Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Battle.net Security Breach

Battle.net announces an "important security update," revealing Blizzard has discovered "unauthorized and illegal access into our internal network." As a result, they recommend that North American users change their passwords, though they say they believe that the information retrieved "alone is NOT enough for anyone to gain access to Battle.net accounts." They also have written up an Important Security Update FAQ with all the details on this, including the surprising news that "information was taken that could potentially compromise the integrity of North American Mobile Authenticators," which will lead to a software updates.

View
58 Replies. 3 pages. Viewing page 3.
< Newer [ 1 2 3 ] Older >

18. Re: Battle.net Security Breach Aug 9, 2012, 20:00 Wraith
 
Prez wrote on Aug 9, 2012, 19:51:
All the bad press in the world isn't going to change the fact that Blizzard made around a trillion bucks off of Diablo 3 - what incentive do they have to change a thing?
They don't and they won't. Blizzard will continually churn out these mechanisms because World of Warcraft and Facebook have taught them that you can make money out of operant conditioning while providing almost nothing of actual value.

Just give up. Realise that every subsequent Blizzard release is going to be a pretty mask for the same old operant conditioning grind - because that's all they know how to produce. Blizzard hasn't innovated in more than a decade. The real gameplay story is elsewhere.

Stop talking about them, stop thinking about them, stop discussing their shit. Focus your attention on game companies who deliver value. You won't stop Blizzard from producing dreck for suckers but you will spend your time on something which provides value.
 
Reply Quote Edit Delete Report
 
17. Re: Battle.net Security Breach Aug 9, 2012, 19:59 Dades
 
Of course you can't change your secret question/answer in the account settings. There's no notification of this stuff in battle.net when I login either and they didn't even push a notification to switch passwords.  
Avatar 54452
 
Reply Quote Edit Delete Report
 
16. Re: Out of the Blue Aug 9, 2012, 19:57 ViRGE
 
Rigs wrote on Aug 9, 2012, 19:36:
I'm just gonna go on a hunch here and assume that the 'hackers' were, oh, I dunno, Chinese maybe? How long is this country (and the world for that matter) going to put up with these bullshit games China is playing?! If we kept getting caught with out virtual schlongs in the honey pot, so to speak, how long do you think they would put up with it before using it as an excuse to start a war, maybe with Taiwan? Yet we sit back and just zip our fly's back up and say, 'Oh you crazy Chinese! Always into something, eh?! Silly, at least use some lube next time, huh?' ....
Slow down before you get too far ahead of yourself. It's well known that because of the additional requirements to operate a MMO in China, most MMO companies have completely different Chinese operations. Which is to say that the databases holding information about Chinese players would be held on an entirely different network in China. So if you wanted to take Chinese account info too, you'd have to break into their systems separately.
 
Reply Quote Edit Delete Report
 
15. Re: Battle.net Security Breach Aug 9, 2012, 19:54 Techie714 ©
 
Blizz FAIL.......Again  
Avatar 25373
 
Steam (ID)
http://steamcommunity.com/id/techie714/
DEAD SH0T
Keep your privacy!
http://prism-break.org/
Reply Quote Edit Delete Report
 
14. Re: Battle.net Security Breach Aug 9, 2012, 19:53 Fion
 
They may have made a fortune off of box sales but it's rather clear they had extensive monetization set up with the RMAH that has of course completely failed thanks to bullshit like this. We have World of Warcraft dropping 2+ million subs a year now and their stock which is basically at a stand still. Blizzard is in trouble and stuff like this only makes it worse.

This comment was edited on Aug 9, 2012, 20:01.
 
Avatar 17499
 
Reply Quote Edit Delete Report
 
13. Re: Battle.net Security Breach Aug 9, 2012, 19:51 Prez
 
All the bad press in the world isn't going to change the fact that Blizzard made around a trillion bucks off of Diablo 3 - what incentive do they have to change a thing? For an old Blizzard fan who is just stunned at how badly they screwed the pooch with Diablo 3, it's downright depressing.  
Avatar 17185
 
“The greatness of a nation and its moral progress can be judged by the way its animals are treated.”
- Mahatma Gandhi
Reply Quote Edit Delete Report
 
12. Re: Battle.net Security Breach Aug 9, 2012, 19:50 Wraith
 
This is the company which kept insisting no-one had been hacked and that everyone with an authenticator was safe.

Face it - Blizzard has been Kotick'd - the only people still playing their games are chumps who are exactly the kind of stupid people which Kotick and Pincus love to suck money out of.

Actual gamers can look elsewhere - Blizzard as a gaming house is dead.
 
Reply Quote Edit Delete Report
 
11. Re: Battle.net Security Breach Aug 9, 2012, 19:49 Bet
 
Sepharo wrote on Aug 9, 2012, 19:21:
Probably what was happening all along but they delayed the announcement until long after launch.
They would have had the Mobile Authenticator patch ready to go right now, if that was the case. If it was just for PR sake, anyway. Right now we're balls to the wind.

Rigs raises an interesting point though. All this cyber-pushing without a pushback, something is going to give.
 
Avatar 9253
 
Reply Quote Edit Delete Report
 
10. Re: Battle.net Security Breach Aug 9, 2012, 19:48 Dades
 
Julio wrote on Aug 9, 2012, 19:36:
Looks like we now know how accounts were getting hacked all along. Blizzard probably knew a long time ago.

I'm sure it helped the bottom line at Blizzard selling a bunch of authenticators for the past few months.

I think the physical authenticators are fine only because Vasco is subcontracted for it and the database for the serials isn't on Blizzards servers. Mobile app and dial auths are screwed and will need a software update because the hashes can't be trusted anymore.

If you use the same secret question/answer combo as any other site then you should change that shit immediately. A game where you let people create money out of nothing, no way anyone would try to hack that.

Authenticators were never bulletproof, but two factor authentication is much better than single factor. You know that right? As it stands, using SRP is nearly impossible to break. Unless they also have access to the salted-hash tables for each users password.

I know what two factor authenticator is and you typed this as I was preparing a follow up. Judging by the post they do have access to at least some of the hashed password tables. The point was that both people here and Blizzard kept blaming users for what was possibly an internal security problem. Maybe it was mostly the users fault but this should give anyone pause about making stupid assumptions in the future. They say they detected the intrusion on August 4th, who knows how long they had access before being detected? I hope they get roasted by shareholders.

This comment was edited on Aug 9, 2012, 20:00.
 
Avatar 54452
 
Reply Quote Edit Delete Report
 
9. Re: Battle.net Security Breach Aug 9, 2012, 19:44 Mashiki Amiketo
 
Dades wrote on Aug 9, 2012, 19:28:
Good job to the chumps who kept blaming users and insisted authenticators were bullet proof before. No way Blizzard could be the ones compromised, its just users downloading porn and torrents who don't know how to secure their computar!
Authenticators were never bulletproof, but two factor authentication is much better than single factor. You know that right? As it stands, using SRP is nearly impossible to break. Unless they also have access to the salted-hash tables for each users password. If you don't understand how SRP works you can read about it here: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

Besides, I already saw someone mention RSA. Too bad someone had to steal both the source code and the key creation layer in order to break their tokens. Blizz uses vasco, and the key creation is open source on that.

The only thing that was taken that could have compromised mobile authenticators, would be a hashing table. But that still doesn't affect physical ones.

Besides, I'd hazard a guess that blizz is smarter on this front than Sony. And this is the last two weeks to 30 days. If it wasn't, they'll be upstream paddling over it otherwise. And they'll also have to answer to their investors over it.

Julio wrote on Aug 9, 2012, 19:36:
I'm sure it helped the bottom line at Blizzard selling a bunch of authenticators for the past few months.
Yeah too bad blizz doesn't make money off selling authenticators, unlike other companies. Guess that sucks for them.

This comment was edited on Aug 9, 2012, 19:49.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
8. Re: Battle.net Security Breach Aug 9, 2012, 19:36 Julio
 
Looks like we now know how accounts were getting hacked all along. Blizzard probably knew a long time ago.

I'm sure it helped the bottom line at Blizzard selling a bunch of authenticators for the past few months.
 
Reply Quote Edit Delete Report
 
7. Re: Out of the Blue Aug 9, 2012, 19:36 Rigs
 
What data was affected?
Here's a summary of the data that we know was illegally accessed:
North American-based accounts, including players from Latin America, Australia, New Zealand, and Southeast Asia

Email addresses
Answers to secret security questions
Cryptographically scrambled versions of passwords (not actual passwords)
Information associated with the Mobile Authenticator
Information associated with the Dial-in Authenticator
Information associated with Phone Lock, a security system associated with Taiwan accounts only

Accounts from all global regions outside of China (including Europe and Russia)

Email addresses

China-based accounts

Unaffected


At this time, there’s no evidence that financial information of any kind has been accessed. This includes credit cards, billing addresses, names, or other payment information.

I'm just gonna go on a hunch here and assume that the 'hackers' were, oh, I dunno, Chinese maybe? How long is this country (and the world for that matter) going to put up with these bullshit games China is playing?! If we kept getting caught with our virtual schlongs in the honey pot, so to speak, how long do you think they would put up with it before using it as an excuse to start a war, maybe with Taiwan? Yet we sit back and just zip our fly's back up and say, 'Oh you crazy Chinese! Always into something, eh?! Silly, at least use some lube next time, huh?' ....


=-Rigs-=

This comment was edited on Aug 10, 2012, 01:00.
 
Avatar 14292
 
'I know what you think you are, what you want us to believe! But I don't buy it! For three years now you've been pulling everyone's strings, getting us to do all the work, and you haven't done a damn thing except stand there and look cryptic.'
Reply Quote Edit Delete Report
 
6. Re: Battle.net Security Breach Aug 9, 2012, 19:35 Talisorn
 
Had to happen sooner or later.  
Avatar 19028
 
Reply Quote Edit Delete Report
 
5. Re: Battle.net Security Breach Aug 9, 2012, 19:31 xXBatmanXx
 
kind of funny. I remember when I worked for a place that used those RSA? tokens, and a security company came out and said they don't work....I wonder what has changed since then?

Think I will login tonight and play a bit - see what has changed. I only played the first month.
 
Avatar 10714
 
In this present crisis, government is not the solution to our problem; government is the problem. / Few men have virtue enough to withstand the highest bidder.
Playing: New dad
Reply Quote Edit Delete Report
 
4. Re: Battle.net Security Breach Aug 9, 2012, 19:28 Dades
 
Good job to the chumps who kept blaming users and insisted authenticators were bullet proof before. No way Blizzard could be the ones compromised, its just users downloading porn and torrents who don't know how to secure their computar!

Your D3 track record is pretty terrible Trollven.
 
Avatar 54452
 
Reply Quote Edit Delete Report
 
3. Re: Battle.net Security Breach Aug 9, 2012, 19:21 Sepharo
 
Probably what was happening all along but they delayed the announcement until long after launch.  
Avatar 17249
 
Reply Quote Edit Delete Report
 
2. Re: Battle.net Security Breach Aug 9, 2012, 19:19 Cutter
 
Stimpack wrote on Aug 9, 2012, 19:18:
I just.... I haven't cared much for Blizzard in many years, and stuff like this doesn't change that.

Stuff like this only reinforces and further justifies it.
 
Avatar 25394
 
"The South will boogie again!" - Disco Stu
Reply Quote Edit Delete Report
 
1. Re: Battle.net Security Breach Aug 9, 2012, 19:18 Stimpack
 
I just.... I haven't cared much for Blizzard in many years, and stuff like this doesn't change that.  
Reply Quote Edit Delete Report
 
58 Replies. 3 pages. Viewing page 3.
< Newer [ 1 2 3 ] Older >


footer

Blue's News logo