Account Security Warning for Diablo III Players

We’ve recently heard a rash of reports about Diablo III players getting their accounts hacked, even if they have an active authenticator. Several lengthy threads (like this one) on the Blizzard forums and an article on The Examiner seems to indicate that this is problem could be widespread.

Details aren’t entirely clear yet, but this issue doesn’t appear to be your run-of-the-mill keylogger or other client-side virus. The evidence thus far suggests a possible security hole in the game itself that’s allowing hackers to gain unauthorized access to others’ accounts via the friends list or game session, where players are joining public games with suspicious characters, only to discover their accounts ransacked shortly afterwards. We haven’t seen any official confirmation from Blizzard about any potential exploit, but for now, we would strongly urge any of you playing Diablo III to:

Check your friends list and remove anyone you don’t know and trust. Don’t join a game with someone you don’t know, and avoid public games like the plague.

Hopefully we’ll see some official word from Blizzard before long. Until then, be smart and remain vigilant (and get an authenticator anyway, good practice).