1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Blizzard Servers Hacked, User Data Compromised

Discussion in 'News' started by btarunr, Aug 10, 2012.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,553 (11.25/day)
    Thanks Received:
    13,644
    Location:
    Hyderabad, India
    Online gaming giant Blizzard Entertainment reported unauthorized access to its servers. The security breach was detected earlier this week, and the company claims that the hackers may have accessed user data such as e-mail addresses of Battle.net users, their personal security questions, and information related to mobile and dial-in authentications.

    Blizzard claims that the information compromised is not enough for anyone to gain access to the Battle.net accounts, and that there was no evidence to suggest that more vital bits of user data, such as real names, credit card information, or billing addresses were accessed. Users' Battle.net passwords, which are cryptographically-scrambled, may have been accessed. Since SRP (secure remote protocol) is used to protect the passwords, it is extremely difficult to unscramble them. Blizzard strongly recommends users to change their passwords as investigations into the security breach are on.

    Source: Shack News
     
    Sir B. Fannybottom says thanks.
  2. WhiteLotus

    WhiteLotus

    Joined:
    Jul 30, 2007
    Messages:
    6,536 (2.50/day)
    Thanks Received:
    847
    Can someone please tell me why this information is being so readily hacked into? There seemingly has been a handful of companies now that have had this happen to them.
     
  3. Munki

    Munki

    Joined:
    Sep 13, 2008
    Messages:
    1,227 (0.56/day)
    Thanks Received:
    182
    Location:
    Metro Atlanta
    Because their security employees don't know what they are doing. They don't keep it up to date like they should which makes it easy to exploit.
     
  4. WhiteLotus

    WhiteLotus

    Joined:
    Jul 30, 2007
    Messages:
    6,536 (2.50/day)
    Thanks Received:
    847
    Fools. Well here's to the inevitable "they might have taken some card details" line that is bound to come up.
     
  5. v12dock

    v12dock

    Joined:
    Dec 18, 2008
    Messages:
    1,558 (0.74/day)
    Thanks Received:
    301
    Blame flash mysql and java
     
  6. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,562 (6.25/day)
    Thanks Received:
    3,501
    Location:
    IA, USA
    Or generally bad programming behaviors (like not checking inputs).
     
    Crunching for Team TPU
  7. Munki

    Munki

    Joined:
    Sep 13, 2008
    Messages:
    1,227 (0.56/day)
    Thanks Received:
    182
    Location:
    Metro Atlanta
    Very true.

    I would hope their programmers know this, but that's like saying "I would hope they know to keep their programs updated" Someone somewhere in the company needs some security training or know how to use Google to check for known exploits. Bad Blizzard, BAD!
     
  8. semantics

    semantics

    Joined:
    Jan 13, 2011
    Messages:
    109 (0.08/day)
    Thanks Received:
    17
    eh no skin off my back changed password, security question and email, benefits of holding several different accounts that just get forwarded to one account that has no job but to get forwarded mail. Only thing that ticked me off was that i couldn't copy paste my password when i change password apparently they hate keepass users.
     
  9. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,422 (4.68/day)
    Thanks Received:
    3,240
    generally it is not the IT staff that is in the wrong. phishing is still in this day and age a great way to get user credentials. corporations need to train employees to not give out their credentials to ANYONE.
     
  10. Hilux SSRG

    Hilux SSRG

    Joined:
    May 1, 2012
    Messages:
    949 (1.09/day)
    Thanks Received:
    151
    Location:
    New Jersey, USA
    Just want to know, did Blizzard use an authenticator? Cause if not,... :roll:
     
  11. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,004 (7.88/day)
    Thanks Received:
    7,548
    I changed my password last night just to be safe. I also have an authenticator so I'm really not worried.
     
  12. Aleksander

    Joined:
    Dec 2, 2009
    Messages:
    3,254 (1.86/day)
    Thanks Received:
    304
    I laughed so hard and said myself:
    In the whole forums i register, they get the one i dont! :)
     
  13. Delta6326

    Delta6326

    Joined:
    May 21, 2008
    Messages:
    3,825 (1.65/day)
    Thanks Received:
    667
    Location:
    Iowa, USA
    Changed password to be safe much harder now should take over 60,000 years to get it a a rate of 100,000 passwords a sec.

    But I also use a authenticator.
     
  14. NinkobEi

    NinkobEi

    Joined:
    Nov 27, 2006
    Messages:
    2,045 (0.72/day)
    Thanks Received:
    340
    Oh no, someone might steal my Diablo 3 account that I never use and my long-canceled WOW subscription. What ever will I do?
     
    n-ster says thanks.
  15. [XC] Oj101

    [XC] Oj101

    Joined:
    Jan 23, 2012
    Messages:
    112 (0.12/day)
    Thanks Received:
    59
    Location:
    South Africa
    [​IMG]
     
    Solaris17, SaiZo, n-ster and 2 others say thanks.
  16. Lionheart

    Lionheart

    Joined:
    Apr 30, 2008
    Messages:
    4,051 (1.73/day)
    Thanks Received:
    808
    Location:
    Milky Way Galaxy
    God damnit Blizzard, now I'm gonna feel worried every time I play SC2 :(
     
  17. Aleksander

    Joined:
    Dec 2, 2009
    Messages:
    3,254 (1.86/day)
    Thanks Received:
    304
    I think it is the web programmers fault. They use the old mysql_escape_string instead of mysqli_real_escape_string($connect, $fetch($query))
     
  18. Jimmy2k9

    Jimmy2k9

    Joined:
    Nov 14, 2011
    Messages:
    75 (0.07/day)
    Thanks Received:
    20
    Location:
    Hamilton, Ohio
    This is the first I've heard of them ever being hacked, I been playing WoW on and off since 05'.

    Having an authenticator and using pre-paid game cards, I'm personally not worried about anything. Out of roughly 10 million people who play wow, plus other blizzard games, also inactive accounts created over the years... Odds are pretty slim anything happened to you.
     
  19. Jacez44 New Member

    Joined:
    Apr 29, 2012
    Messages:
    35 (0.04/day)
    Thanks Received:
    6
    Location:
    Givatayim
    Just like Sony, they have more than enough money and more than enough riding on their online integrity to let something like happen.

    I would say it is either something unavoidable or they're really trying to skim the bottom line..
     
  20. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,422 (4.68/day)
    Thanks Received:
    3,240
    more than likely they dont use mysql.
     
  21. Ikaruga

    Ikaruga

    Joined:
    Feb 18, 2011
    Messages:
    870 (0.66/day)
    Thanks Received:
    183
    Ok, let's imagine I work as the head of internet security at Blizzard and I see all those ****-ups at Sony, Nvidia, etc... So guess what I do? I pick up my huge salary and go home to take some rest what I truly deserve.... for months after months .......... obviously;)
     
  22. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.99/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    Seems to me that a lot of people here have little knowledge concerning internet security.
    There is no such thing as 100% secure, as the "guards at the gates" will always have some inherent weakness which sooner or later someone will find and exploit.

    Training and updating is, of course, paramount but that will not stop a hacker who finds a way in that no one knew existed. As protection gets better so do the hackers, and it's a constant battle to keep networks secure.

    And Easy Rhino is right ... one disgruntled employee with server access, and a bone to pick, will foil your best efforts at intrusion prevention.
     
  23. koorosh New Member

    Joined:
    Dec 1, 2009
    Messages:
    39 (0.02/day)
    Thanks Received:
    9
    Location:
    Iran
    And those suckers still force you to use your real name for accounts! There's no privacy anymore:shadedshu

    Even if they didn't get the credit cards and other info, the emails and names are enough for spamming.

    Name + Email + some other personal info = Spam (scam) that really looks like an actual email!
     
  24. Ikaruga

    Ikaruga

    Joined:
    Feb 18, 2011
    Messages:
    870 (0.66/day)
    Thanks Received:
    183
    But if hackers are always a step ahead no matter what (and they were, they are, and they will be ofc), doesn't it paramount to prevent the leeching of mass database chunks to anybody at any time?
    I have to admit that it was more than 15 years ago when I had to touch security related stuffz, (so I pretty much have no clue how it's going nowadays), but these massive user data leaks are happening all over the globe, and somehow I feel that there must be a way to prevent it happening this large scale, even if it's impossible to avoid it entirely .
    These kind of news telling stories that the hackers are getting the whole user databases, and the only question is that if they can "decode" it or not in that particular case.

    (I hope all of this doesn't sounds like that I want to be a smart*** here, because (honestly) I'm not...:B)
     
  25. Kreij

    Kreij Senior Monkey Moderator Staff Member

    Joined:
    Feb 6, 2007
    Messages:
    13,881 (4.99/day)
    Thanks Received:
    5,616
    Location:
    Cheeseland (Wisconsin, USA)
    Yes, but the user base must have access to their personal information in order to change it if the need arises. Herein lies the problem for security people.
    When you open a window to let the air in, it can be very difficult to keep the dust out despite your best attempts.

    As more and more information is kept online, more will be hacked. It's the nature of the beast.
    Even the best minds in the security fields fight this kind of thing daily. It is no trivial task.
    Add to that the fact that even the best admins are human and may make mistakes ...

    This is usually more the media capitalizing on sensationalistic news than the reality. If things are encrypted in a secure manner it is still VERY difficult to extract information.

    Better to be a smartass than a dumbass. lol
    Just kidding, your post was fine and brings up good discussion.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page