Just like WoW accounts, Diablo III accounts are worth real money. Blizzard has had experience dealing with compromised accounts for years. This is why it introduced the Battle.net Authenticator, a second level of security that makes it very, very difficult to get your account compromised. Authenticators don't make it impossible to get your account compromised, but they do make compromising your account much more trouble than it's worth in the face of mass keylogging, which is how accounts are normally stolen.
Some people who haven't had a WoW account before but bought Diablo III were undoubtedly surprised when their accounts were compromised, which is understandable. An editor at Eurogamer had his account hacked and responded with an article suggesting that players were getting their sessions hijacked by joining public games and that people were getting compromised with this method even with authenticators attached to their account. Unfortunately, sites all over the internet picked up the story and also reported the session hijacks and bypassed authenticators as fact.
The problem is that neither of those things were correct. In fact, Blizzard says it's actually impossible to do with Diablo III due to the way the infrastructure is set up.
The Diablo III account compromises were caused by the exact same things that have caused every other mass compromise in Blizzard history: keyloggers and unsecured accounts. People have tried to take to the forums with complaints that they got hacked with an authenticator attached to their account, but in every single case, Blizzard reps confirmed that the account either didn't have an authenticator attached or only had an authenticator attached after the compromise.
A lot of people have tried to say that Blizzard is lying and that Blizzard's internal security has been breached in some way, resulting in the attacks, but Blizzard reps insist (rightfully) that that's just not the case. Zarhym put it best last night when replying to these accusations:
He's right, too -- does no one remember the world of PR trouble Sony was in when internal PlayStation Network security was breached and millions of people had their personal information and credit card numbers stolen, and the company didn't tell anyone? Say what you want about Blizzard, but would it make any sense at all to follow in Sony's footsteps?
This whole story is a cautionary tale for people on all ends of the gaming news spectrum -- from the people who posted about the session hijack theory with no evidence, to the sites who reposted the information, to the readers who chose to take the report at face value and not so much as glance at Blizzard's replies and security tips before accusing the company of wrongdoing.
You can't get hacked from playing public games in Diablo III. Get an authenticator, whether it's the physical device or the smartphone program, and your account will be as safe as you can make it. Remember that Blizzard gains nothing from lying to you about your account security but a brief reprieve in a storm of bad PR and legal troubles.
Evil has returned! 1.2 million WoW players are getting Diablo III for free thanks to the Annual Pass. You can get prepared for the evil with WoW Insider's launch coverage. From the lore of Diablo, to the important blue posts and the basics of Diablo gameplay, we'll get you on the inside track for the return of evil.