Battle.net Security Breach

Battle.net announces an "important security update," revealing Blizzard has discovered "unauthorized and illegal access into our internal network." As a result, they recommend that North American users change their passwords, though they say they believe that the information retrieved "alone is NOT enough for anyone to gain access to Battle.net accounts." They also have written up an Important Security Update FAQ with all the details on this, including the surprising news that "information was taken that could potentially compromise the integrity of North American Mobile Authenticators," which will lead to a software updates.
View : : :
58 Replies. 3 pages. Viewing page 1.
Newer [  1  2  3  ] Older
58.
 
Re: Out of the Blue
Aug 11, 2012, 12:44
Prez
 
58.
Re: Out of the Blue Aug 11, 2012, 12:44
Aug 11, 2012, 12:44
 Prez
 
nin wrote on Aug 10, 2012, 11:20:

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning

We seriously need drug testing here...


Definitely. Um, wait... what would be the penalty for failing? Not that I'm worried or anything.
“The greatness of a nation and its moral progress can be judged by the way its animals are treated.”
- Mahatma Gandhi
Avatar 17185
57.
 
Re: Battle.net Security Breach
Aug 10, 2012, 14:53
57.
Re: Battle.net Security Breach Aug 10, 2012, 14:53
Aug 10, 2012, 14:53
 
Of course not. The Chinese government paid for every account they gave to their imprisoned gold farmers, making ActiBlizz "leally lich"

Obviously the Chinese government was not responsible (that dude is crazy) but this was definitely a targeted attack, Blizzard is a very visible and lucrative target after all. Also for those saying compromised accounts as a result of this are unlikely, remember that RSA themselves (makers of the keyfobs) were compromised in a spear phishing campaign through their accounting department. This set off a chain of events where the hackers were able to probe/sniff the network for weeks (at one of the most secure companies in the world btw) until they finally uploaded a bunch of stolen data to C&C servers which is how it was discovered. Then Lockheed Martin (who also used SRP) was compromised 2 weeks later through a VPN tunnel using authentication data obtained from the RSA hack. Any OTP system is vulnerable to interception and MITM attacks as well.
Avatar 51617
56.
 
Re: Battle.net Security Breach
Aug 10, 2012, 14:11
56.
Re: Battle.net Security Breach Aug 10, 2012, 14:11
Aug 10, 2012, 14:11
 
Not enough? Somebody changed my freakin' email yesterday!
Avatar 12787
55.
 
Re: Out of the Blue
Aug 10, 2012, 13:15
El Pit
 
55.
Re: Out of the Blue Aug 10, 2012, 13:15
Aug 10, 2012, 13:15
 El Pit
 
NegaDeath wrote on Aug 10, 2012, 13:05:
nin wrote on Aug 10, 2012, 11:20:
We seriously need drug testing here...

No good, the drug test kits are made in China. It's a plot, a plot I tells ya!

Here you go, bud. Take my spare tin foil hat and sit right next to me!
"There is no right life in the wrong one." (Theodor W. Adorno, philosopher)
"Only a Sith deals in absolutes." (Obi-Wan Kenobi, Jedi)
Founder, president, and only member of the official "Grumpy Old Gamers Club". Please do not apply.
54.
 
Re: Out of the Blue
Aug 10, 2012, 13:05
54.
Re: Out of the Blue Aug 10, 2012, 13:05
Aug 10, 2012, 13:05
 
nin wrote on Aug 10, 2012, 11:20:
We seriously need drug testing here...

No good, the drug test kits are made in China. It's a plot, a plot I tells ya!
Avatar 57352
53.
 
Re: Out of the Blue
Aug 10, 2012, 11:31
El Pit
 
53.
Re: Out of the Blue Aug 10, 2012, 11:31
Aug 10, 2012, 11:31
 El Pit
 
nin wrote on Aug 10, 2012, 11:20:

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning

We seriously need drug testing here...


Of course not. The Chinese government paid for every account they gave to their imprisoned gold farmers, making ActiBlizz "leally lich".
"There is no right life in the wrong one." (Theodor W. Adorno, philosopher)
"Only a Sith deals in absolutes." (Obi-Wan Kenobi, Jedi)
Founder, president, and only member of the official "Grumpy Old Gamers Club". Please do not apply.
52.
 
Re: Out of the Blue
Aug 10, 2012, 11:20
nin
52.
Re: Out of the Blue Aug 10, 2012, 11:20
Aug 10, 2012, 11:20
nin
 

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning

We seriously need drug testing here...

51.
 
Re: Out of the Blue
Aug 10, 2012, 10:53
51.
Re: Out of the Blue Aug 10, 2012, 10:53
Aug 10, 2012, 10:53
 
El Pit wrote on Aug 10, 2012, 04:05:
Rigs wrote on Aug 9, 2012, 19:36:
I'm just gonna go on a hunch here and assume that the 'hackers' were, oh, I dunno, Chinese maybe? How long is this country (and the world for that matter) going to put up with these bullshit games China is playing?! If we kept getting caught with our virtual schlongs in the honey pot, so to speak, how long do you think they would put up with it before using it as an excuse to start a war, maybe with Taiwan? Yet we sit back and just zip our fly's back up and say, 'Oh you crazy Chinese! Always into something, eh?! Silly, at least use some lube next time, huh?' ....
=-Rigs-=

China is using professional hackers like Switzerland is using its banks: for crime, for theft. But since China (and, to a far lesser extent, of course, Switzerland, too) is the last real economical super power at the moment, every country wants to befriend it. India and Brazil are up and coming huge economies, but at the moment it's China that the US dollar, the UK pound, and the European euro depend on. China knows this and bullies everyone and their mother. I don't see a way to change this, unless India and Brazil break through and become the big players in the market even sooner to rival China. Up to then, China can more or less do what it wants.

The chinese government hacked blizzard's servers? Really...some of you guy's just really make my morning
Avatar 55985
50.
 
Re: Battle.net Security Breach
Aug 10, 2012, 08:58
50.
Re: Battle.net Security Breach Aug 10, 2012, 08:58
Aug 10, 2012, 08:58
 
NKD wrote on Aug 10, 2012, 06:31:
This has nothing to do with just hijacking accounts, bug exploits, keylogging people, or any of the excuses dreamed up by incompetent users. It's an actual unauthorized access of their databases that occurred on or around August 4th. Nasty bit of business.

That's really the problem though, no one knows. The FAQ says they detected the intrusion on August 4 but that means nothing, it could have been done pre-launch Diablo 3 for all we know. The bottom line is that it's really difficult (now more than ever) to blame users when Blizzard itself has very serious security problems. They just leaked their north american customer database to the world, the liability issues could be problematic.

On a personal note I'm interested in how exactly this was accomplished. Post Sony hack, most networks at large companies these days are segregated enough that you can't simply hack a web server to obtain access to an internal database server. I doubt we'll ever hear the details but it would be really neat to hear how this was accomplished.
Avatar 51617
49.
 
Re: Battle.net Security Breach
Aug 10, 2012, 08:19
49.
Re: Battle.net Security Breach Aug 10, 2012, 08:19
Aug 10, 2012, 08:19
 
Dades wrote on Aug 10, 2012, 07:25:
passwords (encrypted, not stored plaintext)

Their wording is really vague on this which concerns me. Cryptographically scrambled means what exactly? Hashed and salted? Encrypted? ROT13? What? It's kind of important. I don't need someone to parrot industry standards to me either, the company just got breached so my faith in them following any industry standards is pretty much nil.

I guess they didn't want to bother explaining however http://en.wikipedia.org/wiki/Secure_remote_password_protocol works and is set up.
48.
 
Re: Battle.net Security Breach
Aug 10, 2012, 07:25
48.
Re: Battle.net Security Breach Aug 10, 2012, 07:25
Aug 10, 2012, 07:25
 
passwords (encrypted, not stored plaintext)

Their wording is really vague on this which concerns me. Cryptographically scrambled means what exactly? Hashed and salted? Encrypted? ROT13? What? It's kind of important. I don't need someone to parrot industry standards to me either, the company just got breached so my faith in them following any industry standards is pretty much nil.
Avatar 54452
47.
 
Re: Battle.net Security Breach
Aug 10, 2012, 06:56
47.
Re: Battle.net Security Breach Aug 10, 2012, 06:56
Aug 10, 2012, 06:56
 
If anything this 'admission' by Blizzard will only increase phishing attempts.

Now that they have user emails, savy scammers will proliferate them with fake Blizz security emails that redirect suckers to fake Blizzard sites where people will unwittingly give away their passwords because Blizzard told them changing them would be a wise precaution.

Great job Blizz!
I have a nifty blue line!
Avatar 46994
46.
 
Re: Battle.net Security Breach
Aug 10, 2012, 06:31
NKD
46.
Re: Battle.net Security Breach Aug 10, 2012, 06:31
Aug 10, 2012, 06:31
NKD
 
Dev wrote on Aug 10, 2012, 06:20:
Oh, you mean the hacking that was denied about the session id being hijacked to grab an account?

Or is this some completely different hack that they are finally admitting?

This has nothing to do with just hijacking accounts, bug exploits, keylogging people, or any of the excuses dreamed up by incompetent users. It's an actual unauthorized access of their databases that occurred on or around August 4th. Nasty bit of business.

Someone got email addresses, security questions, passwords (encrypted, not stored plaintext), and mobile and dial-in authenticator info (not the little keyfob ones though) My guess is that means the serial # associated with the account.
Do you have a single fact to back that up?
Avatar 43041
45.
 
Re: Battle.net Security Breach
Aug 10, 2012, 06:20
Dev
45.
Re: Battle.net Security Breach Aug 10, 2012, 06:20
Aug 10, 2012, 06:20
Dev
 
Oh, you mean the hacking that was denied about the session id being hijacked to grab an account?

Or is this some completely different hack that they are finally admitting?

Edit: Internal access hack? At least they don't suck quite as bad as sony with all the valuable info in plain text.

This comment was edited on Aug 10, 2012, 06:29.
44.
 
Re: Out of the Blue
Aug 10, 2012, 04:55
44.
Re: Out of the Blue Aug 10, 2012, 04:55
Aug 10, 2012, 04:55
 
Kajetan wrote on Aug 10, 2012, 04:48:
El Pit wrote on Aug 10, 2012, 04:41:
Kajetan wrote on Aug 10, 2012, 04:37:
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?

Both.
Any proof besides some unhealthy paranoia?

Turn that around
43.
 
Re: Out of the Blue
Aug 10, 2012, 04:48
43.
Re: Out of the Blue Aug 10, 2012, 04:48
Aug 10, 2012, 04:48
 
El Pit wrote on Aug 10, 2012, 04:41:
Kajetan wrote on Aug 10, 2012, 04:37:
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?

Both.
Any proof besides some unhealthy paranoia?
42.
 
Re: Out of the Blue
Aug 10, 2012, 04:41
El Pit
 
42.
Re: Out of the Blue Aug 10, 2012, 04:41
Aug 10, 2012, 04:41
 El Pit
 
Kajetan wrote on Aug 10, 2012, 04:37:
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?

Both.
"There is no right life in the wrong one." (Theodor W. Adorno, philosopher)
"Only a Sith deals in absolutes." (Obi-Wan Kenobi, Jedi)
Founder, president, and only member of the official "Grumpy Old Gamers Club". Please do not apply.
41.
 
Re: Out of the Blue
Aug 10, 2012, 04:37
41.
Re: Out of the Blue Aug 10, 2012, 04:37
Aug 10, 2012, 04:37
 
El Pit wrote on Aug 10, 2012, 04:05:
China is ...
What China? The official chinese government? Or just some chinese criminals?
40.
 
Re: Battle.net Security Breach
Aug 10, 2012, 04:26
40.
Re: Battle.net Security Breach Aug 10, 2012, 04:26
Aug 10, 2012, 04:26
 
There system has likely been internally compromised since their beta, judging from the sheer amount of fuckery that's been happening since launch.

Fanboys will continue to tell you Blizzard's security is bulletproof and can do no wrong, and that it was only the end user's fault for not being a long-time WoW player and not understanding sensitive Blizzard-y things like proper account security.

Blizzard is one of those companies that I hope dies a quick and painful death. I haven't played D3 since the first month of release, and even then I had decided that I would not be contributing any money towards this game. (luckily we have a "guild" in town with a couple Wal-Mart employees that got me a cd/key for $5.)


EDIT: It's even more likely they were compromised at launch and j
just did not report it to the consumers yet. This is not about customers-- it's about profit.

Thats the problem with this whole story.. You simply cannot trust EA/Activision to be upfront about a hack in their game within a couple months of release, because they realize it would absolutely wreck their sales.. and that is *all* that matters internally now. Even if they're required to disclose consumer-affecting security breaches by law, they can just pretend they didn't know beforehand and all is well.

This comment was edited on Aug 10, 2012, 04:54.
Avatar 56178
39.
 
Re: Out of the Blue
Aug 10, 2012, 04:05
El Pit
 
39.
Re: Out of the Blue Aug 10, 2012, 04:05
Aug 10, 2012, 04:05
 El Pit
 
Rigs wrote on Aug 9, 2012, 19:36:
I'm just gonna go on a hunch here and assume that the 'hackers' were, oh, I dunno, Chinese maybe? How long is this country (and the world for that matter) going to put up with these bullshit games China is playing?! If we kept getting caught with our virtual schlongs in the honey pot, so to speak, how long do you think they would put up with it before using it as an excuse to start a war, maybe with Taiwan? Yet we sit back and just zip our fly's back up and say, 'Oh you crazy Chinese! Always into something, eh?! Silly, at least use some lube next time, huh?' ....
=-Rigs-=

China is using professional hackers like Switzerland is using its banks: for crime, for theft. But since China (and, to a far lesser extent, of course, Switzerland, too) is the last real economical super power at the moment, every country wants to befriend it. India and Brazil are up and coming huge economies, but at the moment it's China that the US dollar, the UK pound, and the European euro depend on. China knows this and bullies everyone and their mother. I don't see a way to change this, unless India and Brazil break through and become the big players in the market even sooner to rival China. Up to then, China can more or less do what it wants.

This comment was edited on Aug 10, 2012, 04:41.
"There is no right life in the wrong one." (Theodor W. Adorno, philosopher)
"Only a Sith deals in absolutes." (Obi-Wan Kenobi, Jedi)
Founder, president, and only member of the official "Grumpy Old Gamers Club". Please do not apply.
58 Replies. 3 pages. Viewing page 1.
Newer [  1  2  3  ] Older