Diablo III is the latest chapter in one of the most popular PC gaming titles out there. Coming out twelve years after the last chapter, Diablo III launched last week to much fanfare and anticipation after becoming Amazon’s most pre-ordered PC game ever.
Diablo III is like many games these days where users have an online account and their characters and inventories are stored online and tied to that account; in this case through Blizzard’s Battle.Net service. Since the launch last week, reports started coming out over the weekend from players saying that after logging in they found their online characters’ gold and inventory was gone.
Yesterday, Blizzard made an official statement about the problem. They noted that what players are seeing is the result of their Battle.Net accounts being hijacked by unauthorized users.
This isn’t the first time players of a major online game have seen their accounts hijacked and their inventories stolen. Account hijackings leading to inventory theft have plagued other games like World of Warcraft (which also uses the Battle.Net service) and Halo 3.
While online account hijackings aren’t uncommon, what makes hijackings of game items interesting is how it translates into real dollars for the criminals. In-game gold and items that are stolen quickly find their way onto a shadowy underground market where the criminals will sell other players’ items to turn online treasure into real money. There have even been reports of organized “gangs” in places like China and North Korea doing this. Particularly unique items, like the “Recon Armor” in Halo 3, have been targeted for their high value.
To Blizzard’s credit, they’ve moved to acknowledge the latest round of hijackings quickly and highlighted tools that players can use to increase security: the Battle.Net Authenticator and Battle.Net Mobile Authenticator. These tools give additional protections by requiring you to enter an additional one-time code when you login to your Battle.Net account.
As Blizzard notes, this isn’t a new problem or unique to Diablo III. It’s one of the risks that players of high-profile online games face these days. The important thing is for players to be aware of these risks and to take appropriate steps to help better protect their accounts.
Christopher Budd is a freelance writer and independent consultant in the areas of online security and privacy, social media, incident response and crisis communications. A ten-year veteran of the Microsoft Security Response Center (MSRC), he combines his prior career as an engineer with his communications expertise to help customers bridge the gap between the technical and communications realms and “make awful news just bad.” Follow him on Twitter and Facebook.