Blizzard Hacked

So much for their great security they boasted about during the Diablo 3 charade:

http://us.blizzard.com/en-us/securityupdate.html

 

At least they didn't bother with us filthy Europeans. Getting relegated to second plan does seem to pay off some times.

 

Fortunately I used a shit password on b.net anyway which I only use there and on a few other games, so I probably won't bother changing it.

Did get an email a few days back saying they were going to suspend my WoW account due to me trying to sell it (Which I wasn't), and I couldn't tell if it was phishing or legit. I assumed all the Blizzard email I was getting in the past was phishing, but then I found out that my WoW account got stolen a while back (Still no goddamn idea how since I hadn't played for months, never used weird plugins or anything when I did, and none of my other accounts/logins seemed compromised so I figured it wasn't a keylogger on my end) so who the fuck knows.
BLIZZARD!

 

Well, they should've bought an Authenticator! That grants like +100% Immunity to Hacks I herd.

 

People use the same password for multiple sites ?

 

Well, if somebody ever hacks my bank account, I'm screwed over here at the Codex.

 

Oh, mighty DarkUnderlord, I bring gifts!

 

What, again? Doesn't this happen at least once a week? I'm pretty sure Bnet ships pre-hacked for your convenience.

 

LOL

(I actually don't mind Blizzard games too much, It's just that mass butthurt, and especially butthurt from the source is always delightful to witness).

 

Bnet hacking is big money. i don't know why they just don't require a password change every month or fortnight and be done with it.

 

Because that would be extremely obnoxious and have absolutely no useful effect, since people would just +1 their password, and hackers do not generally attack by breaking passwords. Pretty much everything about password security that circulates out there is a myth, nothing more than security circus aimed at promoting the appearance of security without creating actual security. In fact, the very notion has done more damage to security than insecure passwords ever have. Consider: When you've gone and created a culture where people are expected and demanded to use bizarre, inscrutable passwords, and then CHANGE them regularly, THEY WILL LOSE THEM. This is why it is now practically a standard to have a password reset (or worse, retrieval, meaning they're stored plaintext: If you EVER see a site that actually will send you your password as a retrieval, BE WARNED that they are EVIL) mechanism. Of course, security is only as good as its weakest link, so all this does is concentrate security into a single easily broken email.

 

WoW Taiwan adopted it, their rate of account hijacking plummeted.

But seriously though, shows how shit modern digital currency exchange can be, cash is king motherfuckers.

 

Wondering how long steam will last as well, they've dodged a bollock so far.

 

Wait....they got security answers as well....hohohohahahahahahaha

 

And likely used quite a few before hack got detected.

BUY AUTHENTICATOR!!!1 ITZ AN LUCKY ANTI HAX CHARM SRSLY!!!1

Edit:
Also, click the link for even more lulz:
http://battle.net/support/en/article/6327

Especially 2 penultimate Q and A.

Just fucking unreal.

 

I've also never gotten the "secret question" nonsense. It seems like a decidedly underhanded method of stealing personal information from users in the guise of "security". There already *IS* a system in which a secret piece of information is used to gain authenticated access to something. It's called a PASSWORD. I'm not telling you about my fambly, my pets, or anything else about me.

 

I have never used any such secret question, because total number of people other than me knowing about my family, pets or whatever is greater than 0.

 

Pretty much. I always just fill in some totally bullshit answer if forced to fill one in. Because the way I see it, if I told them, it wouldn't be a secret anymore, now would it?

 

They're for Automated password recovery, just went through all that bollocks trying to get my GW1 account back. Forgot much of my info and secret answers (it's a fucking old account). Had to send in my license key to ncsoft to recover it all...which to their credit did it pretty fast for me.

 

I heard that before:
"There is no mass-hacking of D3 accounts. There is no security hole. Nobody who buys an authenticator will ever be hacked. These are not the droids you are looking for."

"Please follow this link and enter your old password before entering your new password twice."


(Yeah, I know... still funny.)

 

"There are no American soldiers in Baghdad."

 

"The king isn't naked!"

 

Of course they are. But "recovery" is exactly what compromises the system. Just look at the other hacking-related thread in GD. What happened? Someone compromised, not the actual passwords, but the "recovery" systems. Guy could have been using "password", and he'd have been fine if there was NO RECOVERY.

 

fisted because of that line.