Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Battle.net Security Breach

Battle.net announces an "important security update," revealing Blizzard has discovered "unauthorized and illegal access into our internal network." As a result, they recommend that North American users change their passwords, though they say they believe that the information retrieved "alone is NOT enough for anyone to gain access to Battle.net accounts." They also have written up an Important Security Update FAQ with all the details on this, including the surprising news that "information was taken that could potentially compromise the integrity of North American Mobile Authenticators," which will lead to a software updates.

View
10. Re: Battle.net Security Breach Aug 9, 2012, 19:48 Dades
 
Julio wrote on Aug 9, 2012, 19:36:
Looks like we now know how accounts were getting hacked all along. Blizzard probably knew a long time ago.

I'm sure it helped the bottom line at Blizzard selling a bunch of authenticators for the past few months.

I think the physical authenticators are fine only because Vasco is subcontracted for it and the database for the serials isn't on Blizzards servers. Mobile app and dial auths are screwed and will need a software update because the hashes can't be trusted anymore.

If you use the same secret question/answer combo as any other site then you should change that shit immediately. A game where you let people create money out of nothing, no way anyone would try to hack that.

Authenticators were never bulletproof, but two factor authentication is much better than single factor. You know that right? As it stands, using SRP is nearly impossible to break. Unless they also have access to the salted-hash tables for each users password.

I know what two factor authenticator is and you typed this as I was preparing a follow up. Judging by the post they do have access to at least some of the hashed password tables. The point was that both people here and Blizzard kept blaming users for what was possibly an internal security problem. Maybe it was mostly the users fault but this should give anyone pause about making stupid assumptions in the future. They say they detected the intrusion on August 4th, who knows how long they had access before being detected? I hope they get roasted by shareholders.

This comment was edited on Aug 9, 2012, 20:00.
 
Avatar 54452
 
Previous Post Next Post Reply Quote Edit Delete Report
 
    Date Subject Author
  1. Aug 9, 19:18 Re: Battle.net Security Breach Stimpack
  2. Aug 9, 19:19  Re: Battle.net Security Breach Cutter
  3. Aug 9, 19:21 Re: Battle.net Security Breach Sepharo
  7. Aug 9, 19:36  Re: Out of the Blue Rigs
  16. Aug 9, 19:57   Re: Out of the Blue ViRGE
  39. Aug 10, 04:05   Re: Out of the Blue El Pit
  41. Aug 10, 04:37    Re: Out of the Blue Kajetan
  42. Aug 10, 04:41     Re: Out of the Blue El Pit
  43. Aug 10, 04:48      Re: Out of the Blue Kajetan
  44. Aug 10, 04:55       Re: Out of the Blue Luke
  51. Aug 10, 10:53    Re: Out of the Blue AngelicPenguin
  52. Aug 10, 11:20     Re: Out of the Blue nin
  53. Aug 10, 11:31      Re: Out of the Blue El Pit
  54. Aug 10, 13:05      Re: Out of the Blue NegaDeath
  55. Aug 10, 13:15       Re: Out of the Blue El Pit
  58. Aug 11, 12:44      Re: Out of the Blue Prez
  11. Aug 9, 19:49  Re: Battle.net Security Breach Bet
  4. Aug 9, 19:28 Re: Battle.net Security Breach Dades
  9. Aug 9, 19:44  Re: Battle.net Security Breach Mashiki Amiketo
  13. Aug 9, 19:51   Re: Battle.net Security Breach Prez
  14. Aug 9, 19:53    Re: Battle.net Security Breach Fion
  18. Aug 9, 20:00    Re: Battle.net Security Breach Wraith
  5. Aug 9, 19:31 Re: Battle.net Security Breach xXBatmanXx
  8. Aug 9, 19:36  Re: Battle.net Security Breach Julio
>> 10. Aug 9, 19:48   Re: Battle.net Security Breach Dades
  19. Aug 9, 20:03    Re: Battle.net Security Breach Mashiki Amiketo
  33. Aug 9, 22:58     Re: Battle.net Security Breach The Pyro
  12. Aug 9, 19:50   Re: Battle.net Security Breach Wraith
  23. Aug 9, 20:16   Re: Battle.net Security Breach descender
  6. Aug 9, 19:35 Re: Battle.net Security Breach Talisorn
  15. Aug 9, 19:54 Re: Battle.net Security Breach Techie714
  17. Aug 9, 19:59 Re: Battle.net Security Breach Dades
  20. Aug 9, 20:04 Re: Battle.net Security Breach RollinThundr
  22. Aug 9, 20:09  Re: Battle.net Security Breach Fantaz
  21. Aug 9, 20:09 Re: Battle.net Security Breach Dades
  24. Aug 9, 20:16  Re: Battle.net Security Breach Mashiki Amiketo
  25. Aug 9, 20:17 Re: Battle.net Security Breach Verno
  27. Aug 9, 21:09  Re: Battle.net Security Breach s1mon75
  29. Aug 9, 21:18   Re: Battle.net Security Breach RailWizard
  32. Aug 9, 21:32   Re: Battle.net Security Breach Dades
  36. Aug 10, 03:46   Re: Battle.net Security Breach Luke
  26. Aug 9, 20:27 Re: Battle.net Security Breach Parallax Abstraction
  28. Aug 9, 21:15 Re: Battle.net Security Breach HorrorScope
  31. Aug 9, 21:25  Re: Battle.net Security Breach eunichron
  35. Aug 10, 02:47   Re: Battle.net Security Breach s1mon75
  38. Aug 10, 03:58    Re: Battle.net Security Breach Luke
  30. Aug 9, 21:23 removed RailWizard
  34. Aug 10, 01:53 Re: Battle.net Security Breach Creston
  37. Aug 10, 03:56  Re: Battle.net Security Breach Luke
  40. Aug 10, 04:26 Re: Battle.net Security Breach Mordecai Walfish
  45. Aug 10, 06:20 Re: Battle.net Security Breach Dev
  46. Aug 10, 06:31  Re: Battle.net Security Breach NKD
  47. Aug 10, 06:56   Re: Battle.net Security Breach InBlack
  50. Aug 10, 08:58   Re: Battle.net Security Breach Verno
  48. Aug 10, 07:25 Re: Battle.net Security Breach Dades
  49. Aug 10, 08:19  Re: Battle.net Security Breach briktal
  56. Aug 10, 14:11 Re: Battle.net Security Breach Steele Johnson
  57. Aug 10, 14:53 Re: Battle.net Security Breach Verno


footer

Blue's News logo