Hi there,
This is a critical security issue and I will not stop posting this until it has been viewed by the developers and acknowledge ASAP! I will do my best to provide as many details as possible about this incident.
It seems that it is possible to duplicate an account name and battlenet ID.
You read this right! If you have an account with the name “Yourname” and #1234, then it is possible for somebody to have the exact same name and id and prevent you from joining lobbies if they are already in the lobby.
This is an extreme security flaw and has to be addressed immediately as some people are able to impersonate other players and do some nasty things on their behalf, which is UNACCEPTABLE!
Below you will find all the information that I’ve gathered.
The duplicate account is not a hacked account, it is actually another account with the same name and #. I was able to log in the game with my original account and the duplicate account was still in the lobby.
The duplicate account will prevent the original account from joining the lobby. This is the message that is showing up when trying to join the lobby:
“ERROR
The specified game has already started.”
In fact the game did not start as I was talking with the host on discord and then was able to join the lobby with a different account and the duplicate account was still in the lobby.
We were able to get the name and the ID of the duplicate account by swapping them in the lobby. The duplicate account had the following name and #: PyroTDLeague#1496
My account has the same name and ID:
PyroTDLeague#1496
The incident happened around this time: 2:04 PM PST Europe server.
Lobby hosted by: nero#2140
I have the game replay if needed.
Please address this ASAP as it seriously affects my small community and possibly other communities are in danger as well.
Thank you!
Last time I have reported an impersonating account I got banned^^
So, honestly wtfc…^^
So:
seems like a contradiction.
What is not clear from your post is if there was someone purposely logging into the lobby and impersonating you OR there was just a connection with your same account already established in the lobby (due to a network error or something).
I did not use that account for a very long time and then they have randomly joined the lobby. I was extremely surprised.
That’s why I started investigating this.
I have two accounts, that’s why i was able to do all these tests.
My main account is not the one that was being “doubled”.
ALso, joining the game and joining the lobby are totally different things.
I was able to join the game with the original account, but was not able to join the lobby, because the duplicate account was in that lobby.
why is this a critical security issue? the 2002 game had like a thousand weird name spoofing backdoors but it wasnt insecure it was just mildly entertaining when you meet a guy whose name is Death in bright red and you cant type his name to whisper him because the name contains text macros defining the color of red
It’s a critical issue because players might be impersonated by the hacker. Being fully racist, sexist, insulting, trolling and griefing in-game. Some custom maps are attached to the player name + ID, unlocking certain things or tracking stats.
Who knows if this might also affect the MMR games, etc.
Paste the URL and use the “Preformatted Text” markdown on it (the </> symbol in the toolbar).
For example:
www.google.com
So you were in a lobby on your main account (Moltaurn) when you saw another player join who had the same name/number as an older account that you haven’t used in a while (PyroTDLeague)?
When you do that, don’t forget to add that you are 12yo russian and you are the real creator of Dota.
Then for Blizzard is fine, you can abuse whoever you want^^
Were you able to talk to the guy with the duplicate name? I have a suspicion it was just a network error and the network got confused thinking you were in the lobby when you weren’t.