Blizzard has responded publicly to the growing numbers of reports that accounts have been hacked, items stolen and in some cases entire characters have been sold in its new dungeon crawling RPG, Diablo III. While it isn't willing to admit much fault in the matter, it has said people should be using the Blizzard authenticator.
While the app is free, buying the hardware version will set you back £9.
This is the latest in a series of problems that have marred the release of what many are claiming is one of the best games of the last few years. First there was the always-on DRM, then the server outages and now the hacking.
"We'd like to take a moment to address the recent reports that suggested that Battle.net and Diablo 3 may have been compromised," Blizzard said in a statement.
"Historically, the release of a new game - such as a World of Warcraft expansion - will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo 3."
While it isn't being said outright, Blizzard is blaming the account holders here. So are the fanboys, many suggesting traditional phishing is responsible for account theft. However, the latest report from users on the official forums, is that it's more to do with playing public games. Despite the always-on DRM and heavy security Blizzard said was necessary, somehow hackers are spoofing session IDs, allowing them to login as someone else without the need for a username or password.
Some of those affected were even using the authenticator, making Blizzard's suggestion seem unthinking and useless. Not addressing this, the Blizzard statement highlights other security mesaures that haven't helped.
"Occasionally, when Battle.net detects unusual login activity that differs from your normal behaviour - such as logging in from an unfamiliar location - we may prompt you for additional information (such as the answer to one of your security questions) and/or require you to perform a password reset through the Battle.net website.
"World of Warcraft players might be familiar with this security method already, and Diablo 3 players may begin to encounter it as well."
For now Blizzard's response to those that have been hacked has been to offer a limited rollback, meaning some gameplay is lost but items and gold are restored. However, it added the caveat that if that player's account is hacked again, then they will be permanently banned from the real money auction house.
Despite this being no fault of the user.
To sum up, Blizzard released a predominantly single player game, with multiplayer features, that requires you to login to a central server to protect people from hacks and piracy. Even with this feature people are getting hacked and a lot of those who spent money on launch day and preordered were unable to play the game because of the required logins and server outages. Even those just wanting to play solo.
It seems hard to figure out how Blizzard can escape this mess with its reputation intact. It will continue for sure, but a big chunk of its audience will be disillusioned.