Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
World of Warcraft: NA Account Information Compromised
SBFord
Former Associate EditorMember LegendaryPosts: 33,129
Blizzard is reporting that certain pieces of information for North American Battle.Net users has been compromised due to a hacking incident this week. According to the post on the Blizzard site, financial information is not considered threatened but account passwords, email addresses, security questions and mobile authenticator data were taken.
We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.
Read the entire post on Blizzard's site.
Comments
This won't stop people from insisting that blizz has been compromised for years otherwise they wouldn't have "so many" hacked accounts. Of course they have more accounts (potential targets) than any other sub game ever, but that doesn't matter.
In order to use the RMAH you have to have one or more forms of the authenticator, I believe. I could be mistaken, I haven't bothered with it.
EQ2 fan sites
I look forward to this incident being disected on TechSnap.
http://www.youtube.com/playlist?list=PL995EBE645950DFF5&feature=plcp
[You have to go down to the latest release (cuz YouTube keeps changing their structure).] btw Youtbe - listing oldest first is bad.
Those guys pick every companies flaws & analyze their network vulnerabilities. They did it for SOE + others .. waiting for Blizzard now
Want a nice understanding of life? Try Spirit Science: "The Human History"
http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.
Not really as it would be pointless to try and pry the passwords out fo this data when most people freely give up their passwords when asked.
This is most likley just probing for something bigger or a e-peen stunt.
This have been a good conversation
The account hack battlenet had a couple of years ago is the reason I stopped playing WoW and why I hate playing any game that requires log in through battlenet type system or 3rd party systems.
I feel that each game should have their own stand alone log in system with all personal info at least triple 256 encriped as a min protection.
How could a phishing scammer get your email if you only used it to register for WoW and never anything else? My email which I only checked when I forgot my password after a long break from WoW was filled with ONLY WoW phishing emails, so I know there had to be a leak or hack. How else would I only get WoW phishing emails and not the other junk normal spammers send? This was back when the Burning Crusade expansion was released.
Blizzard's security has been compromised for years. The authenticators were the only thing that made it reasonable to trust them with my credit card number. Blizzard is too big of a target for hackers and dishonest employees who are looking to make a quick buck.
I'm not logging in it's a trap! They want me to see some special offer to return I bet. let them have my account never going back.
Just one quick observation reading the faq below. They detected the security breach on August 4th, but there's no info about how long that breach may have existed before they found it.
http://us.battle.net/support/en/article/important-security-update-faq
Worst comparison on the internet EVER. If a nuke reactor blows up, we're all royally screwed in some way and people LOSE THEIR LIVES, or get stuck with horrifically painful forms of cancer if they get irradiated. Battle.net gets compromised? True there might end up being some problems with hackers, but it's not a supremely bad issue.
so theoretically, people could lose their WoW, SC2 and Diablo 3 accounts all in one fell swoop. Rather than say anything that could be perceived as unkind, I'll just say that at this point in time it appears it could be most unfortunate to be a patron of blizzard.
All of my posts are either intelligent, thought provoking, funny, satirical, sarcastic or intentionally disrespectful. Take your pick.
I get banned in the forums for games I love, so lets see if I do better in the forums for games I hate.
I enjoy the serenity of not caring what your opinion is.
I don't hate much, but I hate Apple© with a passion. If Steve Jobs was alive, I would punch him in the face.
This probably happened months ago. Oh I dunno, maybe sometime around May 15th.
(shrug) If you have a physical authenticator you're still safe :-)
I want a physical authenticator for EVERY game I play now if it's an option.
Changed my password. even though I have a real authenticator... that was an easy fix.
Might have some problems with people that don't pay attention to gaming news and people that don't play anymore though.
Siding with hackers isn't a good thing. You could be their next target.
Geez what a crappy response. Just tell everyone to change their passwords, rather than monitor their accounts .... or do a global auto reset.
WTF does monitoring an account do .. oh not hacked yet .. oh wait today I'm hacked .. lol?
edit: Blizzard is using it's customers as guinea pigs to see how far the damage actualy went, so they can spin a smaller amount of affected customers. My initial reaction still stands - tell everyone to reset their password and suck it up. Treat customers better?
Want a nice understanding of life? Try Spirit Science: "The Human History"
http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.
The autenticator itself is pretty solid, the only way around this is to either steal the key from the authenticator (requires physical access) or to do a Man-In-The-Middle attack, where your computer acts as a proxy to some other host.
Either way, it eliminates lazy crooks from obtaining your info, which composes most of thefts.
Want a nice understanding of life? Try Spirit Science: "The Human History"
http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.