Blizzard's Network Hacked

[The Great JT]

Already changed my information. Glad they got on telling everyone so quick.

 

[BENZOOKA]

EU Battle.net, still a secure fortress?

*sips apple juice out of a brandy glass on a rotating chair*


'Apparently' they took data that wouldn't allow them instantaneous access so my guess is they're going to sell it to gold farming companies or decoders. It would be a monumental task but it needs you to go onto your account and change the info or you'll just be bombarded with phishing scams and attempts on your account (which hopefully with the authenticator will fail but there's enough kids out there for it to affect).

But yeah, *sigh* get ready for a fresh wave of gold sellers/farmers on your realms. Sorry US.

I say. An antelope nibbling the hoops. Blizzard ought to improve their tinny security measures across the pond.

 

[Callate]

(facepalm)

"Pirates to the left of me, Hackers to the right, here I am... Stuck in the middle with you..."

 

[LetalisK]

And because Blizzard is a company with a half decent PR department, this will be promptly buried.

Yes like how their CEO wrote a huge blog, and posted it to every conceiveable means of online communication Blizzard has. Yep, certainly buried.

*sigh* There is more than one way to skin a cat, you know. My point was that anyone with a decent PR department will be able to handle this and it'll be old news quickly. It was a stab at Sony.

 

[irishda]

Remember back when Blizzard was trying to convince us that turning Diablo 3 into a game that relied heavily on Always-On DRM would make the game more secure from hackers? And remember how they told us that Battle.net was just so secure and that there was no way that hackers could get in and interfere with your gameplay, even as numerous people reported that accounts were being hacked and relieved of items in Diablo 3?

Pepperidge Farm remembers. And so do I.

While I don't normally wish harm upon anyone and I feel very sorry for the poor gamers who has entrusted Blizzard with their information, I have to be honest: Blizzard deserves every last bit of this. They were the ones boldly proclaiming that Diablo 3 was the next step in hacker-free gaming, arrogantly presuming that their Battle.net system could not be hacked, and using the DRM as a platform to make more money through the Auction House. This is what kills good studios: steps towards money and away from quality.

Turn back now, Blizzard. You're going down a path that leads to EA-ism: a blind focus on corporate interests and money-making over quality assurance and putting care into your products. Once you start down the dark path, forever will it dominate your destiny!

Kind of a logical fallacy. Strategy A fails once, therefore is entirely ineffective? Hell it took 'em 3 months to get information that apparently doesn't even give access to an account.

I've got reasons to hate the always-online model, but I'm not completely naive to think that it hasn't helped deter/protect against some cracks. And considering people have probably been trying to crack open this thing since day 1, I'd say it's been largely successful.

 

[CAPTCHA]

So I went to check my account which I haven't used in months, since I thought it would be prudent to change my password, but someone else had beaten me to it. I tried to get the new password sent to my email, which it wouldn't allow because to many attempts had been made. I contacted support and they rolled back my account.

Yay for securtity? :/

 

[Ken Sapp]

I notice it says nothing about the keychain authenticators. Can we take that to mean that those of us with them are less at risk then the mobile authenticator users?

I can say with a straight face, yes.

*pats keychain*

A keychain authenticator is no more secure than a software authenticator. Both use a secret sauce, a serial number, and a timer which are hashed to generate psuedorandom strings of numbers. If you have the secret sauce, serial, and know the method used to hash the sauce, serial and timer then you have the keys to the kingdom.

Look at what happened to RSA, one of the largest makers of keychain authenticators. Hacker managed to steal the secret sauce behind all of their authenticators which meant that if they could determine the serial numbers associated with a user's dongle then they had compromised one entire leg of user authentication. Any security from using authenticators is then destroyed.

They have not said that keychain authenticator information has been compromised as well yet, but I doubt that anyone who gained access to the mobile authenticator information didn't also gain access to keychain authenticator information. This is the same company that thinks that case-insensitive letters and numerals are sufficient security for your account password. That reduces the potential strength of passwords dramatically.

 

[MrBrightside919]

I just got my Battle.net account back from a goddamn chinese hacker like a month ago...

Thanks, Blizzard...I'm glad I can trust you with my information...

 

[antipunt]

The picture chosen is perfect.

Ticus: "hell... it's about..time"

 

[Harbinger_]

So we just hear about this now? I mean it's almost the 10th. Thats nearly a week that they decided not to mention anything.

Would you prefer a news conference every time a company notices something erroneous, so we call all flip our collective shits until they realise it really wasn't anything at all?
And then when it IS something, we can all roll our eyes at the announcement and ***** at them for their constant scaremongering!

... I think someone could write a story out of this, but maybe make it a bit more low-tech. Instead of hacked servers, maybe... ooh, maybe a wolf could show up and eat some sheep...

I would prefer a company as large as Blizzard or Sony to actually come out and speak to it's clients within 24 hours of them discovering whats going on. The fact that personal information was stolen is actually important. Even telling them, "Hey someone hacked our stuff, we don't really know whats been grabbed yet, we'll keep you up to date." would have sufficed.

Also could you be anymore of a jerk about this?

 

[Loop Stricken]

Also could you be anymore of a jerk about this?

I could absolutely be more of a jerk about this.

You don't know how long it took them to discover what had been compromised. It could well have been less than 24 hours after this discovery that the public statement was released.
They could've sat on it for an entire week, for whatever reasons they have.
They could've not told you at all.

Am I defending Blizzard? Eh, kinda. I hope, however, that I'm coming off as a more level-headed and rational individual not pouring petrol over every Blizzard employee and waving my lighter about for the perceived slight they inflicted upon me by not telephoning me within 30sec notifying me that there might be a problem.

 

[Harbinger_]

Also could you be anymore of a jerk about this?

I could absolutely be more of a jerk about this.

You don't know how long it took them to discover what had been compromised. It could well have been less than 24 hours after this discovery that the public statement was released.
They could've sat on it for an entire week, for whatever reasons they have.
They could've not told you at all.

Am I defending Blizzard? Eh, kinda. I hope, however, that I'm coming off as a more level-headed and rational individual not pouring petrol over every Blizzard employee and waving my lighter about for the perceived slight they inflicted upon me by not telephoning me within 30sec notifying me that there might be a problem.

And all I said is that from the time that it was discovered to the time they told us was a week. You seem to be assuming that I'm doing alot of gas pouring especially with the price of it these days. I work in technical support. If something gets hacked or something breaks we tell people as soon as we can, even if it's just 'something's wrong, we'll let you know more as we find out.'

 

[Loop Stricken]

Also could you be anymore of a jerk about this?

I could absolutely be more of a jerk about this.

You don't know how long it took them to discover what had been compromised. It could well have been less than 24 hours after this discovery that the public statement was released.
They could've sat on it for an entire week, for whatever reasons they have.
They could've not told you at all.

Am I defending Blizzard? Eh, kinda. I hope, however, that I'm coming off as a more level-headed and rational individual not pouring petrol over every Blizzard employee and waving my lighter about for the perceived slight they inflicted upon me by not telephoning me within 30sec notifying me that there might be a problem.

And all I said is that from the time that it was discovered to the time they told us was a week. You seem to be assuming that I'm doing alot of gas pouring especially with the price of it these days. I work in technical support. If something gets hacked or something breaks we tell people as soon as we can, even if it's just 'something's wrong, we'll let you know more as we find out.'

Does your technical support involve billing?
Is it your company policy to unduly worry millions of paying customers every time there's a glitch in the system, thus undermining their faith in your capabilities?