Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Battle.net Security Breach

Battle.net announces an "important security update," revealing Blizzard has discovered "unauthorized and illegal access into our internal network." As a result, they recommend that North American users change their passwords, though they say they believe that the information retrieved "alone is NOT enough for anyone to gain access to Battle.net accounts." They also have written up an Important Security Update FAQ with all the details on this, including the surprising news that "information was taken that could potentially compromise the integrity of North American Mobile Authenticators," which will lead to a software updates.

View
58 Replies. 3 pages. Viewing page 2.
< Newer [ 1 2 3 ] Older >

38. Re: Battle.net Security Breach Aug 10, 2012, 03:58 Luke
 
s1mon75 wrote on Aug 10, 2012, 02:47:
eunichron wrote on Aug 9, 2012, 21:25:

Yet we have no sense of timeline here. They never said when the breach actually happened ...

Let me Copy and Paste from their Q&A

When did Blizzard learn of the unauthorized access?
The trespass into our internal network was detected by us on August 4, 2012.


Thats not to say when the breach began of course ..

Im a fanboy, im happy to admit it. But tell me another PC gaming house that deserves such a high amount of faith?

However they are far from infallible. But ill bet a months pay that they will continue to break records for sales and generate profits that keeps the industry green with envy. For me thats a good thing, because I love to game. Thats what keeps me happy, an enjoyable gaming experience.

I love to game. Thats what keeps me happy, an enjoyable gaming experience.

Me too , tho not for every price
 
Reply Quote Edit Delete Report
 
37. Re: Battle.net Security Breach Aug 10, 2012, 03:56 Luke
 
Creston wrote on Aug 10, 2012, 01:53:
Diablo 3 comes out. Tons of people lose access to their character by what they believe are hacks.

Blizzard patronizingly informs everyone that there is no evidence of hacks, their (mobile) authenticators are not compromised, and it's really all just a case of a hacker being fortunate enough to have found passwords that match across sites, quite a surprisingly large number of times.

Blizzard fanboys scathingly dismiss any claim of hacks as "hate against Blizzard."

Two months later, Blizzard admits their network has been breached, their mobile authenticators are probably compromised.

So now what, fanboys? Gonna admit that, shit, maybe people who said they had an authenticator and who had a unique password and STILL lost access to their character were maybe right? Or are you going to keep sucking Mike Morhaime's cock until HE is blue in the face?

Creston

seeing how many fanbois still believes in this compagny , i would say mike morhaime's face looks like a plasticback with a "set to full speed" vacuum cleaner attached
 
Reply Quote Edit Delete Report
 
36. Re: Battle.net Security Breach Aug 10, 2012, 03:46 Luke
 
s1mon75 wrote on Aug 9, 2012, 21:09:
Im shocked they were so open about the intrusion, usually companies are more coy about these incidents.

Ohh and to the people who are saying 'this is the last straw, im never dealing with Blizzard again'. Your full of shit and we both know it. Continue to rant, yet the vast majority of their users will continue to play and enjoy their games.

Ohh and to the people who are saying 'this is the last straw, im never dealing with Blizzard again'. Your full of shit and we both know it

Ehmm not everyone has a jelly backbone like you...okay
 
Reply Quote Edit Delete Report
 
35. Re: Battle.net Security Breach Aug 10, 2012, 02:47 s1mon75
 
eunichron wrote on Aug 9, 2012, 21:25:

Yet we have no sense of timeline here. They never said when the breach actually happened ...

Let me Copy and Paste from their Q&A

When did Blizzard learn of the unauthorized access?
The trespass into our internal network was detected by us on August 4, 2012.


Thats not to say when the breach began of course ..

Im a fanboy, im happy to admit it. But tell me another PC gaming house that deserves such a high amount of faith?

However they are far from infallible. But ill bet a months pay that they will continue to break records for sales and generate profits that keeps the industry green with envy. For me thats a good thing, because I love to game. Thats what keeps me happy, an enjoyable gaming experience.
 
Reply Quote Edit Delete Report
 
34. Re: Battle.net Security Breach Aug 10, 2012, 01:53 Creston
 
Diablo 3 comes out. Tons of people lose access to their character by what they believe are hacks.

Blizzard patronizingly informs everyone that there is no evidence of hacks, their (mobile) authenticators are not compromised, and it's really all just a case of a hacker being fortunate enough to have found passwords that match across sites, quite a surprisingly large number of times.

Blizzard fanboys scathingly dismiss any claim of hacks as "hate against Blizzard."

Two months later, Blizzard admits their network has been breached, their mobile authenticators are probably compromised.

So now what, fanboys? Gonna admit that, shit, maybe people who said they had an authenticator and who had a unique password and STILL lost access to their character were maybe right? Or are you going to keep sucking Mike Morhaime's cock until HE is blue in the face?

Creston
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
33. Re: Battle.net Security Breach Aug 9, 2012, 22:58 The Pyro
 
Hashed and salted tables are useless

Unfortunately that's not entirely accurate. If the salting algorithm is known, or can be deduced from a few accounts with known passwords, then it becomes relatively easy to determine which accounts are using common passwords. You wouldn't be able to brute-force a specific account using this technique. But if you suspect that a lot of users have the password "zergling" then you can quickly calculate the hashes for that and compare them to the hashes in the database. That'll gain you access to several accounts.

The moral of the story is that you still need a strong password even if you know it's going to be hashed.
 
Reply Quote Edit Delete Report
 
32. Re: Battle.net Security Breach Aug 9, 2012, 21:32 Dades
 
s1mon75 wrote on Aug 9, 2012, 21:09:
yet the vast majority of their users will continue to play and enjoy their games.

The majority hitting the web in general bitching up a storm or the majority of millions of lost wow subs in the last three months?

You don't speak for a majority more than anyone else does. Every company is fallible, Blizzard is no different.
 
Avatar 54452
 
Reply Quote Edit Delete Report
 
31. Re: Battle.net Security Breach Aug 9, 2012, 21:25 eunichron
 
HorrorScope wrote on Aug 9, 2012, 21:15:
Lesson:

Lean towards believing something when several people from around the globe are reporting it. Stop being a fanboy and just call things they way they are or at least be open to not debunk it with no proof on your end. This isn't end of the world stuff, but acknowledge.

So when people with authenticators were stating they were still being hacked, fanboy wanted to beat on them with no remorse or consideration of that possibility. Just like the first reports of RROD nack in the day, MS fanboy didn't want to believe the HW was so shoddy. Over time we found out precisely the HW was shoddy and the reports were in fact true.

I will admit a second level like an authenticator is a lot lot better then a simple user/password. However I do like Mouse click pins vs authenticators because it isn't another app or device and it's just as good.

Yet we have no sense of timeline here. They never said when the breach actually happened. It could have happened over the last few days, in which case the breach had nothing to do with the reports of hacked accounts within the first couple weeks. If the breach happened shortly after launch, then yeah, there's probably something to it.

I'm just surprised a breach of this magnitude didn't happen sooner. We've seen Sony, Riot, Trion, and Valve hacked in the last couple years, and Battle.net is as big a target as those systems... it was just a matter of time.
 
Avatar 13977
 
Reply Quote Edit Delete Report
 
30. removed Aug 9, 2012, 21:23 RailWizard
 
* REMOVED *
This comment was deleted on Aug 10, 2012, 00:30.
 
Reply Quote Edit Delete Report
 
29. Re: Battle.net Security Breach Aug 9, 2012, 21:18 RailWizard
 
s1mon75 wrote on Aug 9, 2012, 21:09:
Ohh and to the people who are saying 'this is the last straw, im never dealing with Blizzard again'. Your full of shit and we both know it. Continue to rant, yet the vast majority of their users will continue to play and enjoy their games.

Shhh The numbers don't lie. People are dropping blizzards shit like it's cool.
 
Reply Quote Edit Delete Report
 
28. Re: Battle.net Security Breach Aug 9, 2012, 21:15 HorrorScope
 
Lesson:

Lean towards believing something when several people from around the globe are reporting it. Stop being a fanboy and just call things they way they are or at least be open to not debunk it with no proof on your end. This isn't end of the world stuff, but acknowledge.

So when people with authenticators were stating they were still being hacked, fanboy wanted to beat on them with no remorse or consideration of that possibility. Just like the first reports of RROD nack in the day, MS fanboy didn't want to believe the HW was so shoddy. Over time we found out precisely the HW was shoddy and the reports were in fact true.

I will admit a second level like an authenticator is a lot lot better then a simple user/password. However I do like Mouse click pins vs authenticators because it isn't another app or device and it's just as good.
 
Avatar 17232
 
Reply Quote Edit Delete Report
 
27. Re: Battle.net Security Breach Aug 9, 2012, 21:09 s1mon75
 
Im shocked they were so open about the intrusion, usually companies are more coy about these incidents.

Ohh and to the people who are saying 'this is the last straw, im never dealing with Blizzard again'. Your full of shit and we both know it. Continue to rant, yet the vast majority of their users will continue to play and enjoy their games.
 
Reply Quote Edit Delete Report
 
26. Re: Battle.net Security Breach Aug 9, 2012, 20:27 Parallax Abstraction
 
The always-on cloud future, welcome everybody! This is going to happen more and more.

Between this and the massive disappointment that Diablo 3 was for me, I think I'm just done with Blizzard for a while. My company phone doesn't support their authenticator (it's a BlackBerry that's actually too new) and there's no way I'm paying for an authenticator just because they can't keep their crap secure. I'd sooner just shut off my Battle.net account entirely.
 
Parallax Abstraction
Geek Bravado | YouTube
Reply Quote Edit Delete Report
 
25. Re: Battle.net Security Breach Aug 9, 2012, 20:17 Verno
 
After reading the FAQ I'm a bit shocked this happened and the breadth of information gained. I'm interested in how hackers got access to database and other account servers through the public facing network, assuming any segregation was implemented at all. I guess we shouldn't be shocked that a videogame company was hacked as we've seen this several times in the past few years alone.

They certainly seem to be downplaying it a bit but publicizing this info isn't exactly a positive for them so it's somewhat understandable. I hope that WoW addon is pretty good because Blizzard really needs a big PR win, this seems like a pretty low time for them. Diablo 3 sold really well but so would have a cardboard box with nothing in it with their name. I'm not so sure the same could be said if they were launching it next month.
 
Avatar 51617
 
Playing: Dragon Age Inquisition, Far Cry 4, This War of Mine
Watching: The Walking Dead, The Fall, As Above So Below
Reply Quote Edit Delete Report
 
24. Re: Battle.net Security Breach Aug 9, 2012, 20:16 Mashiki Amiketo
 
Dades wrote on Aug 9, 2012, 20:09:
It was a typo and I've made no assumptions, just allowed for the possibility that due to this security breach a user account could be compromised. That could be due to social engineering using information gained, phishing campaigns with the emails harvested or yes even something involving accounts directly, however unlikely.
I know that's what the was for. The same still applies overall, until we actually know more there's no point in useless speculation. Then again people did the same thing with Valve, and I've yet to see the world implode and they actually got a lot more. Including a bunch of unencrypted stuff.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
23. Re: Battle.net Security Breach Aug 9, 2012, 20:16 descender
 
Julio wrote on Aug 9, 2012, 19:36:
Looks like we now know how accounts were getting hacked all along. Blizzard probably knew a long time ago.

I'm sure it helped the bottom line at Blizzard selling a bunch of authenticators for the past few months.

DING DING DING

My account was hacked like 3 weeks after launch, due to no action of my own or compromise in the security of my computer. The only people that knew the username and password that i used for D3 was me and blizzard. Yet, somehow, miraculously I got hacked and "blamed for the breach" by the CS staff.

Fuck you Blizzard. Fuck you with a big brown dick.

"AAA" titles at this point are all getting written off, the industry is a fucking disaster right now.
 
Avatar 56185
 
Reply Quote Edit Delete Report
 
22. Re: Battle.net Security Breach Aug 9, 2012, 20:09 Fantaz
 
here we go...  
Avatar 571
 
Reply Quote Edit Delete Report
 
21. Re: Battle.net Security Breach Aug 9, 2012, 20:09 Dades
 
I think you mean authentication. But realistically, you're making the same mistake. And making a stupid assumption.

It was a typo and I've made no assumptions, just allowed for the possibility that due to this security breach a user account could be compromised. That could be due to social engineering using information gained, phishing campaigns with the emails harvested or yes even something involving accounts directly, however unlikely.
 
Avatar 54452
 
Reply Quote Edit Delete Report
 
20. Re: Battle.net Security Breach Aug 9, 2012, 20:04 RollinThundr
 
HAHAHAHAHAHAHAHAHA oh my god this is just too precious. Die in a fire blizzard, die in a fire.  
Reply Quote Edit Delete Report
 
19. Re: Battle.net Security Breach Aug 9, 2012, 20:03 Mashiki Amiketo
 
Dades wrote on Aug 9, 2012, 19:48:
I know what two factor authenticator is and you typed this as I was preparing a follow up. Judging by the post they do have access to at least some of the hashed password tables. The point was that both people here and Blizzard kept blaming users for what was possibly an internal security problem. Maybe it was mostly the users fault but this should give anyone pause about making stupid assumptions in the future. They say they detected the intrusion on August 4th, who knows how long they had access before being detected? I hope they get roasted by shareholders.
I think you mean authentication Hashed and salted tables are useless, well they might become useful in 40 or 50 years, but that's besides the point. Companies don't use a AES string shorter than 256, most commonly use a string of 512 or 768 unless there's a reason to thrash your database. It's also just as possible that it was users, considering every time a person claimed to have been hacked an authenticator was often added afterwards.

But realistically, you're making the same mistake. And making a stupid assumption.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
58 Replies. 3 pages. Viewing page 2.
< Newer [ 1 2 3 ] Older >


footer

Blue's News logo