Battle.net?

BloodOmen

I am a FH squatter
Joined
Jan 27, 2004
Messages
18,158
its been confirmed that its affected EU aswell now tho NA still has been hit the worse.

and the best part? they've known about it for a fucking week and not told anyone

Here's a summary of the data that we know was illegally accessed:
North American-based accounts, including players from Latin America, Australia, New Zealand, and Southeast Asia
  • Email addresses
  • Answers to secret security questions
  • Cryptographically scrambled versions of passwords (not actual passwords)
  • Information associated with the Mobile Authenticator
  • Information associated with the Dial-in Authenticator
  • Information associated with Phone Lock, a security system associated with Taiwan accounts only
Accounts from all global regions outside of China (including Europe and Russia)
  • Email addresses
China-based accounts
  • Unaffected
At this time, there’s no evidence that financial information of any kind has been accessed. This includes credit cards, billing addresses, names, or other payment information.
 

old.Tohtori

FH is my second home
Joined
Jan 23, 2004
Messages
45,210
Well, can't protect a network fully from all the hacky types of folk out there. Should always turn the hate towards the people doing this, but more often then not the company gets the flack.
 

Raven

Fuck the Tories!
Joined
Dec 27, 2003
Messages
44,859
You can create a secure network, or at least one that is such a ballache that people give up. That isn't the whole point though, the data should at least be encrypted. I have no idea if this is the case with Blizzard...

Oh and taking a week to tell people is pretty stupid, people need to know as soon as it happens so they can change passwords and whatnot. Especially those that use the same password on other sites.
 

old.Tohtori

FH is my second home
Joined
Jan 23, 2004
Messages
45,210
Where did it say that it's been a week since the attack? I just read "this week". (ignore this line)

Anyway, point stands; blame the hackers.

Ah ok, it's on the link in link. Yeah 5 days is a long time to keep it quiet, their answer to it;

"Why did Blizzard announce this on August 9?
We worked around the clock since we discovered the unauthorized user to determine the nature of the trespass and understand what data was accessed. Our first priority was to re-secure our network, and from there we worked simultaneously on the investigation and on informing our global player base. We wanted to strike a balance between speed and accuracy in our reporting and worked diligently to serve both equally important needs."

http://eu.battle.net/support/en/article/important-security-update-faq

Should answer all.
 
Last edited:

Raven

Fuck the Tories!
Joined
Dec 27, 2003
Messages
44,859
I actually blame both the hackers and the companies involved. The way corps handle our personal data is shocking.
 

old.Tohtori

FH is my second home
Joined
Jan 23, 2004
Messages
45,210
Well it certainly could be worse. The stuff is encrypted with *waves finger* whatever that srp rsp thing is they use and they didn't get any personal info.

Not saying this is good and that blizz did good here, but nothing -really- rage worthy.

Couldn't really say, never worked in a multibillion dollar company security department :D
 

Deebs

Chief Arsewipe
Staff member
Moderator
FH Subscriber
Joined
Dec 11, 1997
Messages
9,076,999
Well it certainly could be worse. The stuff is encrypted with *waves finger* whatever that srp rsp thing is they use and they didn't get any personal info.

Not saying this is good and that blizz did good here, but nothing -really- rage worthy.

Couldn't really say, never worked in a multibillion dollar company security department :D
Didn't get personal info? email addresses, question and answer info counts as personal information in my book (also I understand that the Q&A stuff was not encrypted).

Fucking retards. When storing any form of personal data or authentication details make sure it is at least encrypted. Period. There is no excuse.
 

Raven

Fuck the Tories!
Joined
Dec 27, 2003
Messages
44,859
ofc they are, for a lot of sites they are the login name for starters...including WoW
 

old.Tohtori

FH is my second home
Joined
Jan 23, 2004
Messages
45,210
Yeah don't want to start a big thing about it, blizzard f*cked up, hackers bad, doesn't look like it's a huge issue. That's about it.
 

Scouse

Giant Thundercunt
FH Subscriber
Joined
Dec 22, 2003
Messages
36,758
I actually blame both the hackers and the companies involved. The way corps handle our personal data is shocking.

Yep.

Hackers are a fact of life. Billion-dollar corporations have a duty of care to ensure that their systems are secure.

Banks do a great job of securing their customer data. There's no reason why we shouldn't expect other companies to have lesser standards.

Those that fail deserve a horrid roasting for doing a piss-poor job of protecting their customers. Also, the bigger the corporation and the more resources they have available to create a secure network, the worse the offence...
 

DaGaffer

Down With That Sorta Thing
Joined
Dec 22, 2003
Messages
18,517
Yep.

Hackers are a fact of life. Billion-dollar corporations have a duty of care to ensure that their systems are secure.

Banks do a great job of securing their customer data. There's no reason why we shouldn't expect other companies to have lesser standards.

Those that fail deserve a horrid roasting for doing a piss-poor job of protecting their customers. Also, the bigger the corporation and the more resources they have available to create a secure network, the worse the offence...

Not to defend Blizzard, but bank level security with physical pin delivery and all that malarky, just isn't a practical or economic possibility for most businesses, and actually most customers would hate it as well; imagine trying to sign up for WoW and being told you have to wait a week for a PIN. Like everything in life its about balancing risk and convenience.

As I said though, this isn't to defend Blizzard; they've fucked up the tools they do have available big style and the five day silence in particular is unforgivable.
 

Talivar

Part of the furniture
Joined
Jan 27, 2004
Messages
2,057
I might be wrong but dont blizzard also charge people for things like the mobile auth stuff?
 

Scouse

Giant Thundercunt
FH Subscriber
Joined
Dec 22, 2003
Messages
36,758
Not to defend Blizzard, but bank level security with physical pin delivery and all that malarky, just isn't a practical or economic possibility for most businesses

I agree.

However, this looks like Blizzard's infrastructure was compromised (not just a basic authentication issue). Banks are technology companies, Blizzard is a technology company (with massive corporate earnings). They shouldn't be getting compromised as often as they are IMO...
 

Raven

Fuck the Tories!
Joined
Dec 27, 2003
Messages
44,859
The mobile app is free but there is a remote access auction house which is about £1.50-£2.00 a month or something.
 

Bahumat

FH is my second home
Joined
Jun 22, 2004
Messages
16,788
Is the information related to authenticators the special code you get enabling you to add the authenticator to another mobile?
 

Gwadien

Uneducated Northern Cretin
Joined
Jul 15, 2006
Messages
19,927
It's odd, but why do they hold all these details, surely the only things they should really have is your log in details, and that's about it - why don't they just process the subscription payment, then delete your information, just to protect their own backs?

That way if they did get hacked, it was only your game account under threat, not your bank details, or are people too addicted to convenience?

Oh yeah, - Auto-renewal... Making money off forgetful people :p
 
Last edited:

Ormorof

FH is my second home
Joined
Dec 22, 2003
Messages
9,888
It's odd, but why do they hold all these details, surely the only things they should really have is your log in details, and that's about it - why don't they just process the subscription payment, then delete your information, just to protect their own backs?

That way if they did get hacked, it was only your game account under threat, not your bank details, or are people too addicted to convenience?

Oh yeah, - Auto-renewal... Making money off forgetful people :p

or in some cases (if my GOA memories are still intact) making money off people even after they cancel :p

i havent logged in in ages to battle net but i have just changed my password... just to make sure the gate is closed after the horse has bolted ;)
 

DaGaffer

Down With That Sorta Thing
Joined
Dec 22, 2003
Messages
18,517
It's odd, but why do they hold all these details, surely the only things they should really have is your log in details, and that's about it - why don't they just process the subscription payment, then delete your information, just to protect their own backs?

That way if they did get hacked, it was only your game account under threat, not your bank details, or are people too addicted to convenience?

Oh yeah, - Auto-renewal... Making money off forgetful people :p

Password recovery would be one reason. And no bank details were threatened directly. The issue would be that personal info was released that could help with ID theft elsewhere.

Auto-renewal...I see your "Making money off forgetful lazy people" and raise you "Auto-renewal, because customers absolutely don't want the hassle"
 

BloodOmen

I am a FH squatter
Joined
Jan 27, 2004
Messages
18,158
At a loss what to do now, basically I have ALL of my mmos + steam on the same e-mail as my WoW e-mail BUT it's very well protected password/security question wise (by that I mean the security question is completely unrelated to the answer and the password is alphabetical/numerical 12+ characters long) the e-mail is literally not used anywhere else, no facebook, no forums nowhere else people can get it from etc.

Suggestions? got over £1000 worth of steam games for a start and about 15 mmos on the e-mail so a fair bit to lose if it did get raped
 

Raven

Fuck the Tories!
Joined
Dec 27, 2003
Messages
44,859
Change your password/s

Since Sony fucked up, I always use several unrelated random words punctuated by either numbers or symbols & $ £ if I can. Easier to remember and harder to brute force.
 

old.Tohtori

FH is my second home
Joined
Jan 23, 2004
Messages
45,210
Yeah, just change the passwords and if you want, contact steam(others) if you can reset your secret question.

Even if people disagree with me on the privacy of an email address(which i get, not going to argue it), it's luckily not the end all security breach.

And ofcourse change the email password too, many forget that :D
 

BloodOmen

I am a FH squatter
Joined
Jan 27, 2004
Messages
18,158
Dear Steam User,

This is an automated message generated by Steam account administration. It is being sent in response to a query made by a Steam user to discover all account names associated with this email address.


- - - - -

Way to go Blizzard you useless fucking cunts, now having to change every single thing I had on said e-mail address due to the amount of mail its getting thanks to Blizztard.
 

Users who are viewing this thread

Top Bottom