Blizzard Hacked

At this point - who really cares?

The 75 (real) people still left playing Diablo3 aren't going to suddenly band together and raise a stink. From my perspective D3 has broken down into runaway inflation, and a mix of nothing but botters and hackers. And people defend this?

We are finding out about all this now because Blizzard knows that Diablo3 is an increasingly dead stick.

I got hacked and lost everything despite all the layers of security (yes authenticator) At the time everyone said it was my own fault... in the end though I got my 65 dollars back and went on to bigger better things.

Just like everything else these days -- a company has taken something that was great the franchise itself) and royally destroyed it for a quick buck.
 
Hackers must be salivating beyond belief right now. Blizzard, announcing they will be prompting users to change their passwords in the near future. Gee, this will end well :rolleyes:
 
NKDietrich said:
Tell me what's easier to believe: Blizzard has had internal security breaches constantly for the past 7 years and just hasn't mentioned it until now. OR The majority of Blizzard's fanbase are tech-stupid gamer kids and overly-confident posers who got lazy with their security.
Click to expand...

It is easy to get burned. I never used an authenticator and was very careful with my personal computer. I actually went to the extent of sandboxing my web browsing by only browsing on an Ubuntu VM. What got me was my wife's laptop being compromised. Symantec AV and Microsoft Security Essentials both missed the keylogger; I only found it because I manually eyeballed some of the system folders and found an out of place driver file.

Point is, I'm sure there are tons of compromised PCs out there and in the case of things like man in the middle attacks, in theory even an authenticator won't protect you :(
 
If they are announcing they just found this leak, doesn't it make sense that it's been there all along? I'm not an expert, but it seems to me that things like this don't just "appear."

It just makes Blizzard look REALLY bad when they were blaming their customers who claimed they were hacked when Blizzard itself was seriously compromised.
 
Honestly, pretty much anything can be hacked if the right people want in. Nobody is safe.
 
There are a lot of ways this can happen. Bad actor within the company, even something as silly as an internal computer being compromised by malware, which has happened at banks and other places that you would assume had tight security in place.
 
Bad timing for ol' Blizz to get hacked. They're already on thin ice due to the WoW panda expansion and the suckage of d3. At this point I guess I'd consider them already fallen in.
 
And to top it all off, no Torchlight 2 release date in sight :( Is there no relief to be found??
 
BiH115 said:
How the fuck do these kinds of comments still exist? I thought we evolved past this shit.
Click to expand...

Hah. Yeah, hurr durr why can't they just throw more money at the problem and make it go away. There is no such thing as 100% secure. Companies like Blizzard WILL have a breach. It's inevitable. There are a lot of motivated scumbags out there trying, and they will eventually find a hole. Companies that haven't had a breach either aren't high on the priority list or they've just been lucky. The only difference is how smartly they control what can be taken in the event their systems get compromised. I.e. are you a retard with plaintext passwords, or will hackers just get some scrambled/hashed/salted crap they can never make any use of? Do they get billing information, or just an email address?

That's what decides, for me, whether it's incompetence or just "Shit Happens."
 
i wish i didn't have so much money on my battle.net account, it'd be nice to have the option of downloading the games and deleting my account.
 
Yes, but everyone who got hacked was an idiot and it was probably their fault, right? Where are the Blizzard sycophants now?
 
wabbitseason said:
Yes, but everyone who got hacked was an idiot and it was probably their fault, right? Where are the Blizzard sycophants now?
Click to expand...

This is the constant battle cry of the Blizzard fanboy. "It must be your fault" and there have been a few of those posts in this thread as well.

I'm not surprised they got hacked and I seriously doubt this is the first time as well , I can imagine the only reason they are coming clean about it is to avoid a further fallout with Diablo 3 and it constantly getting attention in the news for its various problems.

No security is perfect , no question on that. If you live under the perception that you are invulnerable from attack because of some random number generating device than you need to wake the fuck up. But the problem I have is the attitude Blizzard employee's give (GM's in WoW for instance) and the attitude players who haven't been hacked give to people who have. This "in fighting" nonsense needs to stop. There are basic steps to be taken to keep your account secure , like not using the same fucking password for EVERYTHING in your life including your bank and so on. If you're doing that than frankly you are lazy and deserve to get hacked to learn a lesson. Make unique passwords for all your accounts and either use a program (Kepass and Lastpass are both excellent at generating very complex passwords and storing them safely) or grab a pen and move your fat fingers around and WRITE THEM DOWN!

But for those of us that take the proper steps not to get hacked and actually change their passwords from time to time and keep there computers virus/trojan free , getting hacked even with a stand alone supposedly "unhackable" authenticator is completely unacceptable. Blizzard must share at least half the responsibility in this regard. The fact that this is one of only maybe a few times they've publicly admitted to having their servers hacked successfully tells me its probably more like dozens if not hundreds of times and possibly without there knowledge.
 
Blizzard is working with law enforcement to track down the hackers and if they are claiming that the breach was in August 4th you can be sure they *detected* the breach in august 4th, you can't call the FBI and tell them your network was compromised and make up the date of the compromise because you decided to not hurt your sales, you can be sure that the FBI will be analyzing all the security logs, etc about this issue. Maybe other breaches happened previously but im almost certain that they didn't notice it if they did.

Now the way the authenticator hack that was going around previously worked was like this:

1. People would get Infected with the trojan from X source.

2. The infected person would try to log in and inputs the user and password and authenticator code into the game as usual.

3. The trojan interrupts this process, gives you an error and passes all this tasty info to a SERVER/BOT that logs into your account before the authenticator code becomes invalid.

4. The bot wipes you clean of all your gold and items.

Pretty clever, however this doesn't mean blizzard failed in any of their security protocols, all it was is an user getting infected by a very well made trojan.

In this breach however they have:

1.Your encrypted password, it still needs to be brute forced

2.Your security question and answer, can be used to reset your password to any password they want.

3.The authenticator hash, they can make an authenticator that gives them the exact same codes yours does.

Fun times.
 
Blizzard has gone downhill in a big way since well before d3. This is just another nail in the coffin for their self destruction. They deserve it. I could care less about my d3 account/game. But the fact is i got my wow info, starcraft 2 etc and every other old blizzard game on there thats what i am i would hate to loose.
 
EvilAngel said:
Blizzard is working with law enforcement to track down the hackers and if they are claiming that the breach was in August 4th you can be sure they *detected* the breach in august 4th, you can't call the FBI and tell them your network was compromised and make up the date of the compromise because you decided to not hurt your sales, you can be sure that the FBI will be analyzing all the security logs, etc about this issue. Maybe other breaches happened previously but im almost certain that they didn't notice it if they did.

Now the way the authenticator hack that was going around previously worked was like this:

1. People would get Infected with the trojan from X source.

2. The infected person would try to log in and inputs the user and password and authenticator code into the game as usual.

3. The trojan interrupts this process, gives you an error and passes all this tasty info to a SERVER/BOT that logs into your account before the authenticator code becomes invalid.

4. The bot wipes you clean of all your gold and items.

Pretty clever, however this doesn't mean blizzard failed in any of their security protocols, all it was is an user getting infected by a very well made trojan.

In this breach however they have:

1.Your encrypted password, it still needs to be brute forced

2.Your security question and answer, can be used to reset your password to any password they want.

3.The authenticator hash, they can make an authenticator that gives them the exact same codes yours does.

Fun times.
Click to expand...

Pretty ruthless stuff. These hackers need their fingers literally cut off instead of these 6 month prison sentences they get.
 
R3ckless said:
Blizzard has gone downhill in a big way since well before d3. This is just another nail in the coffin for their self destruction. They deserve it. I could care less about my d3 account/game. But the fact is i got my wow info, starcraft 2 etc and every other old blizzard game on there thats what i am i would hate to loose.
Click to expand...

Are we serious here? They are the only gaming company still making money hand over fist guy...
 
alienate said:
Are we serious here? They are the only gaming company still making money hand over fist guy...
Click to expand...

I'm pretty sure though that when Diablo 4 comes out (and it most certainly will, due to the financial success of Diablo 3), there will be posts about how Diablo 4 is the worst game ever, the end of Blizzard, etc., and how Diablo 3 was one of the best games ever.
 
WarriorX said:
Anyway to change our secret answer?
Click to expand...

This is what i want to know... i didn't see a way to do that.

alienate said:
Are we serious here? They are the only gaming company still making money hand over fist guy...
Click to expand...

Activition-Blizzard, yes is very financially successful, but they are no longer successful at making good video games. Unfortunately as a business model as we've seen proven by CoD and now D3, a good video game is not necessary to make record sales, just a shit-ton of advertising and a well-known brand name to shit all over.

Nytegard said:
I'm pretty sure though that when Diablo 4 comes out (and it most certainly will, due to the financial success of Diablo 3), there will be posts about how Diablo 4 is the worst game ever, the end of Blizzard, etc., and how Diablo 3 was one of the best games ever.
Click to expand...

No it'll still be Diablo 2 they're talking about
 
Nytegard said:
I'm pretty sure though that when Diablo 4 comes out (and it most certainly will, due to the financial success of Diablo 3), there will be posts about how Diablo 4 is the worst game ever, the end of Blizzard, etc., and how Diablo 3 was one of the best games ever.
Click to expand...

Not even remotely close to the reality. Diablo 2 and the Blizzard that created it are worlds--WORLDS--apart from the profit-first Blizzard of today.
 
For Blizzard apparently caring so much about security, it seems PRETTY FUCKING RETARDED to have case insensitive passwords.

Just throwing that switch alone would be a fairly enormous boost to potential entropy.
 
socK said:
For Blizzard apparently caring so much about security, it seems PRETTY FUCKING RETARDED to have case insensitive passwords.

Just throwing that switch alone would be a fairly enormous boost to potential entropy.
Click to expand...

Actually they do care.

If Blizzard used case sensitive passwords

Customer: BLIZZ I CANT LOG IN PLZ HELP

Blizzard: Turn your caps off bro

Customer: BLIZZ HOW DO I DO THAT

Blizzard dumbing things down nothing is missed...not even passwords.
 
Interesting that I should see this today... I just received this email a few days ago and I don't even play WOW. All I ever did was play the beta a long time ago because I was a Fileplanet subscriber.

Subject: World of Warcraft - Account Investigation

Greetings!

We have already noted that you are trying to sell your personal World of Warcraft account (s). Terms of Use

Whaaaaat? I played the WOW beta for maybe a hour before I quit because I hated it...


http://us.blizzard.com/en-us/company/legal/wow_tou.html

It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership. You must complete the steps below to secure the account and your computer.

STEP 1: ACCOUNT INVESTIGATION
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions:

http://us.blizzard.com/support/article/securitywebform

STEP 2: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.

Please be aware that if unauthorized access to this account, it may lead to further action against the account.

Regards,

Game Master Dunarthra
Customer Services
Blizzard Entertainment
http://us.battle.net/support/en/
 
zamardii said:
Interesting that I should see this today... I just received this email a few days ago and I don't even play WOW. All I ever did was play the beta a long time ago because I was a Fileplanet subscriber.

Subject: World of Warcraft - Account Investigation

Greetings!

We have already noted that you are trying to sell your personal World of Warcraft account (s). Terms of Use

Whaaaaat? I played the WOW beta for maybe a hour before I quit because I hated it...


http://us.blizzard.com/en-us/company/legal/wow_tou.html

It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership. You must complete the steps below to secure the account and your computer.

STEP 1: ACCOUNT INVESTIGATION
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions:

http://us.blizzard.com/support/article/securitywebform

STEP 2: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.

Please be aware that if unauthorized access to this account, it may lead to further action against the account.

Regards,

Game Master Dunarthra
Customer Services
Blizzard Entertainment
http://us.battle.net/support/en/
Click to expand...

Spam email most likely. I get them every so often in my spam box. Lack of real name, the sender. Are fishy.
 
WarriorX said:
Spam email most likely. I get them every so often in my spam box. Lack of real name, the sender. Are fishy.
Click to expand...

Cut and dry spam mail. Blizzard doesn't send any links in their email and they don't do "investigations" if your account was suspected of anything breaking the tos they would just lock it and not tell you.
 
lol, spammers. These guys could get real creative sometimes.

I noticed in game lately there's some spam where they post a long message trying to mimic a conversation followed by the spam message. Its a single message, but it looks like 2 person are chatting, and then comes the spam message. Notice you can't right click on the 2nd and 3rd person name because they are all just text in a message, not actual user id. I'm guessing its to avoid people blocking or reporting them.
 
So I'm having some trouble changing my acct info to reflect the leak.

I changed my password no problem.

I don't see anywhere in the battle.net account management where there is a security question, how do I change that? I don't ever recall actually setting one up but I could have forgotten.

Lastly, I have a mobile authenticator on my iPod touch. How am I supposed to "refresh" or whatever this thing so that the leaked hash gets changed? I tried to deactivate the authenticator so I could reactivate it again but I can't get it to work. I go to the blizzard website to deactivate it and it says I have to put in 2 consecutive codes. The problem is by the time I wait for the second code to show up the first one becomes invalid and so it doesn't accept it. The instructions on the website say to press a button to generate a new code but I don't see any way to force getting a new code on my mobile application, just a "sync" button that syncs the timer bar with blizzard's servers- it doesn't force a new code to show up until the bar has gone all the way across.

I have seen spam go to my email address in the past few days telling me I am supposed to confirm my D3 account, etc and give away my password but this is nothing new since I have been receiving these emails for years. They used to be for WoW (which I never played) but now they say D3.
 
Eiolon said:
Just remember, this is not about authenticators getting hacked. This is about a network being hacked.

It's different when accounts are being hacked because it's typically something on the players computer that is enabling it. This time hackers have bypassed the player altogether and gained access to the Blizzard network and databases. They didn't have to rely on a customer downloading a virus or their authenticator not working.
Click to expand...

This. And authenticators are traditionally bypassed with "man-in-the-middle" malware.
 
Godmachine said:
All I can say is "DUH". I was hacked years ago multiple times in WoW even with an authenticator which was suppose to make hacking impossible. Every time I've talked about it in some topic related to this , some mouth breathing fool would interject "then you must have had a trojan or keylogger" despite having a clean install and fresh vanilla copy of WoW running.

Can't believe its taken Blizzard this long to fess up.
Click to expand...

Same here. Got permma-banned for it. I could have gone through the hassles of fighting to get my account back but after the second time decided screw it, not going to give them anymore of my money and I haven't bought a blizzard game since. For me it actually worked out for the best.
 
zamardii said:
Interesting that I should see this today... I just received this email a few days ago and I don't even play WOW. All I ever did was play the beta a long time ago because I was a Fileplanet subscriber.

Subject: World of Warcraft - Account Investigation

Greetings!

We have already noted that you are trying to sell your personal World of Warcraft account (s). Terms of Use

Whaaaaat? I played the WOW beta for maybe a hour before I quit because I hated it...


http://us.blizzard.com/en-us/company/legal/wow_tou.html

It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership. You must complete the steps below to secure the account and your computer.

STEP 1: ACCOUNT INVESTIGATION
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions:

http://us.blizzard.com/support/article/securitywebform

STEP 2: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.

Please be aware that if unauthorized access to this account, it may lead to further action against the account.

Regards,

Game Master Dunarthra
Customer Services
Blizzard Entertainment
http://us.battle.net/support/en/
Click to expand...

Pure unadulterated spam. I get emails like that on my throw-away-hotmail-account all the time even though it's never been linked to any sort of WoW account or Blizzard account or anything of the sort.
 
Godmachine said:
All I can say is "DUH". I was hacked years ago multiple times in WoW even with an authenticator which was suppose to make hacking impossible. Every time I've talked about it in some topic related to this , some mouth breathing fool would interject "then you must have had a trojan or keylogger" despite having a clean install and fresh vanilla copy of WoW running.

Can't believe its taken Blizzard this long to fess up.
Click to expand...

It's not supposed to make it impossible, just more difficult. If you got infected repeatedly and a man-in-the-middle attack got ya, then yes it was a problem on your end. It's not just an issue of being a "clean install" and a "fresh copy of WOW", another machine on your network could have gotten it back onto you, or you just got re-infected without knowing. I find it mind-boggling you can think you're vindicated because years later they had a problem on their end, while yours was caused by an issue on your end.
 
You must log in or register to reply here.
Back
Top