In 2011, Battle.net saw thousands of accounts hacked per day with little means of stopping the intrusions, sources close to Blizzard tell Joystiq. Battle.net accounts are generally hacked through keyloggers for Blizzard titles with in-game economies, such as World of Warcraft. This is one reason Blizzard offers a security checklist that includes using a phising filter, installing anti-virus software and of course using an authenticator.
Physical authenticators run an extra $6.50, but they're sold "at cost," meaning Blizzard execs aren't planning any island vacations from key fob earnings. The mobile and Zune authenticator apps are free, but they don't allow you to hang them on your keyring for all the cool kids at school to see.
Reported account hacking instances fall and rise with the in-game economy, the proximity to a new launch or expansion and whether there's a holiday in China, the country where most keylogging hacks are based, sources say.
Diablo 3 denotes a new issue in Blizzard's hacking history, as even single-player games have to be linked to a Battle.net accounts, and are vulnerable to keylogging intrusions, at times even with the proper safeguards.
For now, we offer the same advice that public-school health teachers have been giving youngsters for years: Use protection. And eat your vegetables.
Battle.net® Account Security & Diablo® III
We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. Historically, the release of a new game -- such a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III. We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well. You can read about ways to help keep your account secure, along with some of the internal and external measures we have in place to help us achieve our security goals, at our account security website here: www.battle.net/security.
We also wanted to reassure you that the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises, and we encourage everyone to take advantage of them. In addition, we also recently introduced a new service called Battle.net SMS Protect™, which allows you to use your text-enabled cell phone to unlock a locked Battle.net account, recover your account name, approve a password reset, or remove a lost Authenticator. Optionally, you can set up the Battle.net SMS Protect system to send you a text message whenever important changes occur on your account.
For more information on the Authenticator, visit http://us.battle.net/support/en/article/battle-net-authenticator-faq
For more on the Battle.net Mobile Authenticator, visit http://us.battle.net/support/en/article/battle-net-mobile-authenticator-faq
For more on Battle.net SMS Protect, visit http://us.battle.net/support/en/article/battlenet-sms-protect
We also have other measures built into Battle.net to help protect players. Occasionally, when Battle.net detects unusual login activity that differs from your normal behavior -- such as logging in from an unfamiliar location -- we may prompt you for additional information (such as the answer to one of your security questions) and/or require you to perform a password reset through the Battle.net website. World of Warcraft players might be familiar with this security method already, and Diablo III players may begin to encounter it as well.
As always, if you think you've been the victim of an account compromise, head to the "Help! I've Been Hacked!" tool at http://us.battle.net/en/security/help for assistance.