Eurogamer

Eurogamer has received multiple reports of Diablo 3 accounts being hacked.

Over the weekend Eurogamer writer Christian Donlan saw his account hacked and transferred to the control of the mysterious Anna. Her conversation with Eurogamer reviews editor Oli Welsh is documented below.

A quick glance online shows multiple reports of Diablo 3 accounts being hacked, suggesting it is a growing issue. Players have seen the loss of items stored in character inventory and stash, and gold removed as their accounts are stripped bare. Blizzard has been working to "roll back" affected characters to a point before accounts were compromised, but some progress is lost.

The reports coincided with the EU Diablo 3 servers going offline on Sunday afternoon for around four hours, preventing players from logging in (error 33). It has been suggested that the EU servers were taken offline following a SQL injection attack, but this remains unconfirmed.

Blizzard offers an Authenticator designed to provide extra security to your account. Donlan did not have the authenticator before the hack, but reports suggest accounts have been compromised even with this enabled.

One theory suggested by players on the Battle.net forum revolves around hijacking session identifiers, which would allow hackers to take over accounts without alerting Blizzard's authentication server. Again, this remains unconfirmed.

Whatever the cause, Blizzard will be keen to address the situation quickly, especially in light of the upcoming release of the real money auction house and the growing complaints from players. Blizzard said last week it was set for release at the end of the month.

Eurogamer has requested comment from Blizzard, which is yet to address the issue.

thank god i have a level 10 barbarian work has saved me !

People's accounts get hacked all the time in every game. People will be idiots with idiotic passwords. This is nothing new

This is why you get an authenticator

Wow accounts have been getting hacked for years ( most of the time due to trojan people download while visiting mods sites), this is hardly news ( being the top guild on my wow server 3 years ago we had one member hacked a month on average, always those without authenticator..).
The only answer is like someone said earlier in this thread to get an authenticator...

As for stealing sessionsID I don't see how it would work, D3 uses the same authentication server as Wow..
The first time you log from a new IP the game always asks for your authenticator code if you have one attached to the account...

it will get a lot worse when the real money auction-house goes live

It sounds like a server attack, not a password stealing.

Edit: Yes, the consensus is that all you have to do is have played a multiplayer game OR be friends with someone who has. This exposes your session ID which can be used without needing to know your password.

Ah, my mistake then. 

Oh noes! Watch out Prof! They are going to take your life away!!!

Well looks like Blizzard has denied it. Sorry about that.