2012年5月22日 星期二

D3伺服器發生重大漏洞,出現大量帳號被盜事件


D3伺服器發生重大漏洞,出現大量帳號被盜事件

內容大意是提到Diablo3的伺服器安全防護出現漏洞,只要玩家曾加入過隨機的公開遊戲,就有可能被駭客取得你的驗證用ID,並以此ID繞過系統的檢查機制,直接登入你的帳號。

目前歐洲伺服器已有多位玩家受害,幾乎都是角色的金錢和裝備遭到洗劫一空,損失慘重。

詳細原文如下:

Eurogamer has received multiple reports of Diablo 3 accounts being hacked.
Over the weekend Eurogamer writer Christian Donlan saw his account hacked and transferred to the control of the mysterious Anna. Her conversation with Eurogamer reviews editor Oli Welsh is documented below.
1
A quick glance online shows multiple reports of Diablo 3 accounts being hacked, suggesting it is a growing issue. Players have seen the loss of items stored in character inventory and stash, and gold removed as their accounts are stripped bare. Blizzard has been working to "roll back" affected characters to a point before accounts were compromised, but some progress is lost.

The reports coincided with the EU Diablo 3 servers going offline on Sunday afternoon for around four hours, preventing players from logging in (error 33). It has been suggested that the EU servers were taken offline following a SQL injection attack, but this remains unconfirmed.

Blizzard offers an Authenticator designed to provide extra security to your account. Donlan did not have the authenticator before the hack, but reports suggest accounts have been compromised even with this enabled.
One theory suggested by players on the Battle.net forum revolves around hijacking session identifiers, which would allow hackers to take over accounts without alerting Blizzard's authentication server. Again, this remains unconfirmed.

Whatever the cause, Blizzard will be keen to address the situation quickly, especially in light of the upcoming release of the real money auction house and the growing complaints from players. Blizzard said last week it was set for release at the end of the month.

Eurogamer has requested comment from Blizzard, which is yet to address the issue.


轉載自《小7俱樂部