Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

World of Warcraft: NA Account Information Compromised

2

Comments

  • KarteliKarteli Providence, PAPosts: 2,646Member
    Originally posted by endgame1

    Just one quick observation reading the faq below. They detected the security breach on August 4th, but there's no info about how long that breach may have existed before they found it. 

     

    http://us.battle.net/support/en/article/important-security-update-faq

    Geez what a crappy response.  Just tell everyone to change their passwords, rather than monitor their accounts .... or do a global auto reset.

     

    WTF does monitoring an account do .. oh not hacked yet .. oh wait today I'm hacked .. lol?

     

    edit: Blizzard is using it's customers as guinea pigs to see how far the damage actualy went, so they can spin a smaller amount of affected customers.  My initial reaction still stands - tell everyone to reset their password and suck it up.  Treat customers better?

    Want a nice understanding of life? Try Spirit Science: "The Human History"
    http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
    Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.

  • KarteliKarteli Providence, PAPosts: 2,646Member
    Originally posted by kadepsyson
    So much for blizzard being the Almighty secure authenticator protected infallible entity people claimed.

    The autenticator itself is pretty solid, the only way around this is to either steal the key from the authenticator (requires physical access) or to do a Man-In-The-Middle attack, where your computer acts as a proxy to some other host.

     

    Either way, it eliminates lazy crooks from obtaining your info, which composes most of thefts.

     

     

    Want a nice understanding of life? Try Spirit Science: "The Human History"
    http://www.youtube.com/watch?v=U8NNHmV3QPw&feature=plcp
    Recognize the voice? Yep sounds like Penny Arcade's Extra Credits.

  • ReizlaReizla AlkmaarPosts: 3,301Member Uncommon
    Originally posted by expresso
    OK now Blizzard have been hacked, you see when Blizzard is really hacked they do tell people like all responsible companies do.

    I'm happy that Blizzard is this quick with reporting the hack. But like all responsible companies do..? Most companies still won't report a hack to their customers, just look at $O€ last year. They waited over a month and only came out because Anonymous told the press...

    AsRock 990FX Extreme3
    AMD Phenom II 1090T ~3.2Ghz
    GEiL 16Gb DDR3 1600Mhz
    ASUS GTX970 3x HD monitor 1920x1080

  • expressoexpresso mePosts: 2,183Member Uncommon
    The passwords taken were encrypted, no big deal but you should change it either way, plus if you an authenticator even if the password were plain text they could still not get into then account.
  • DragonantisDragonantis DublinPosts: 974Member
    Incoming shitstorm, everyone get out of the internet NOW!
  • JeroKaneJeroKane OsloPosts: 5,353Member Uncommon
    Originally posted by expresso
    The passwords taken were encrypted, no big deal but you should change it either way, plus if you an authenticator even if the password were plain text they could still not get into then account.

    This, if you use the physical authenticator, they still cannot get into your account, even if they somehow manage to decrypt your password.

  • lotapartylotaparty taxila canttPosts: 514Member
    what more  bad can happen than this? someone took my six toons in my absnce and this the message that they gave me :  Hello,

    Not a single World of Warcraft account compromise in the entire history of the game has been due to a result of a breach of security on our servers. In the event such a breach happened there is far more valuable, sensitive or disruptive data that could, and given the nature of breaches at other high profile companies recently; would be targetted. Account security is something of paramount concern to us.

    Likewise actual malicious third parties steal accounts to strip them of gold which can easilly be traded onward. They do not steal accounts to continue playing them normally and wherever possible they make stringent efforts to avoid paying for anything - as this would incur rather serious legal ramifications for them otherwise.

    So all in all considering all of these transfers were paid for using the same card that paid for *all* of the subscriptions on the account and furthermore said transfers were requested from the same geo-location that is regularly used on the account and said individual even contacted us verified all the security information. Unfortunately this leaves us two possible conclusions:

    - You were sharing your account with someone else
    - Someone you knew did this

    Or

    - Both of the above

    As previously advised sharing your account is against our policies and really clouds the support we are able to offer. As previously stated there is no evidence that your account was hacked - all of these services were performed legitimately and paid for legitimately and the contexts do not equate to being a malicious third party.

    I realise it's disappointing and upsetting to have lost your characters in such away but due to the significant period of time that has elapsed since the incident occurred, and the lack of clearcut evidence, I will have to reiterate that these transfers will not be reverted.

    Regards,

    Game Master Alliynnah
    Customer Services
    Blizzard Entertainment
    http://eu.blizzard.com/support

    image

  • jpnzjpnz SydneyPosts: 3,529Member
    Originally posted by lotaparty
    what more  bad can happen than this? someone took my six toons in my absnce and this the message that they gave me : 
    /snip

    So all in all considering all of these transfers were paid for using the same card that paid for *all* of the subscriptions on the account and furthermore said transfers were requested from the same geo-location that is regularly used on the account and said individual even contacted us verified all the security information. Unfortunately this leaves us two possible conclusions:
    /snip

     

    Highlighted for emphasis.

    I think you have bigger issues than your 'toon' and I find it entirely reasonable on Blizzard's side due to that highlighted text.

    Gdemami -
    Informing people about your thoughts and impressions is not a review, it's a blog.

  • RocknissRockniss Youngstown, OHPosts: 1,034Member
    This happens right before every xpac.
  • MulliMulli ManchesterPosts: 94Member

    We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually.

     

    Nice spin on things. SRP secures the exchange of passwords between a client and server. It's even used as a protocol to ensure that cryptographically weak passwords are incredibly difficult to sniff. As a protocol however, it has nothing to do with how securely passwords are stored. I'm not saying Blizzard DON'T store their passwords securely, but inferring that SRP makes their passwords secure is at best...misdirection.

     

    Think of it this way - "we use envelopes to secure your letters". Great, that takes care of securing the exchange of the letter (password) between the sender (game client) and recipient (server). It doesn't mean a thing if someone breaks into your house and reads the letter because you just left it lying around, opened on the kitchen table.

     
     
     
  • crysentcrysent cedar rapids, IAPosts: 837Member Uncommon
    Gotta be honest real fast - Not a fan of Blizzard, only briefly played WoW...but, you gotta give them some credit for getting the information out to their customers quickly, this is one of the fastest I've seen from any company.
  • HorusraHorusra maryland, MDPosts: 2,583Member Uncommon
    Originally posted by Mulli

    We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually.

     

    Nice spin on things. SRP secures the exchange of passwords between a client and server. It's even used as a protocol to ensure that cryptographically weak passwords are incredibly difficult to sniff. As a protocol however, it has nothing to do with how securely passwords are stored. I'm not saying Blizzard DON'T store their passwords securely, but inferring that SRP makes their passwords secure is at best...misdirection.

     

    Think of it this way - "we use envelopes to secure your letters". Great, that takes care of securing the exchange of the letter (password) between the sender (game client) and recipient (server). It doesn't mean a thing if someone breaks into your house and reads the letter because you just left it lying around, opened on the kitchen table.

     
     
     

    Ah...with SRP the server does not store straight password data since version 6. 

  • AcorniaAcornia Spring Lake, RIPosts: 176Member

    If the report in the the tech section of BBC web page this morning is correct.  They got away with millions of unencrypted email address.

    This maybe way I am seeing a huge increase in spam mail the last few days with emails having my email address in both the from and to slots.

  • HorusraHorusra maryland, MDPosts: 2,583Member Uncommon
    Originally posted by Acornia

    If the report in the the tech section of BBC web page this morning is correct.  They got away with millions of unencrypted email address.

    This maybe way I am seeing a huge increase in spam mail the last few days with emails having my email address in both the from and to slots.

    Good chance this was a possible target.  Lots of money selling Email lists.  If  you have a big enough list.

  • paroxysmparoxysm Nowhere, INPosts: 437Member
    Originally posted by niceguy3978 
    How could a phishing scammer get your email if you only used it to register for WoW and never anything else?  My email which I only checked when I forgot my password after a long break from WoW was filled with ONLY WoW phishing emails, so I know there had to be a leak or hack.  How else would I only get WoW phishing emails and not the other junk normal spammers send?  This was back when the Burning Crusade expansion was released.

    I did just that.  When Blizzard made the move to requiring you to use an email account as your login( I still consider this a retarded move), I made an email account just for that.  The name@ on the email is not used for any other of my many email addresses.  I never link emails or add aliases to them.  The email provider has none of my real info.  I have never used it for anything else even though I quit WoW well before Cata.  I've gotten phishing emails for multiple games that I have never played let alone subbed to.  I still get WoW phishing mails as well.

    There are many ways for people to get the names of email addresses and they just hope you are playing popular games, won't check the header info, and will fall for their lame attempts.  On one webmail account I have, I even get emails not addressed to that account routinely.

     

  • erictlewiserictlewis Cottondale, ALPosts: 3,026Member Uncommon

    I don't play wow, have not played in years. however I do play diablo III and that is tied to m wow account.

    So I got to ask why I had to find out about this here and not dirrectly from blizzard.  It has been weeks since I logged into diablo III.    Those who are not playing on a regular basis probably have no idea they might be hacked.

    Oh well blizzard just shows that they don't care about their customers.  All it would take is one email to let folks know they might be compromised.

     

  • MulliMulli ManchesterPosts: 94Member

    @Horusra

    In which case I stand corrected, thanks for that!

     
  • HorusraHorusra maryland, MDPosts: 2,583Member Uncommon
    Originally posted by Mulli

    @Horusra

    In which case I stand corrected, thanks for that!

     

    NP image

  • paroxysmparoxysm Nowhere, INPosts: 437Member
    Originally posted by Acornia
    with emails having my email address in both the from and to slots.

    That's because they use the incorrect format/put wrong info in the wrong order when they forge information from their local mta or mta proxy  to make it appear to come from the gaming company.  They just rely on people not checking headers and the links in the email.  Which, sadly, works for them pretty often.

  • IllyssiaIllyssia LondonPosts: 1,524Member

    I would have to write that untill Blizzard can secure their online Battle.net better then it is very risky to trust them with your personal or credit card information.

     

    They were hacked very easily it seems.

  • AramathAramath Mims, FLPosts: 161Member

    I can see it now.  A flood of "my WoW account was hacked" on youtube.  Meanwhile, 3 chinese guys are sitting somewhere saying, "I watch on youtube.  We hack their WoW account and cause Americans to commit suicide."

     

    The only secure computer is the one that is powered off with no connection to the internet and is locked in a nuke proof safe.  Given enough time, a hacker will get into your system, otherwise.

  • jusomdudejusomdude Posts: 2,389Member Uncommon
    Originally posted by Illyssia

    I would have to write that untill Blizzard can secure their online Battle.net better then it is very risky to trust them with your personal or credit card information.

     

    They were hacked very easily it seems.

    Where are you getting your information? If they could be hacked "very easily" it would have happened a long time ago. You have no idea how the system was hacked. It could be a very easy fix. Stop trying to act like it's some catastrophic security issue.

  • IllyssiaIllyssia LondonPosts: 1,524Member
    Originally posted by jusomdude
    Originally posted by Illyssia

    I would have to write that untill Blizzard can secure their online Battle.net better then it is very risky to trust them with your personal or credit card information.

     

    They were hacked very easily it seems.

    Where are you getting your information? If they could be hacked "very easily" it would have happened a long time ago. You have no idea how the system was hacked. It could be a very easy fix. Stop trying to act like it's some catastrophic security issue.

    Well, Battle net 2.0 is only a couple of years old. And, yes, if a company can be hacked and its customers personal info including password security info is stolen then the underlying cause is most likely poor security. Sorry, but you have to point the finger at Activision Blizzard here. 

  • WhiteLanternWhiteLantern Nevada, MOPosts: 2,732Member Common
    Originally posted by Illyssia
    Originally posted by jusomdude
    Originally posted by Illyssia

    I would have to write that untill Blizzard can secure their online Battle.net better then it is very risky to trust them with your personal or credit card information.

     

    They were hacked very easily it seems.

    Where are you getting your information? If they could be hacked "very easily" it would have happened a long time ago. You have no idea how the system was hacked. It could be a very easy fix. Stop trying to act like it's some catastrophic security issue.

    Well, Battle net 2.0 is only a couple of years old. And, yes, if a company can be hacked and its customers personal info including password security info is stolen then the underlying cause is most likely poor security. Sorry, but you have to point the finger at Activision Blizzard here. 

    No, I point the finger at you. It makes almost as much sense.

    I want a mmorpg where people have gone through misery, have gone through school stuff and actually have had sex even. -sagil

  • nuttobnuttob Plantation, FLPosts: 291Member
    This reminds me of when the Cataclysm download went live.  I downloaded it and my account was somehow hacked during the download process, all my items gone from most characters. Took about a week to get it all back.
2
Sign In or Register to comment.