing emails(rather, the idiots who kept falling for them) are the reason Blizzard implemented the authenticators in the first place.

Stop believing the bull-**** and spreading it. Did it ever occur to you that the guy who wanted to add you to your friends list simply enjoyed your company and wanted to play the game with you at a later date? FFS.

It's called a "key logger" and "phishing". I.e. your computer is compromised or you were dumb enough to give out your login info. In other words Diablo 3 HAS NOT BEEN HACKED.

LOL WHOA! Dude like I said how ever many times it's probably trololol but jeez man you seem to have a lot of faith in blizz.

I know plenty about malware and phishing techniques so you can spare me the lesson. Thanks tho

The one that requires companies to notify all affected partied in the event of a breach. I.e. the law that makes it possible to see in the news when a company has lost customer data.

haha ok well in no way could a key logger or phishing be considered a vulnerability in the d3 application itself, and I'm pretty sure you know that.

I don't know why you're even trying to argue with me on this. I'm agreeing with you, it's probably trolls, for the last time. I'm not sure why you seem so insistent that it would impossible for there to be a vulnerability that could be exploited in the d3 app itself that only left people without an 'authenticator' vulnerable.

Oh yeah, that thing that involves multi-million dollar lawsuits.

hahaha! I think there's some kind of communication breakdown here, because you're consistently misreading what I'm writing.

My point is this: It's very likely that people are just getting trolled. HOWEVER, the multi million dollar lawsuit doesn't always scare people away, as you surely know. Oh, and that people should read more carefully before getting all riled up.

Also, what difference does it make if they had an authenticator or not? So just because the people with authenticators are all not getting 'hacked' it means that nobody is getting hacked at all, and everyone is just a n00b? Now I'm starting to think this is just Blizzards ploy to get everyone to get an authenticator!!!!

I jest, I jest

source?

Wait a minute, so Blizz doesn't even guarantee the security WITH the authenticator, as stated in this article.... SO about that multi million dollar lawsuit.. Oh and this:

lolol

Thanks. Still find it hard to believe. i was prety bored one day during the height of that and was pretty active on the forums. there where a LOT of people saying they had authenticators and always have to type their code and still got hacked.

dunno.