Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Blizzard Sued over lax B.Net Security; Profiting on Authenticators

1234568»

Comments

  • grimgryphongrimgryphon Pacific Northwest, WAPosts: 682Member
    Originally posted by Psychow
    Originally posted by grimgryphon

    I don't know how anyone could possibly hack a Blizzard account. After reading this thread, I decided to log in to my BattleNet account just to make sure everything was fine. I keep an authenticator attached even though I don't play because...well, you know. image

    This is what happened.

    • Logged in with my email and password. Asked for my auth code.
    • Entered the code. Received a wrong code message.
    • Re-entered the next code. Received another wrong code message.
    • Clicked on the "Can't Log In" link.
    • Entered my name and email address. Code sent to my phone.
    • Entered the code sent to me. Received a wrong code message.
    • Re-sent the code. Received a new one. Entered it and received another wrong code message.
    • Resent the code again. Received another new code and entered it. This one worked.
    • Received a mail asking me to remove and re-attach my authenticator.
    • Removed the authenticator. I was prompty logged out.
    • Logged back in. I was told my account was disabled because of suspicious activity. *groan*
    • Followed the instructions to re-enable my account.
    • Re-enabled my account.
    • Went to the support page and wrote a nasty response about the experience. Pressed sumbit.
    • Received a "browser cannot display this page" message.
    • Closed my browser and gave up vowing to never visit a Blizzard website again.

    I guess hackers are just very persistent. 

     

    Hey that's a neat story grimgryphon. I've had a WoW authenticator for 4+ years and have never,  not ONCE, zero, i.e. it hasn't happened ever, had any of the issues you described. I think the issue may be a user error. Like maybe you have the wrong authenticator serial number attached to you account.

     

    Either that or you are a liar.

    Hey that's an interesting response, Psychow.

    It could have been a bad serial because -- like I said in my post -- I don't play but keep an authenticator attatched for security reasons.

    Maybe you missed that part. Either that or you're illiterate.

    Optional PvP = No PvP
  • SonofSethSonofSeth ZagrebPosts: 1,884Member

    This feels like a good spot to drop this article about internet security. Hopefully it puts some things in perspective.

     

    Kill the Password: Why a String of Characters Can’t Protect Us Anymore

    image

  • BurntvetBurntvet Baltimore, MDPosts: 2,947Member Uncommon

    And finally, it seems, MMORPG.com got around to "reporting" this story, just about a week after other people did and this thread was started.

    But really, it isn't "news" any more, when it is that old of a story.

    They missed the boat, so why bother...

     

     

  • LienhartLienhart Markham, ONPosts: 635Member
    Originally posted by DrunkWolf
    Originally posted by Rednecksith
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by Karahandras
    Originally posted by Psychow

    I own a car.

    I could spend a little extra and add a car alarm for extra security.

    If my car get's broken into, should I file a lawsuit against the car manufacturer because they didn't make the car impenatrable?

     

    These kinds of lawyers need to be lined up and shot and left to rot in a mass grave....

    Can that car be opened and started with a screwdriver?

    What do you know about network security and/or software security?

    What do you know about hotwiring, jacking, or stealing cars?

    Did you know that if you park a sport motorcycle in a condo daily (ie, live there) there is an extremely high chance someone will come in, pick it up, put it on a van, and dirve away with it and you will fail to sue the manufactorer, police, condo management AND the city?

    Get your head out of your ass. Security is your own issue.

     Security becomes their issue the second i have to put in any kind of personal info, such as a CC number.

    Oh, so they're supposed to come over to your house and make sure your internet connection is secure, that your PC is free of malware, that you're using proper antimalware protection, that you have good browsing habits, that you don't click on suspicious emails or links, etc.?

    Asking a lot for that $15 per month, aren't we?

     i dont remember saying any of that in my post. good job makeing stuff up.

    all im saying is if i put my personal info into their game i expect that info to be secure. and if they get hacked and it gets my acounts hacked because of it then its THEIR fault.

    whats wrong with wanting my info secure ?  does it say in their TOS or somthing that they arnt responsible for my info when i give it to them?

    And if I pay $14,000 for a Fireblade, I don't want it to be stolen either.

    What the hell is your point? Sounds REALLY self-righteous.

  • expressoexpresso mePosts: 2,183Member Uncommon
    some of you just need to take some responsibilty for your own actions and stop blaming everyone else.
  • PhryPhry HampshirePosts: 6,296Member Uncommon
    Originally posted by expresso
    some of you just need to take some responsibilty for your own actions and stop blaming everyone else.

    if only, so many people treat security like a joke, and when they get hacked, or fall foul of a phishing mail etc, they complain that its everybody elses fault except their own, honestly some of the complaints, reasons for complaints just highlight how little they know about the subject, hell some of them shouldnt be allowed within 3 feet of a computer, let alone one that has access to the internet. People seriously need to learn how to protect themselves online, especially if their trawling the seedier side of the internet, as seems likely. image

  • DouganDouganDouganDougan MAdridPosts: 15Member

    99% hacked accounts are because people go websites for bots, buying gold, unsecured websites, etc.. deal with it.

     

     

  • PhryPhry HampshirePosts: 6,296Member Uncommon
    Originally posted by grimgryphon
    Originally posted by Psychow
    Originally posted by grimgryphon

    I don't know how anyone could possibly hack a Blizzard account. After reading this thread, I decided to log in to my BattleNet account just to make sure everything was fine. I keep an authenticator attached even though I don't play because...well, you know. image

    This is what happened.

    • Logged in with my email and password. Asked for my auth code.
    • Entered the code. Received a wrong code message.
    • Re-entered the next code. Received another wrong code message.
    • Clicked on the "Can't Log In" link.
    • Entered my name and email address. Code sent to my phone.
    • Entered the code sent to me. Received a wrong code message.
    • Re-sent the code. Received a new one. Entered it and received another wrong code message.
    • Resent the code again. Received another new code and entered it. This one worked.
    • Received a mail asking me to remove and re-attach my authenticator.
    • Removed the authenticator. I was prompty logged out.
    • Logged back in. I was told my account was disabled because of suspicious activity. *groan*
    • Followed the instructions to re-enable my account.
    • Re-enabled my account.
    • Went to the support page and wrote a nasty response about the experience. Pressed sumbit.
    • Received a "browser cannot display this page" message.
    • Closed my browser and gave up vowing to never visit a Blizzard website again.

    I guess hackers are just very persistent. 

     

    Hey that's a neat story grimgryphon. I've had a WoW authenticator for 4+ years and have never,  not ONCE, zero, i.e. it hasn't happened ever, had any of the issues you described. I think the issue may be a user error. Like maybe you have the wrong authenticator serial number attached to you account.

     

    Either that or you are a liar.

    Hey that's an interesting response, Psychow.

    It could have been a bad serial because -- like I said in my post -- I don't play but keep an authenticator attatched for security reasons.

    Maybe you missed that part. Either that or you're illiterate.

    All will probably become clearer, if you take into account that the site he was trying to log into, wasnt the real one.
    it looks like a combination of phishing and MitM attack, most likely his email account was hacked in the past and he hadnt changed his email password. image

  • DrunkWolfDrunkWolf Posts: 1,180Member Uncommon
    Originally posted by Lienhart
    Originally posted by DrunkWolf
    Originally posted by Rednecksith
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by Karahandras
    Originally posted by Psychow

    I own a car.

    I could spend a little extra and add a car alarm for extra security.

    If my car get's broken into, should I file a lawsuit against the car manufacturer because they didn't make the car impenatrable?

     

    These kinds of lawyers need to be lined up and shot and left to rot in a mass grave....

    Can that car be opened and started with a screwdriver?

    What do you know about network security and/or software security?

    What do you know about hotwiring, jacking, or stealing cars?

    Did you know that if you park a sport motorcycle in a condo daily (ie, live there) there is an extremely high chance someone will come in, pick it up, put it on a van, and dirve away with it and you will fail to sue the manufactorer, police, condo management AND the city?

    Get your head out of your ass. Security is your own issue.

     Security becomes their issue the second i have to put in any kind of personal info, such as a CC number.

    Oh, so they're supposed to come over to your house and make sure your internet connection is secure, that your PC is free of malware, that you're using proper antimalware protection, that you have good browsing habits, that you don't click on suspicious emails or links, etc.?

    Asking a lot for that $15 per month, aren't we?

     i dont remember saying any of that in my post. good job makeing stuff up.

    all im saying is if i put my personal info into their game i expect that info to be secure. and if they get hacked and it gets my acounts hacked because of it then its THEIR fault.

    whats wrong with wanting my info secure ?  does it say in their TOS or somthing that they arnt responsible for my info when i give it to them?

    And if I pay $14,000 for a Fireblade, I don't want it to be stolen either.

    What the hell is your point? Sounds REALLY self-righteous.

    Fireblade? wtf are you talking about?

    once again let me try to make this very simple so you understand.

    i give blizzard my info.

    they get hacked and now my info is in enemy hands.

    that is THEIR fault.

    do you understand? or do i need to bust out the flash cards?

  • PsychowPsychow SF Giants Territory, CAPosts: 1,784Member
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by DrunkWolf
    Originally posted by Rednecksith
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by Karahandras
    Originally posted by Psychow

    I own a car.

    I could spend a little extra and add a car alarm for extra security.

    If my car get's broken into, should I file a lawsuit against the car manufacturer because they didn't make the car impenatrable?

     

    These kinds of lawyers need to be lined up and shot and left to rot in a mass grave....

    Can that car be opened and started with a screwdriver?

    What do you know about network security and/or software security?

    What do you know about hotwiring, jacking, or stealing cars?

    Did you know that if you park a sport motorcycle in a condo daily (ie, live there) there is an extremely high chance someone will come in, pick it up, put it on a van, and dirve away with it and you will fail to sue the manufactorer, police, condo management AND the city?

    Get your head out of your ass. Security is your own issue.

     Security becomes their issue the second i have to put in any kind of personal info, such as a CC number.

    Oh, so they're supposed to come over to your house and make sure your internet connection is secure, that your PC is free of malware, that you're using proper antimalware protection, that you have good browsing habits, that you don't click on suspicious emails or links, etc.?

    Asking a lot for that $15 per month, aren't we?

     i dont remember saying any of that in my post. good job makeing stuff up.

    all im saying is if i put my personal info into their game i expect that info to be secure. and if they get hacked and it gets my acounts hacked because of it then its THEIR fault.

    whats wrong with wanting my info secure ?  does it say in their TOS or somthing that they arnt responsible for my info when i give it to them?

    And if I pay $14,000 for a Fireblade, I don't want it to be stolen either.

    What the hell is your point? Sounds REALLY self-righteous.

    Fireblade? wtf are you talking about?

    once again let me try to make this very simple so you understand.

    i give blizzard my info.

    they get hacked and now my info is in enemy hands.

    that is THEIR fault.

    do you understand? or do i need to bust out the flash cards?

     

    Did they get hacked? I have never heard that news. 

  • Hyperion5182Hyperion5182 Easton, PAPosts: 66Member

    They've kept it quiet but yes. And they werent the only ones.

     

    Sony account security is better than most people realize and they got hammered too. EA got friggin taken down. That WOULD be blizzard's fault.

  • ConsequenceConsequence Lake Worth, FLPosts: 358Member
    Originally posted by Psychow
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by DrunkWolf
    Originally posted by Rednecksith
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by Karahandras
    Originally posted by Psychow

    I own a car.

    I could spend a little extra and add a car alarm for extra security.

    If my car get's broken into, should I file a lawsuit against the car manufacturer because they didn't make the car impenatrable?

     

    These kinds of lawyers need to be lined up and shot and left to rot in a mass grave....

    Can that car be opened and started with a screwdriver?

    What do you know about network security and/or software security?

    What do you know about hotwiring, jacking, or stealing cars?

    Did you know that if you park a sport motorcycle in a condo daily (ie, live there) there is an extremely high chance someone will come in, pick it up, put it on a van, and dirve away with it and you will fail to sue the manufactorer, police, condo management AND the city?

    Get your head out of your ass. Security is your own issue.

     Security becomes their issue the second i have to put in any kind of personal info, such as a CC number.

    Oh, so they're supposed to come over to your house and make sure your internet connection is secure, that your PC is free of malware, that you're using proper antimalware protection, that you have good browsing habits, that you don't click on suspicious emails or links, etc.?

    Asking a lot for that $15 per month, aren't we?

     i dont remember saying any of that in my post. good job makeing stuff up.

    all im saying is if i put my personal info into their game i expect that info to be secure. and if they get hacked and it gets my acounts hacked because of it then its THEIR fault.

    whats wrong with wanting my info secure ?  does it say in their TOS or somthing that they arnt responsible for my info when i give it to them?

    And if I pay $14,000 for a Fireblade, I don't want it to be stolen either.

    What the hell is your point? Sounds REALLY self-righteous.

    Fireblade? wtf are you talking about?

    once again let me try to make this very simple so you understand.

    i give blizzard my info.

    they get hacked and now my info is in enemy hands.

    that is THEIR fault.

    do you understand? or do i need to bust out the flash cards?

     

    Did they get hacked? I have never heard that news. 

    Yes, they wer hacked in August. The mere fact that you did not hear about it only supports the claims of the Plaintiff that Blizz did not do enough to warn their players after the hack occured. 

     

    Again, I have seen Blizz's official response to the suit. Many here have. They refute a lot of claims of the plaintiff. But, they do not refute the claims that Blizzard has made a profit off the sale of authenicators. There is also the may 22 statement where they say no customers with authenticators have been hacked, then the massive outcry of people on the forums claiming that was untrue and the may 26th reversal by Blizz of that statement saying that people with authenticators had in fact been hacked. So there was deception there about a product they sold,. That is not at all in doubt. 

     

  • jusomdudejusomdude Somewhere, KSPosts: 2,401Member

    I'm guessing this is going to be laughed out of court. Blizzard offers authenticator's as an extra security layer, and as an additional service. Last time I checked, companies usually charge extra for additional services. You aren't guaranteed security by anyone. If you believe their services aren't secure I'm sure you have every right to discontinue your account and have all your information wiped from their systems.

    It's funny that people think Blizzard is less secure than any other company that deals with customer information. There is no such thing as absolute security on the internet. If you're so worried about your information being disclosed then you better avoid the internet alltogether.

     

    Some games don't even offer authenticators... one reused password, keylog, etc and your account is gone.

     

    Of coarse it's always everyone elses fault except your own, time to get sue happy!

     

    Blizzard will win this without a doubt... I think it will be fairly easy to check the browsing and security practices of the userbase involved, and I'm guessing it won't be pretty.

  • OziiusOziius Baltimore, MDPosts: 1,388Member Uncommon
    Originally posted by Burntvet
    Originally posted by Phry
    Sounds more like some dodgy lawyer type out to either  make a name for themselves or/and money, though how you managed to link Blizzard and Sony together in this, is just weird. More than likely the attempted lawsuit will fail anyway, its a bit like the google vs apple thing, its only newsworthy if its successful, so to speak, lawsuits are just an occupational hazard for large companies, especially with so many chancers around.image

    Well, one of the big ones for me is the whole thing with selling authenticators.

    If Bliz knew people needed to use an authenticator, they they knew that their network/acct security was not good enough. If they knew their security was not good enough, they should have fixed it. They can afford it.

    And they REALLY shouldn't have charged people for a separate product to make up for that shoddy system in place to protect people's personal data.

    They should have either incorporated the authenticator functionality into the main program, or given the authenticator away for free.

     

    Horseshit. My company uses authenticators also. Its additional security, period. This is a bullshit case that will go nowhere as blizzard does not require the authenticator. In addition, they do offer it or free for hose who have a device at can utilize it. They only charge ( very little I might add) for the device as they are made, which isn't free. 

  • OziiusOziius Baltimore, MDPosts: 1,388Member Uncommon
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by DrunkWolf
    Originally posted by Rednecksith
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by Karahandras
    Originally posted by Psychow

    I own a car.

    I could spend a little extra and add a car alarm for extra security.

    If my car get's broken into, should I file a lawsuit against the car manufacturer because they didn't make the car impenatrable?

     

    These kinds of lawyers need to be lined up and shot and left to rot in a mass grave....

    Can that car be opened and started with a screwdriver?

    What do you know about network security and/or software security?

    What do you know about hotwiring, jacking, or stealing cars?

    Did you know that if you park a sport motorcycle in a condo daily (ie, live there) there is an extremely high chance someone will come in, pick it up, put it on a van, and dirve away with it and you will fail to sue the manufactorer, police, condo management AND the city?

    Get your head out of your ass. Security is your own issue.

     Security becomes their issue the second i have to put in any kind of personal info, such as a CC number.

    Oh, so they're supposed to come over to your house and make sure your internet connection is secure, that your PC is free of malware, that you're using proper antimalware protection, that you have good browsing habits, that you don't click on suspicious emails or links, etc.?

    Asking a lot for that $15 per month, aren't we?

     i dont remember saying any of that in my post. good job makeing stuff up.

    all im saying is if i put my personal info into their game i expect that info to be secure. and if they get hacked and it gets my acounts hacked because of it then its THEIR fault.

    whats wrong with wanting my info secure ?  does it say in their TOS or somthing that they arnt responsible for my info when i give it to them?

    And if I pay $14,000 for a Fireblade, I don't want it to be stolen either.

    What the hell is your point? Sounds REALLY self-righteous.

    Fireblade? wtf are you talking about?

    once again let me try to make this very simple so you understand.

    i give blizzard my info.

    they get hacked and now my info is in enemy hands.

    that is THEIR fault.

    do you understand? or do i need to bust out the flash cards?

    Nice try. Hacking is an illegal action and does not make Blizzard liable. Do you realize how dumb that sounds?

  • DrunkWolfDrunkWolf Posts: 1,180Member Uncommon
    Originally posted by Praetalus
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by DrunkWolf
    Originally posted by Rednecksith
    Originally posted by DrunkWolf
    Originally posted by Lienhart
    Originally posted by Karahandras
    Originally posted by Psychow

    I own a car.

    I could spend a little extra and add a car alarm for extra security.

    If my car get's broken into, should I file a lawsuit against the car manufacturer because they didn't make the car impenatrable?

     

    These kinds of lawyers need to be lined up and shot and left to rot in a mass grave....

    Can that car be opened and started with a screwdriver?

    What do you know about network security and/or software security?

    What do you know about hotwiring, jacking, or stealing cars?

    Did you know that if you park a sport motorcycle in a condo daily (ie, live there) there is an extremely high chance someone will come in, pick it up, put it on a van, and dirve away with it and you will fail to sue the manufactorer, police, condo management AND the city?

    Get your head out of your ass. Security is your own issue.

     Security becomes their issue the second i have to put in any kind of personal info, such as a CC number.

    Oh, so they're supposed to come over to your house and make sure your internet connection is secure, that your PC is free of malware, that you're using proper antimalware protection, that you have good browsing habits, that you don't click on suspicious emails or links, etc.?

    Asking a lot for that $15 per month, aren't we?

     i dont remember saying any of that in my post. good job makeing stuff up.

    all im saying is if i put my personal info into their game i expect that info to be secure. and if they get hacked and it gets my acounts hacked because of it then its THEIR fault.

    whats wrong with wanting my info secure ?  does it say in their TOS or somthing that they arnt responsible for my info when i give it to them?

    And if I pay $14,000 for a Fireblade, I don't want it to be stolen either.

    What the hell is your point? Sounds REALLY self-righteous.

    Fireblade? wtf are you talking about?

    once again let me try to make this very simple so you understand.

    i give blizzard my info.

    they get hacked and now my info is in enemy hands.

    that is THEIR fault.

    do you understand? or do i need to bust out the flash cards?

    Nice try. Hacking is an illegal action and does not make Blizzard liable. Do you realize how dumb that sounds?

    I agree that first part you said sounds really dumb

  • fayknaymfayknaym Washington, DCPosts: 125Member

    If fbi gets hacked can I sue the fbi? I know they have my info...I'm onto you fbi!!! <.<  >.>

    But, speaking more seriously, if Blizzard failed to pursue the necessary measures, in accordance with the law, that they promised to their customers for protecting them, then there might be a case. However, if they did pursue those measures and they were still hacked, then they are not at fault. Simple.

  • SonofSethSonofSeth ZagrebPosts: 1,884Member
    Originally posted by DrunkWolf

    .....I agree that first part you said sounds really dumb

    You should really read the article I linked earlier, so you don't sound as delusional as you do.

    image

  • grimgryphongrimgryphon Pacific Northwest, WAPosts: 682Member
    Originally posted by Phry
    Originally posted by grimgryphon
    Originally posted by Psychow
    Originally posted by grimgryphon

    I don't know how anyone could possibly hack a Blizzard account. After reading this thread, I decided to log in to my BattleNet account just to make sure everything was fine. I keep an authenticator attached even though I don't play because...well, you know. image

    This is what happened.

    • Logged in with my email and password. Asked for my auth code.
    • Entered the code. Received a wrong code message.
    • Re-entered the next code. Received another wrong code message.
    • Clicked on the "Can't Log In" link.
    • Entered my name and email address. Code sent to my phone.
    • Entered the code sent to me. Received a wrong code message.
    • Re-sent the code. Received a new one. Entered it and received another wrong code message.
    • Resent the code again. Received another new code and entered it. This one worked.
    • Received a mail asking me to remove and re-attach my authenticator.
    • Removed the authenticator. I was prompty logged out.
    • Logged back in. I was told my account was disabled because of suspicious activity. *groan*
    • Followed the instructions to re-enable my account.
    • Re-enabled my account.
    • Went to the support page and wrote a nasty response about the experience. Pressed sumbit.
    • Received a "browser cannot display this page" message.
    • Closed my browser and gave up vowing to never visit a Blizzard website again.

    I guess hackers are just very persistent. 

     

    Hey that's a neat story grimgryphon. I've had a WoW authenticator for 4+ years and have never,  not ONCE, zero, i.e. it hasn't happened ever, had any of the issues you described. I think the issue may be a user error. Like maybe you have the wrong authenticator serial number attached to you account.

     

    Either that or you are a liar.

    Hey that's an interesting response, Psychow.

    It could have been a bad serial because -- like I said in my post -- I don't play but keep an authenticator attatched for security reasons.

    Maybe you missed that part. Either that or you're illiterate.

    All will probably become clearer, if you take into account that the site he was trying to log into, wasnt the real one.
    it looks like a combination of phishing and MitM attack, most likely his email account was hacked in the past and he hadnt changed his email password. image

    How many helpings of derp did you consume before uttering that response? If you think any of that was a hacking attempt, then you need to learn how security strikes happen.

    /onegreatbiggiantfacepalm

     

    Optional PvP = No PvP
1234568»
Sign In or Register to comment.