Game News Blizzard hacked: Emails, security questions and answers and encrypted Diablo 3 passwords accessed

[Weierstraß]

By "cryptographically scrambled", do they mean they got the hashes or what?

 

[Metro]

At this point I'm sure the damage is done. The objective was probably to grab access to as many accounts as possible, empty them of gold/virtual items, and then sell them via farmers or whatever. Same thing was probably happening with D3 when that was reported.

 

[Average Manatee]

By "cryptographically scrambled", do they mean they got the hashes or what?

They mean jack shit because those words are not precisely defined. They could have used ROT13. Twice.

 

[DraQ]

Twice.

 

[Black]

At this point I'm sure the damage is done. The objective was probably to grab access to as many accounts as possible, empty them of gold/virtual items, and then sell them via farmers or whatever. Same thing was probably happening with D3 when that was reported.

If some credit card info was stolen there will be an even more massive shitstorm

 

[Average Manatee]

Apparently passwords are case-insensitive for Blizzard. HAHAOHWOW YOU GUYS ARE FUCKING RETARDED AS FUCK.

 

[Mad Method]

That only makes brute-forcing passwords several orders of magnitude easier...

 

[Weierstraß]

Apparently passwords are case-insensitive for Blizzard. HAHAOHWOW YOU GUYS ARE FUCKING RETARDED AS FUCK.

They're also limited to 16 characters but lets you set longer passwords, it just ignores the characters beyond 16.

 

[Average Manatee]

Thats hilariously retarded, but not all that bad considering that 16 character passwords are fairly secure even without case sensitivity. It's the people who have 8 letter passwords which are actually about the strength of a 5-6 letter case-sensitive password who are fucked, and I'm pretty sure the average person has a password under 8 characters.

Not that the average person isn't already using 12345 as their password, but whatever.

 

[Mad Method]

That's nothing. I hear this bank called Wells Fargo caps your password at 13 characters.

 

[Metro]

If some credit card info was stolen there will be an even more massive shitstorm

Eh, doubtful. That's what everyone said about the Valve hacking. The encryption most major companies use for credit card information is AES 256 which is -- for all practical purposes -- impossible to crack without the key.

 

[Average Manatee]

If some credit card info was stolen there will be an even more massive shitstorm

Eh, doubtful. That's what everyone said about the Valve hacking. The encryption most major companies use for credit card information is AES 256 which is -- for all practical purposes -- impossible to crack without the key.

...you DO realize that they almost certainly have the key now, right?

 

[Metro]

I really don't know either way. I'd say it's speculation. It's certainly possible but I wouldn't say 'almost certainly.' Guess we'll know if we see a rash of credit card fraud going on in the next week or so. It's already been five or six days. If the CC info was the ultimate target then they wouldn't waste much time selling the numbers off/making use of them. Keep in mind I'm sure the CC information doesn't use the same encryption that the passwords do. Unless they're absolute morons.

 

[sgc_meltdown]

I for one think that it's wonderful that videogame technology has progressed to the point that you can get personal information stolen from your mandatory online singleplayer game account without the commitment of an paid subscription

it's okay though because just like with action rpg design blizzard is fairly new at this online security thing and will do their best to improve upon their excellent foundation

because blizzard cares about their fans

 

[Humanity has risen!]

I created a new password and it allowed me to use symbols, so my password uses letters, numbers and symbols.

 

[Micmu]

Kids, have fun getting your single player game stolen.
Diablo 3 just keeps on giving. GOTY

 

[deuxhero]

First the ability to spoof session IDs and now this.

Blizzard: Masters of locking.

 

[Shannow]

Funny, but somewhat related, got two spam mails yesterday informing me that my Diablo 3 account is compromised and I should change my password iby hacker provided link.
I guess it might come as a shock, but I dont have a Diablo 3 account nor the game.
My guess is that the hackers also got WoW account information while they had their way with Blizz.

At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

I heard that before:
"There is no mass-hacking of D3 accounts. There is no security hole. Nobody who buys an authenticator will ever be hacked. These are not the droids you are looking for."

As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password.

As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

"Please follow this link and enter your old password before entering your new password twice."


(Yeah, I know... still funny.)

 

[Ulminati]

Diablo 3 is the gift that keeps on giving if you didn't purchase it and are content to watch the trainwreck from afar. You think the whole thing is over save for the screams of the injured, then something ignites a chemical tank and you get a whole new set of 'splosions to "ooh!" and "aaah!" at.

Good thing my battle.net password hasn't been touched since I grew tired of Starcraft 2. It's about a dozen password changes behind everything else I use. By all means, chinese hackerbros. Go to town with my battle.net account. There's nothing on it worth stealing anyway

Waiting for gaudaost to write an elaborate argument that tries to cast the blame onto the people who forgot to buy some additional blizzard email protection service. Or how about you, fizzelopeguss? Still going to maintain that diablo 3 isn't several levels of buttrape the consumer beyond TOR?

 

[fizzelopeguss]

Already in the MMO forum, it's the whole of battle.net. And i don't think people realise how massive this is yet, blizzard spends millions on security...they're not some little chickenshit outfit. To be busted wipe open the way they have is enormous and opens up serious questions on the amount of personal details we give these companies.

hacking community sites and phishing for usernames/passwords is one thing, assfucking sony, xboxlive and blizzard is another. So err, if you have an origin and steam account...you might wanna remove any CC info pronto.

 

[Ulminati]

Who in their right mind saves CC info on sites longer than it takes to perform whatever transaction you're paying for O_o

Probably the same schmucks who don't keep seperate passwords for forums/banking/amazon/steam/whatever.

 

[fizzelopeguss]

Who in their right mind saves CC info on sites longer than it takes to perform whatever transaction you're paying for o_O

you'll be surprised, steam practically relies on it during sales periods (their biggest revenue earner) under a guise of "convenience".

Amazon "buy in 1-click" or whatever they call it.

MMO recurring subscriptions (i usually go for time cards).

it's getting a bit retarded when computer games require as much security input as your bank account.

 

[DraQ]

I don't buy shit through steam and I keep it offline whenever not installing or updating something IN ADDITION TO not storing any sort of sensitive data on it.

I treat it as what it is - a bit more tolerable than normal DRM.

 

[fizzelopeguss]

Steam are terrible, their UK prices are a joke and the shit that goes on sale i've already probably played/pirated already.

Decent aggregator of F2P shite though, their download servers are blazing fast to download clients from.

 

[aris]

Diablo 3 is the gift that keeps on giving if you didn't purchase it and are content to watch the trainwreck from afar. You think the whole thing is over save for the screams of the injured, then something ignites a chemical tank and you get a whole new set of 'splosions to "ooh!" and "aaah!" at.

Good thing my battle.net password hasn't been touched since I grew tired of Starcraft 2. It's about a dozen password changes behind everything else I use. By all means, chinese hackerbros. Go to town with my battle.net account. There's nothing on it worth stealing anyway

Waiting for gaudaost to write an elaborate argument that tries to cast the blame onto the people who forgot to buy some additional blizzard email protection service. Or how about you, fizzelopeguss? Still going to maintain that diablo 3 isn't several levels of buttrape the consumer beyond TOR?

Holy shit? You're part of codex staff now? Seems like your buttlicking has really payed off, and that this forum really is declining.

 

[Metro]

Who in their right mind saves CC info on sites longer than it takes to perform whatever transaction you're paying for o_O

Probably the same schmucks who don't keep seperate passwords for forums/banking/amazon/steam/whatever.

Sometimes the companies continue to store your information on their servers even if you select delete/opt out or whatever. Not surprisingly they aren't 100% honest about things.

 

[Ulminati]

True. But at least it means that if your account gets hijacked, they don't automatically get the CC info to use elsewhere as well. the alternative is not shopping online at all sadly. :/

 

[Mother Russia]

Blizzard is fucked.

Are they trying to blame Chyna? I mean, didn't they say all passwords outside of China were hacked...or something like that.