Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Battle.net Security Breach

Battle.net announces an "important security update," revealing Blizzard has discovered "unauthorized and illegal access into our internal network." As a result, they recommend that North American users change their passwords, though they say they believe that the information retrieved "alone is NOT enough for anyone to gain access to Battle.net accounts." They also have written up an Important Security Update FAQ with all the details on this, including the surprising news that "information was taken that could potentially compromise the integrity of North American Mobile Authenticators," which will lead to a software updates.

View
58 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >

58. Re: Out of the Blue Aug 11, 2012, 12:44 Prez
 
nin wrote on Aug 10, 2012, 11:20:

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning

We seriously need drug testing here...


Definitely. Um, wait... what would be the penalty for failing? Not that I'm worried or anything.
 
Avatar 17185
 
“The greatness of a nation and its moral progress can be judged by the way its animals are treated.”
- Mahatma Gandhi
Reply Quote Edit Delete Report
 
57. Re: Battle.net Security Breach Aug 10, 2012, 14:53 Verno
 
Of course not. The Chinese government paid for every account they gave to their imprisoned gold farmers, making ActiBlizz "leally lich"

Obviously the Chinese government was not responsible (that dude is crazy) but this was definitely a targeted attack, Blizzard is a very visible and lucrative target after all. Also for those saying compromised accounts as a result of this are unlikely, remember that RSA themselves (makers of the keyfobs) were compromised in a spear phishing campaign through their accounting department. This set off a chain of events where the hackers were able to probe/sniff the network for weeks (at one of the most secure companies in the world btw) until they finally uploaded a bunch of stolen data to C&C servers which is how it was discovered. Then Lockheed Martin (who also used SRP) was compromised 2 weeks later through a VPN tunnel using authentication data obtained from the RSA hack. Any OTP system is vulnerable to interception and MITM attacks as well.
 
Avatar 51617
 
Playing: Divinity Original Sin, Destiny, Fire Emblem
Watching: Continuum, Star Trek TNG, Haunt
Reply Quote Edit Delete Report
 
56. Re: Battle.net Security Breach Aug 10, 2012, 14:11 Steele Johnson
 
Not enough? Somebody changed my freakin' email yesterday!  
Reply Quote Edit Delete Report
 
55. Re: Out of the Blue Aug 10, 2012, 13:15 El Pit
 
NegaDeath wrote on Aug 10, 2012, 13:05:
nin wrote on Aug 10, 2012, 11:20:
We seriously need drug testing here...

No good, the drug test kits are made in China. It's a plot, a plot I tells ya!

Here you go, bud. Take my spare tin foil hat and sit right next to me!
 
Consoles? I owned two: a Pong clone and an Atari 2600. And that's it.
Reply Quote Edit Delete Report
 
54. Re: Out of the Blue Aug 10, 2012, 13:05 NegaDeath
 
nin wrote on Aug 10, 2012, 11:20:
We seriously need drug testing here...

No good, the drug test kits are made in China. It's a plot, a plot I tells ya!
 
Avatar 57352
 
Reply Quote Edit Delete Report
 
53. Re: Out of the Blue Aug 10, 2012, 11:31 El Pit
 
nin wrote on Aug 10, 2012, 11:20:

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning

We seriously need drug testing here...


Of course not. The Chinese government paid for every account they gave to their imprisoned gold farmers, making ActiBlizz "leally lich".
 
Consoles? I owned two: a Pong clone and an Atari 2600. And that's it.
Reply Quote Edit Delete Report
 
52. Re: Out of the Blue Aug 10, 2012, 11:20 nin
 

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning

We seriously need drug testing here...

 
http://www.nin.com/pub/tension/
Reply Quote Edit Delete Report
 
51. Re: Out of the Blue Aug 10, 2012, 10:53 AngelicPenguin
 
El Pit wrote on Aug 10, 2012, 04:05:
Rigs wrote on Aug 9, 2012, 19:36:
I'm just gonna go on a hunch here and assume that the 'hackers' were, oh, I dunno, Chinese maybe? How long is this country (and the world for that matter) going to put up with these bullshit games China is playing?! If we kept getting caught with our virtual schlongs in the honey pot, so to speak, how long do you think they would put up with it before using it as an excuse to start a war, maybe with Taiwan? Yet we sit back and just zip our fly's back up and say, 'Oh you crazy Chinese! Always into something, eh?! Silly, at least use some lube next time, huh?' ....
=-Rigs-=

China is using professional hackers like Switzerland is using its banks: for crime, for theft. But since China (and, to a far lesser extent, of course, Switzerland, too) is the last real economical super power at the moment, every country wants to befriend it. India and Brazil are up and coming huge economies, but at the moment it's China that the US dollar, the UK pound, and the European euro depend on. China knows this and bullies everyone and their mother. I don't see a way to change this, unless India and Brazil break through and become the big players in the market even sooner to rival China. Up to then, China can more or less do what it wants.

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning
 
Avatar 55985
 
Reply Quote Edit Delete Report
 
50. Re: Battle.net Security Breach Aug 10, 2012, 08:58 Verno
 
NKD wrote on Aug 10, 2012, 06:31:
This has nothing to do with just hijacking accounts, bug exploits, keylogging people, or any of the excuses dreamed up by incompetent users. It's an actual unauthorized access of their databases that occurred on or around August 4th. Nasty bit of business.

That's really the problem though, no one knows. The FAQ says they detected the intrusion on August 4 but that means nothing, it could have been done pre-launch Diablo 3 for all we know. The bottom line is that it's really difficult (now more than ever) to blame users when Blizzard itself has very serious security problems. They just leaked their north american customer database to the world, the liability issues could be problematic.

On a personal note I'm interested in how exactly this was accomplished. Post Sony hack, most networks at large companies these days are segregated enough that you can't simply hack a web server to obtain access to an internal database server. I doubt we'll ever hear the details but it would be really neat to hear how this was accomplished.
 
Avatar 51617
 
Playing: Divinity Original Sin, Destiny, Fire Emblem
Watching: Continuum, Star Trek TNG, Haunt
Reply Quote Edit Delete Report
 
49. Re: Battle.net Security Breach Aug 10, 2012, 08:19 briktal
 
Dades wrote on Aug 10, 2012, 07:25:
passwords (encrypted, not stored plaintext)

Their wording is really vague on this which concerns me. Cryptographically scrambled means what exactly? Hashed and salted? Encrypted? ROT13? What? It's kind of important. I don't need someone to parrot industry standards to me either, the company just got breached so my faith in them following any industry standards is pretty much nil.

I guess they didn't want to bother explaining however http://en.wikipedia.org/wiki/Secure_remote_password_protocol works and is set up.
 
Reply Quote Edit Delete Report
 
48. Re: Battle.net Security Breach Aug 10, 2012, 07:25 Dades
 
passwords (encrypted, not stored plaintext)

Their wording is really vague on this which concerns me. Cryptographically scrambled means what exactly? Hashed and salted? Encrypted? ROT13? What? It's kind of important. I don't need someone to parrot industry standards to me either, the company just got breached so my faith in them following any industry standards is pretty much nil.
 
Avatar 54452
 
Reply Quote Edit Delete Report
 
47. Re: Battle.net Security Breach Aug 10, 2012, 06:56 InBlack
 
If anything this 'admission' by Blizzard will only increase phishing attempts.

Now that they have user emails, savy scammers will proliferate them with fake Blizz security emails that redirect suckers to fake Blizzard sites where people will unwittingly give away their passwords because Blizzard told them changing them would be a wise precaution.

Great job Blizz!
 
Avatar 46994
 
I have a nifty blue line!
Reply Quote Edit Delete Report
 
46. Re: Battle.net Security Breach Aug 10, 2012, 06:31 NKD
 
Dev wrote on Aug 10, 2012, 06:20:
Oh, you mean the hacking that was denied about the session id being hijacked to grab an account?

Or is this some completely different hack that they are finally admitting?

This has nothing to do with just hijacking accounts, bug exploits, keylogging people, or any of the excuses dreamed up by incompetent users. It's an actual unauthorized access of their databases that occurred on or around August 4th. Nasty bit of business.

Someone got email addresses, security questions, passwords (encrypted, not stored plaintext), and mobile and dial-in authenticator info (not the little keyfob ones though) My guess is that means the serial # associated with the account.
 
Avatar 43041
 
If you don't like where gaming is heading, stop giving your money to the people who are taking it in that direction.
Reply Quote Edit Delete Report
 
45. Re: Battle.net Security Breach Aug 10, 2012, 06:20 Dev
 
Oh, you mean the hacking that was denied about the session id being hijacked to grab an account?

Or is this some completely different hack that they are finally admitting?

Edit: Internal access hack? At least they don't suck quite as bad as sony with all the valuable info in plain text.

This comment was edited on Aug 10, 2012, 06:29.
 
Reply Quote Edit Delete Report
 
44. Re: Out of the Blue Aug 10, 2012, 04:55 Luke
 
Kajetan wrote on Aug 10, 2012, 04:48:
El Pit wrote on Aug 10, 2012, 04:41:
Kajetan wrote on Aug 10, 2012, 04:37:
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?

Both.
Any proof besides some unhealthy paranoia?

Turn that around
 
Reply Quote Edit Delete Report
 
43. Re: Out of the Blue Aug 10, 2012, 04:48 Kajetan
 
El Pit wrote on Aug 10, 2012, 04:41:
Kajetan wrote on Aug 10, 2012, 04:37:
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?

Both.
Any proof besides some unhealthy paranoia?
 
Reply Quote Edit Delete Report
 
42. Re: Out of the Blue Aug 10, 2012, 04:41 El Pit
 
Kajetan wrote on Aug 10, 2012, 04:37:
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?

Both.
 
Consoles? I owned two: a Pong clone and an Atari 2600. And that's it.
Reply Quote Edit Delete Report
 
41. Re: Out of the Blue Aug 10, 2012, 04:37 Kajetan
 
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?
 
Reply Quote Edit Delete Report
 
40. Re: Battle.net Security Breach Aug 10, 2012, 04:26 Mordecai Walfish
 
There system has likely been internally compromised since their beta, judging from the sheer amount of fuckery that's been happening since launch.

Fanboys will continue to tell you Blizzard's security is bulletproof and can do no wrong, and that it was only the end user's fault for not being a long-time WoW player and not understanding sensitive Blizzard-y things like proper account security.

Blizzard is one of those companies that I hope dies a quick and painful death. I haven't played D3 since the first month of release, and even then I had decided that I would not be contributing any money towards this game. (luckily we have a "guild" in town with a couple Wal-Mart employees that got me a cd/key for $5.)


EDIT: It's even more likely they were compromised at launch and j
just did not report it to the consumers yet. This is not about customers-- it's about profit.

Thats the problem with this whole story.. You simply cannot trust EA/Activision to be upfront about a hack in their game within a couple months of release, because they realize it would absolutely wreck their sales.. and that is *all* that matters internally now. Even if they're required to disclose consumer-affecting security breaches by law, they can just pretend they didn't know beforehand and all is well.

This comment was edited on Aug 10, 2012, 04:54.
 
Reply Quote Edit Delete Report
 
39. Re: Out of the Blue Aug 10, 2012, 04:05 El Pit
 
Rigs wrote on Aug 9, 2012, 19:36:
I'm just gonna go on a hunch here and assume that the 'hackers' were, oh, I dunno, Chinese maybe? How long is this country (and the world for that matter) going to put up with these bullshit games China is playing?! If we kept getting caught with our virtual schlongs in the honey pot, so to speak, how long do you think they would put up with it before using it as an excuse to start a war, maybe with Taiwan? Yet we sit back and just zip our fly's back up and say, 'Oh you crazy Chinese! Always into something, eh?! Silly, at least use some lube next time, huh?' ....
=-Rigs-=

China is using professional hackers like Switzerland is using its banks: for crime, for theft. But since China (and, to a far lesser extent, of course, Switzerland, too) is the last real economical super power at the moment, every country wants to befriend it. India and Brazil are up and coming huge economies, but at the moment it's China that the US dollar, the UK pound, and the European euro depend on. China knows this and bullies everyone and their mother. I don't see a way to change this, unless India and Brazil break through and become the big players in the market even sooner to rival China. Up to then, China can more or less do what it wants.

This comment was edited on Aug 10, 2012, 04:41.
 
Consoles? I owned two: a Pong clone and an Atari 2600. And that's it.
Reply Quote Edit Delete Report
 
58 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >


footer

.. .. ..

Blue's News logo