• We've upgraded our forums. Please post any issues/requests in this thread.

Blizzard Servers Hacked, User Data Compromised

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
34,335 (9.23/day)
Likes
17,427
Location
Hyderabad, India
System Name Long shelf-life potato
Processor Intel Core i7-4770K
Motherboard ASUS Z97-A
Cooling Xigmatek Aegir CPU Cooler
Memory 16GB Kingston HyperX Beast DDR3-1866
Video Card(s) 2x GeForce GTX 970 SLI
Storage ADATA SU800 512GB
Display(s) Samsung U28D590D 28-inch 4K
Case Cooler Master CM690 Window
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Corsair HX850W
Mouse Razer Abyssus 2014
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro Creators Update
#1
Online gaming giant Blizzard Entertainment reported unauthorized access to its servers. The security breach was detected earlier this week, and the company claims that the hackers may have accessed user data such as e-mail addresses of Battle.net users, their personal security questions, and information related to mobile and dial-in authentications.

Blizzard claims that the information compromised is not enough for anyone to gain access to the Battle.net accounts, and that there was no evidence to suggest that more vital bits of user data, such as real names, credit card information, or billing addresses were accessed. Users' Battle.net passwords, which are cryptographically-scrambled, may have been accessed. Since SRP (secure remote protocol) is used to protect the passwords, it is extremely difficult to unscramble them. Blizzard strongly recommends users to change their passwords as investigations into the security breach are on.

Show full news post
 
Joined
Jul 30, 2007
Messages
6,560 (1.73/day)
Likes
835
System Name Vintage
Processor i7 - 3770K @ Stock
Cooling Scythe Zipang II
Memory 2x4GB Crucial DDR3
Video Card(s) MSI GTX970
Storage M4 124GB SSD// WD Black 640GB// WD Black 1TB//Samsung F3 1.5TB
Display(s) Samsung SM223BW 21.6"
Case Generic
Power Supply Corsair HX 520W
Software Windows 7
#2
Can someone please tell me why this information is being so readily hacked into? There seemingly has been a handful of companies now that have had this happen to them.
 
Joined
Sep 13, 2008
Messages
1,226 (0.36/day)
Likes
179
Location
Metro Atlanta
Processor Intel i5 2550K @ 4.4Ghz
Motherboard Asrock Extreme3 Gen3
Cooling CM Hyper 212+
Memory 16Gb (4x4) XMS3 1600mhz
Video Card(s) EVGA GTX470
Storage OCZ Vertex 3 - 240GB
Display(s) (2) Acer 24" LCD
Case Bitfenix Raider
Power Supply SILVERSTONE Strider Gold Evolution SST-ST1000-G Evolution 1000W
Software Windows 7 Pro x64 | Backtrack 5 R2
#3
Can someone please tell me why this information is being so readily hacked into? There seemingly has been a handful of companies now that have had this happen to them.
Because their security employees don't know what they are doing. They don't keep it up to date like they should which makes it easy to exploit.
 
Joined
Jul 30, 2007
Messages
6,560 (1.73/day)
Likes
835
System Name Vintage
Processor i7 - 3770K @ Stock
Cooling Scythe Zipang II
Memory 2x4GB Crucial DDR3
Video Card(s) MSI GTX970
Storage M4 124GB SSD// WD Black 640GB// WD Black 1TB//Samsung F3 1.5TB
Display(s) Samsung SM223BW 21.6"
Case Generic
Power Supply Corsair HX 520W
Software Windows 7
#4
Because their security employees don't know what they are doing. They don't keep it up to date like they should which makes it easy to exploit.
Fools. Well here's to the inevitable "they might have taken some card details" line that is bound to come up.
 
Joined
Dec 18, 2008
Messages
1,833 (0.56/day)
Likes
523
System Name Computer
Processor 1700X
Motherboard CH6
Cooling Custom Loop
Memory G.Skill 32GB
Video Card(s) GTX 1070
Storage 500GB Samsung 850 Evo Msata
Display(s) LG 23" IPS
Power Supply Seasonic 760 Platinum
Software Windows 8.1 64-Bit
#5
Blame flash mysql and java
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
20,921 (6.24/day)
Likes
10,022
Location
IA, USA
System Name BY-2015
Processor Intel Core i7-6700K (4 x 4.00 GHz) w/ HT and Turbo on
Motherboard MSI Z170A GAMING M7
Cooling Scythe Kotetsu
Memory 2 x Kingston HyperX DDR4-2133 8 GiB
Video Card(s) PowerColor PCS+ 390 8 GiB DVI + HDMI
Storage Crucial MX300 275 GB, Seagate 6 TB 7200 RPM
Display(s) Samsung SyncMaster T240 24" LCD (1920x1200 HDMI) + Samsung SyncMaster 906BW 19" LCD (1440x900 DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay
Audio Device(s) Realtek Onboard, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse SteelSeries Sensei RAW
Keyboard Tesoro Excalibur
Software Windows 10 Pro 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
#6
Or generally bad programming behaviors (like not checking inputs).
 
Joined
Sep 13, 2008
Messages
1,226 (0.36/day)
Likes
179
Location
Metro Atlanta
Processor Intel i5 2550K @ 4.4Ghz
Motherboard Asrock Extreme3 Gen3
Cooling CM Hyper 212+
Memory 16Gb (4x4) XMS3 1600mhz
Video Card(s) EVGA GTX470
Storage OCZ Vertex 3 - 240GB
Display(s) (2) Acer 24" LCD
Case Bitfenix Raider
Power Supply SILVERSTONE Strider Gold Evolution SST-ST1000-G Evolution 1000W
Software Windows 7 Pro x64 | Backtrack 5 R2
#7
Or generally bad programming behaviors (like not checking inputs).
Very true.

I would hope their programmers know this, but that's like saying "I would hope they know to keep their programs updated" Someone somewhere in the company needs some security training or know how to use Google to check for known exploits. Bad Blizzard, BAD!
 
Joined
Jan 13, 2011
Messages
181 (0.07/day)
Likes
31
#8
eh no skin off my back changed password, security question and email, benefits of holding several different accounts that just get forwarded to one account that has no job but to get forwarded mail. Only thing that ticked me off was that i couldn't copy paste my password when i change password apparently they hate keepass users.
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,405 (3.56/day)
Likes
4,257
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#9
generally it is not the IT staff that is in the wrong. phishing is still in this day and age a great way to get user credentials. corporations need to train employees to not give out their credentials to ANYONE.
 
Joined
May 1, 2012
Messages
1,024 (0.50/day)
Likes
170
Location
New Jersey, USA
System Name Current Rig
Processor Intel i7 920 oc to 3.5ghz
Motherboard MSI x58 Platinum
Cooling Cooler Master Seidon 120M
Memory G.Skill 6gb ddr3 1333mhz 7-7-7-18
Video Card(s) Gigabyte GTX 670 OC WindForce 3X GV-N670OC-2GD
Storage Samsung EVO SSD
Display(s) Viewsonic 1440x900 5ms
Case CoolMaster HAF 932
Power Supply Coolmax 950w
Software Win 7 64bit
#10
Just want to know, did Blizzard use an authenticator? Cause if not,... :roll:
 
Joined
Jun 3, 2007
Messages
22,400 (5.82/day)
Likes
8,922
Location
'Merica. The Great SOUTH!
System Name The Mailbox 4.5
Processor Intel i7 2600k @ 4.2GHz
Motherboard Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling Scythe Katana 4
Memory G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz
Storage 256Gb M4 SSD, 500Gb WD (7200) 128Gb Agelity 4 SSD
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080
Case Cooler Master 922 HAF
Audio Device(s) SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) and a Wacom Intuos 4 tablet.
Keyboard Razer BlackWidow
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
#11
I changed my password last night just to be safe. I also have an authenticator so I'm really not worried.
 
Joined
Dec 2, 2009
Messages
3,257 (1.11/day)
Likes
315
System Name Mercury KM-81
Processor Phenom II x4 B50
Motherboard ASUS M4A89GTD PRO
Cooling Cooler Master Hyper TX3
Memory 6GB Ram (4GBx1 Corsair 2GBx1 Nanya)
Video Card(s) PowerColor AX6770 V2.0
Storage 2TB WD Black, 1TB Hitachi, 500 GB WD Blue
Display(s) Philips 247E-LPH 24" 1920x1080
Case Mercury
Audio Device(s) Integrated Realtek
Power Supply Corsair 750TX
Software Windows 7 64-bit
Benchmark Scores Maybe it is time to benchmark :D
#12
I laughed so hard and said myself:
In the whole forums i register, they get the one i dont! :)
 
Joined
May 21, 2008
Messages
4,090 (1.17/day)
Likes
766
Location
Iowa, USA
System Name FUTURE CUBE!
Processor intel Core i5 6600k
Motherboard Gigabyte Z170X-Gaming 7
Cooling Phanteks PH-TC14PE BK
Memory G.Skill TridentZ 3000 Mhz C15 32GB 2x16GB
Video Card(s) Gigabyte Aorus 1080 Ti
Storage 2x M.2 Samsung Evo 250GB/500GB / WD Blue 500GB / 2x RAID1 Toshiba P300 3TB
Display(s) Samsung C24FG70 1080p 144hz Quantum Dot/ASUS VH226H 1080p 21.5"
Case "THE CUBE" Custom built, pure Red Alder wood
Audio Device(s) Creative Sound Core3D/ Logitech Z-2300 200 watts/ Beyerdynamic DT 880
Power Supply Seasonic X Gold 650W
Mouse Logitech G700
Keyboard Logitech G910
Software Windows 10 Pro
#13
Changed password to be safe much harder now should take over 60,000 years to get it a a rate of 100,000 passwords a sec.

But I also use a authenticator.
 
Joined
Nov 27, 2006
Messages
2,106 (0.52/day)
Likes
371
System Name Norfree
Processor i5 3570k @4.4
Motherboard Gigabyte UD5H
Cooling 212 Evo
Memory 4x4GB Kingston 1600 @ 1833 9cl
Video Card(s) Sapphire Nitro Fury
Storage Corsair SSD, WD Black
Display(s) 1080p TV
Case Corsair 300-R
Audio Device(s) Auzentech Prelude > Fidelio X2s and AD-700s
Power Supply PCP&C Silent 950w
Software Win 10 Pro 64
#14
Oh no, someone might steal my Diablo 3 account that I never use and my long-canceled WOW subscription. What ever will I do?
 
Joined
Apr 30, 2008
Messages
4,315 (1.23/day)
Likes
1,015
Location
Multidimensional
System Name Derp!
Processor i7 7700 @ 4.2Ghz Turbo On
Motherboard Gigabyte B250 Phoenix Wifi ITX Motherboard
Cooling Noctua NH-L9i LP Cooler || Cooler Master Fan Pro RGB 120mm x 2
Memory 16GB Corsair Vengeance LPX DDR4 2400mhz RAM
Video Card(s) AMD Reference RX 480 8GB
Storage 250GB SS 960 Evo M.2 || WD Blue 500GB SSD || 2TB SG FC SSHD
Display(s) Hisense 1080p Smart LED HDTV 40inch
Case Fractal Node 202 Mini ITX Case
Audio Device(s) Realtek HD Audio / HDMI Audio Via GPU
Power Supply Corsair SFX 600W PSU
Mouse CoolerMaster Masterkeys Lite L RGB Mouse
Keyboard CoolerMaster Masterkeys Lite L RGB Mem-Chanical Keyboard
Software Windows 10 Home 64bit
Benchmark Scores Later
#16
God damnit Blizzard, now I'm gonna feel worried every time I play SC2 :(
 
Joined
Dec 2, 2009
Messages
3,257 (1.11/day)
Likes
315
System Name Mercury KM-81
Processor Phenom II x4 B50
Motherboard ASUS M4A89GTD PRO
Cooling Cooler Master Hyper TX3
Memory 6GB Ram (4GBx1 Corsair 2GBx1 Nanya)
Video Card(s) PowerColor AX6770 V2.0
Storage 2TB WD Black, 1TB Hitachi, 500 GB WD Blue
Display(s) Philips 247E-LPH 24" 1920x1080
Case Mercury
Audio Device(s) Integrated Realtek
Power Supply Corsair 750TX
Software Windows 7 64-bit
Benchmark Scores Maybe it is time to benchmark :D
#17
I think it is the web programmers fault. They use the old mysql_escape_string instead of mysqli_real_escape_string($connect, $fetch($query))
 
Joined
Nov 14, 2011
Messages
75 (0.03/day)
Likes
20
Location
Hamilton, Ohio
System Name Enforcer
Processor i5 3570k
Motherboard ASrock Z77 Extreme4
Cooling Cooler Master Hyper 212 evo
Memory 8gb G.skill Ripjaws X 1600
Video Card(s) EVGA SC GTX 780 3gb
Storage Samsung 840 Evo 250gb SSD, Seagate Barracuda 1TB
Display(s) Asus VH226h 21.5" LCD (1920x1080)
Case CM Storm Enforcer
Power Supply Rosewill Hive 750w
Mouse Logitech G9x
Keyboard Corsair k70
Software Windows 7 home premium 64-bit sp1
#18
This is the first I've heard of them ever being hacked, I been playing WoW on and off since 05'.

Having an authenticator and using pre-paid game cards, I'm personally not worried about anything. Out of roughly 10 million people who play wow, plus other blizzard games, also inactive accounts created over the years... Odds are pretty slim anything happened to you.
 

Jacez44

New Member
Joined
Apr 29, 2012
Messages
35 (0.02/day)
Likes
6
Location
Givatayim
System Name White Phoenix
Processor Intel i7-2600k @ 5.1Ghz (1.525v)
Motherboard Gigabyte P67A-UD7
Cooling Thermalright TRUE
Memory G.SKill 16GB DDR3-2000 CL9
Video Card(s) eVGA GTX 680 2GB
Storage Crucial M4 256GB w/12TB NAS
Display(s) 2007FP / 3007WFP / 2007FP
Case White Antec p190
Audio Device(s) X-Fi XtremeGamer
Power Supply Silverstone 1000w [Single Rail]
Software Windows 7 64-bit SP1
#19
Just like Sony, they have more than enough money and more than enough riding on their online integrity to let something like happen.

I would say it is either something unavoidable or they're really trying to skim the bottom line..
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,405 (3.56/day)
Likes
4,257
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#20
I think it is the web programmers fault. They use the old mysql_escape_string instead of mysqli_real_escape_string($connect, $fetch($query))
more than likely they dont use mysql.
 
Joined
Feb 18, 2011
Messages
1,240 (0.50/day)
Likes
503
#21
Ok, let's imagine I work as the head of internet security at Blizzard and I see all those ****-ups at Sony, Nvidia, etc... So guess what I do? I pick up my huge salary and go home to take some rest what I truly deserve.... for months after months .......... obviously;)
 

Kreij

Senior Monkey Moderator
Staff member
Joined
Feb 6, 2007
Messages
13,817 (3.48/day)
Likes
5,524
Location
Cheeseland (Wisconsin, USA)
Processor Intel Core 2 Quad QX9650 Extreme @ 3.0 GHz
Motherboard Asus Rampage Formula
Cooling ZeroTherm Nirvana NV120 Premium
Memory 8GB (4 x 2GB) Corsair Dominator PC2-8500
Video Card(s) 2 x Sapphire Radeon HD6970
Storage 2 x Seagate Barracuda 320GB in RAID 0
Display(s) Dell 3007WFP 30" LCD (2560 x 1600)
Case Thermaltake Armor w/ 250mm Side Fan
Audio Device(s) SupremeFX 8ch Audio
Power Supply Thermaltake Toughpower 750W Modular
Software Win8 Pro x64 / Cat 12.10
#22
Seems to me that a lot of people here have little knowledge concerning internet security.
There is no such thing as 100% secure, as the "guards at the gates" will always have some inherent weakness which sooner or later someone will find and exploit.

Training and updating is, of course, paramount but that will not stop a hacker who finds a way in that no one knew existed. As protection gets better so do the hackers, and it's a constant battle to keep networks secure.

And Easy Rhino is right ... one disgruntled employee with server access, and a bone to pick, will foil your best efforts at intrusion prevention.
 

koorosh

New Member
Joined
Dec 1, 2009
Messages
38 (0.01/day)
Likes
9
Location
Iran
System Name Heftop!
Processor Pentium Dual Core T3400 @ 2.16 GHz
Motherboard Toshiba
Memory 2GB Kingston + 1GB Samsung DDR2
Video Card(s) Crappy GMA X4500 128MB shared
Storage Toshiba 500GB 5400rpm
Display(s) 15.4"
Case Satellite Pro S300-EZ1511
Software Vista HB SP2 32bit | Fedora 16 x86_64
#23
And those suckers still force you to use your real name for accounts! There's no privacy anymore:shadedshu

Even if they didn't get the credit cards and other info, the emails and names are enough for spamming.

Name + Email + some other personal info = Spam (scam) that really looks like an actual email!
 
Joined
Feb 18, 2011
Messages
1,240 (0.50/day)
Likes
503
#24
Seems to me that a lot of people here have little knowledge concerning internet security.
There is no such thing as 100% secure, as the "guards at the gates" will always have some inherent weakness which sooner or later someone will find and exploit.

Training and updating is, of course, paramount but that will not stop a hacker who finds a way in that no one knew existed. As protection gets better so do the hackers, and it's a constant battle to keep networks secure.

And Easy Rhino is right ... one disgruntled employee with server access, and a bone to pick, will foil your best efforts at intrusion prevention.
But if hackers are always a step ahead no matter what (and they were, they are, and they will be ofc), doesn't it paramount to prevent the leeching of mass database chunks to anybody at any time?
I have to admit that it was more than 15 years ago when I had to touch security related stuffz, (so I pretty much have no clue how it's going nowadays), but these massive user data leaks are happening all over the globe, and somehow I feel that there must be a way to prevent it happening this large scale, even if it's impossible to avoid it entirely .
These kind of news telling stories that the hackers are getting the whole user databases, and the only question is that if they can "decode" it or not in that particular case.

(I hope all of this doesn't sounds like that I want to be a smart*** here, because (honestly) I'm not...:B)
 

Kreij

Senior Monkey Moderator
Staff member
Joined
Feb 6, 2007
Messages
13,817 (3.48/day)
Likes
5,524
Location
Cheeseland (Wisconsin, USA)
Processor Intel Core 2 Quad QX9650 Extreme @ 3.0 GHz
Motherboard Asus Rampage Formula
Cooling ZeroTherm Nirvana NV120 Premium
Memory 8GB (4 x 2GB) Corsair Dominator PC2-8500
Video Card(s) 2 x Sapphire Radeon HD6970
Storage 2 x Seagate Barracuda 320GB in RAID 0
Display(s) Dell 3007WFP 30" LCD (2560 x 1600)
Case Thermaltake Armor w/ 250mm Side Fan
Audio Device(s) SupremeFX 8ch Audio
Power Supply Thermaltake Toughpower 750W Modular
Software Win8 Pro x64 / Cat 12.10
#25
But if hackers are always a step ahead no matter what (and they were, they are, and they will be ofc), doesn't it paramount to prevent the leeching of mass database chunks to anybody at any time?
Yes, but the user base must have access to their personal information in order to change it if the need arises. Herein lies the problem for security people.
When you open a window to let the air in, it can be very difficult to keep the dust out despite your best attempts.

I have to admit that it was more than 15 years ago when I had to touch security related stuffz, (so I pretty much have no clue how it's going nowadays), but these massive user data leaks are happening all over the globe, and somehow I feel that there must be a way to prevent it happening this large scale, even if it's impossible to avoid it entirely.
As more and more information is kept online, more will be hacked. It's the nature of the beast.
Even the best minds in the security fields fight this kind of thing daily. It is no trivial task.
Add to that the fact that even the best admins are human and may make mistakes ...

These kind of news telling stories that the hackers are getting the whole user databases, and the only question is that if they can "decode" it or not in that particular case.
This is usually more the media capitalizing on sensationalistic news than the reality. If things are encrypted in a secure manner it is still VERY difficult to extract information.

(I hope all of this doesn't sounds like that I want to be a smart*** here, because (honestly) I'm not...:B)
Better to be a smartass than a dumbass. lol
Just kidding, your post was fine and brings up good discussion.