Friday, August 10th 2012

Blizzard Servers Hacked, User Data Compromised

Online gaming giant Blizzard Entertainment reported unauthorized access to its servers. The security breach was detected earlier this week, and the company claims that the hackers may have accessed user data such as e-mail addresses of Battle.net users, their personal security questions, and information related to mobile and dial-in authentications.

Blizzard claims that the information compromised is not enough for anyone to gain access to the Battle.net accounts, and that there was no evidence to suggest that more vital bits of user data, such as real names, credit card information, or billing addresses were accessed. Users' Battle.net passwords, which are cryptographically-scrambled, may have been accessed. Since SRP (secure remote protocol) is used to protect the passwords, it is extremely difficult to unscramble them. Blizzard strongly recommends users to change their passwords as investigations into the security breach are on.Source: Shack News
Add your own comment

32 Comments on Blizzard Servers Hacked, User Data Compromised

#1
D007
I'm willing to bet this happens far more times than we are made aware of..
Posted on Reply
#2
Frick
Fishfaced Nincompoop
by: koorosh
And those suckers still force you to use your real name for accounts! There's no privacy anymore:shadedshu
The moment you stepped online you forfeit privacy, pretty much. Or come to think of it, when you're born.
Posted on Reply
#3
D007
by: Frick
The moment you stepped online you forfeit privacy, pretty much. Or come to think of it, when you're born.
Yea I think they call that a "social security card"..lol..
Posted on Reply
#4
Ikaruga
by: Kreij
As more and more information is kept online, more will be hacked. It's the nature of the beast.
Even the best minds in the security fields fight this kind of thing daily. It is no trivial task.
Add to that the fact that even the best admins are human and may make mistakes ...
Indeed. A long time ago I was building high end servers, workstations, render farms,etc for a huge amount of different companies, and I had the chance to meet and discuss this subject with many admins and security expert.
The one thing I learnt and told was that whatever you want to have secured, you must make sure that it's on a system which doesn't touch the internet at all, because if it does, sooner or later it can be and will be "hacked".
I understand that decades later it's very different story, because thousand of users must have access to content and data, and "things" must be kept online, but - apparently- the main rule still holds:)
Posted on Reply
#5
Solaris17
Creator Solaris Utility DVD
by: Ikaruga
Indeed. A long time ago I was building high end servers, workstations, render farms,etc for a huge amount of different companies, and I had the chance to meet and discuss this subject with many admins and security expert.
The one thing I learnt and told was that whatever you want to have secured, you must make sure that it's on a system which doesn't touch the internet at all, because if it does, sooner or later it can be and will be "hacked".
I understand that decades later it's very different story, because thousand of users must have access to content and data, and "things" must be kept online, but - apparently- the main rule still holds:)
that isnt even entiely plausible anymore though. with a network as big as any MMO game even if the bulk of user data is stored on a server that doesnt host the world. the IT staffs personal PC can access it the game servers can access it and need to access it to authenticate and both game servers and IT guys PC are connected to the net. all roads lead to rome and even the most secure intranet has bridges going to it that eventually connect to the outside. Even the biggest honeypot will crumble if someone is determined enough.
Posted on Reply
#6
Aceman.au
Changed my password, even though I have an authenticator toggle. My account would be worth a fair bit I'd reckon!

Update your security and move on Blizzard. This was unpreventable. Just lucky no credit card details were taken.
Posted on Reply
#7
Ikaruga
by: Solaris17
that isnt even entiely plausible anymore though. with a network as big as any MMO game even if the bulk of user data is stored on a server that doesnt host the world. the IT staffs personal PC can access it the game servers can access it and need to access it to authenticate and both game servers and IT guys PC are connected to the net. all roads lead to rome and even the most secure intranet has bridges going to it that eventually connect to the outside. Even the biggest honeypot will crumble if someone is determined enough.
I understand that of course, but the meaning was that (I guess) there is still no way to protect it if it's online, while you have a small/better chance if it's offline. Another layer of defence is always a good idea, especially when it comes with advantages like that you only have to watch some "bridges" and not the entire "wall":)
Posted on Reply