• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Blizzard Servers Hacked, User Data Compromised

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
46,277 (7.69/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
Online gaming giant Blizzard Entertainment reported unauthorized access to its servers. The security breach was detected earlier this week, and the company claims that the hackers may have accessed user data such as e-mail addresses of Battle.net users, their personal security questions, and information related to mobile and dial-in authentications.

Blizzard claims that the information compromised is not enough for anyone to gain access to the Battle.net accounts, and that there was no evidence to suggest that more vital bits of user data, such as real names, credit card information, or billing addresses were accessed. Users' Battle.net passwords, which are cryptographically-scrambled, may have been accessed. Since SRP (secure remote protocol) is used to protect the passwords, it is extremely difficult to unscramble them. Blizzard strongly recommends users to change their passwords as investigations into the security breach are on.

View at TechPowerUp Main Site
 
Joined
Jul 30, 2007
Messages
6,560 (1.08/day)
System Name Vintage
Processor i7 - 3770K @ Stock
Cooling Scythe Zipang II
Memory 2x4GB Crucial DDR3
Video Card(s) MSI GTX970
Storage M4 124GB SSD// WD Black 640GB// WD Black 1TB//Samsung F3 1.5TB
Display(s) Samsung SM223BW 21.6"
Case Generic
Power Supply Corsair HX 520W
Software Windows 7
Can someone please tell me why this information is being so readily hacked into? There seemingly has been a handful of companies now that have had this happen to them.
 
Joined
Sep 13, 2008
Messages
1,230 (0.22/day)
Location
Metro Atlanta
Processor AMD Ryzen 1700
Motherboard Gigabyte AB350 GAMING 3
Memory 16GB (2x8) 3200MHz
Display(s) Acer 24" LCD
Software Windows 10 Pro
Can someone please tell me why this information is being so readily hacked into? There seemingly has been a handful of companies now that have had this happen to them.

Because their security employees don't know what they are doing. They don't keep it up to date like they should which makes it easy to exploit.
 
Joined
Jul 30, 2007
Messages
6,560 (1.08/day)
System Name Vintage
Processor i7 - 3770K @ Stock
Cooling Scythe Zipang II
Memory 2x4GB Crucial DDR3
Video Card(s) MSI GTX970
Storage M4 124GB SSD// WD Black 640GB// WD Black 1TB//Samsung F3 1.5TB
Display(s) Samsung SM223BW 21.6"
Case Generic
Power Supply Corsair HX 520W
Software Windows 7
Because their security employees don't know what they are doing. They don't keep it up to date like they should which makes it easy to exploit.

Fools. Well here's to the inevitable "they might have taken some card details" line that is bound to come up.
 

FordGT90Concept

"I go fast!1!11!1!"
Joined
Oct 13, 2008
Messages
26,259 (4.65/day)
Location
IA, USA
System Name BY-2021
Processor AMD Ryzen 7 5800X (65w eco profile)
Motherboard MSI B550 Gaming Plus
Cooling Scythe Mugen (rev 5)
Memory 2 x Kingston HyperX DDR4-3200 32 GiB
Video Card(s) AMD Radeon RX 7900 XT
Storage Samsung 980 Pro, Seagate Exos X20 TB 7200 RPM
Display(s) Nixeus NX-EDG274K (3840x2160@144 DP) + Samsung SyncMaster 906BW (1440x900@60 HDMI-DVI)
Case Coolermaster HAF 932 w/ USB 3.0 5.25" bay + USB 3.2 (A+C) 3.5" bay
Audio Device(s) Realtek ALC1150, Micca OriGen+
Power Supply Enermax Platimax 850w
Mouse Nixeus REVEL-X
Keyboard Tesoro Excalibur
Software Windows 10 Home 64-bit
Benchmark Scores Faster than the tortoise; slower than the hare.
Or generally bad programming behaviors (like not checking inputs).
 
Joined
Sep 13, 2008
Messages
1,230 (0.22/day)
Location
Metro Atlanta
Processor AMD Ryzen 1700
Motherboard Gigabyte AB350 GAMING 3
Memory 16GB (2x8) 3200MHz
Display(s) Acer 24" LCD
Software Windows 10 Pro
Or generally bad programming behaviors (like not checking inputs).

Very true.

I would hope their programmers know this, but that's like saying "I would hope they know to keep their programs updated" Someone somewhere in the company needs some security training or know how to use Google to check for known exploits. Bad Blizzard, BAD!
 
Joined
Jan 13, 2011
Messages
219 (0.05/day)
eh no skin off my back changed password, security question and email, benefits of holding several different accounts that just get forwarded to one account that has no job but to get forwarded mail. Only thing that ticked me off was that i couldn't copy paste my password when i change password apparently they hate keepass users.
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,436 (2.43/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
generally it is not the IT staff that is in the wrong. phishing is still in this day and age a great way to get user credentials. corporations need to train employees to not give out their credentials to ANYONE.
 
Joined
May 1, 2012
Messages
1,027 (0.24/day)
Location
New Jersey, USA
System Name Current Rig
Processor AMD 7800X3D
Motherboard MSI x670e Tomahawk wifi
Cooling Artic Freezer II 360
Memory G.Skill 32gb ddr5 6000mhz
Video Card(s) AMD 7900XTX 24 GB
Storage Samsung SSD 980 PRO 2TB
Display(s) Alienware 3420DW 120 Freesync
Case LianLi Lancool III white non-rgb
Audio Device(s) Onboard ALC
Power Supply Corsair Shift 1000W
Mouse G502 Hero
Keyboard Ducky Shine 5
Software Win 11 64bit
Benchmark Scores The second best!
Just want to know, did Blizzard use an authenticator? Cause if not,... :roll:
 

TheMailMan78

Big Member
Joined
Jun 3, 2007
Messages
22,599 (3.68/day)
Location
'Merica. The Great SOUTH!
System Name TheMailbox 5.0 / The Mailbox 4.5
Processor RYZEN 1700X / Intel i7 2600k @ 4.2GHz
Motherboard Fatal1ty X370 Gaming K4 / Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling MasterLiquid PRO 280 / Scythe Katana 4
Memory ADATA RGB 16GB DDR4 2666 16-16-16-39 / G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz / ASUS 780ti
Storage 256Gb M4 SSD / 128Gb Agelity 4 SSD , 500Gb WD (7200)
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080 / Dell 27"
Case Cooler Master MASTERBOX 5t / Cooler Master 922 HAF
Audio Device(s) Realtek ALC1220 Audio Codec / SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply Seasonic FOCUS Plus Series SSR-750PX 750W Platinum / SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) / Logitech G5
Keyboard Razer BlackWidow / Logitech (Unknown)
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
I changed my password last night just to be safe. I also have an authenticator so I'm really not worried.
 
Joined
Dec 2, 2009
Messages
3,351 (0.64/day)
System Name Dark Stealth
Processor Ryzen 5 5600x
Motherboard Gigabyte B450M Gaming rev 1.0
Cooling Snowman, arctic p12 x2 fans
Memory 16x2 DDR4 Corsair Dominator Pro
Video Card(s) 3080 10gb
Storage 2TB NVME PCIE 4.0 Crucial P3 Plus, 1TB Crucial MX500 SSD, 4TB WD RED HDD
Display(s) HP Omen 34c (34" monitor 3440x1440 165Hz VA panel)
Case Zalman S2
Power Supply Corsair 750TX
Mouse Logitech pro superlight, mx mouse s3, Razer Basiliskx with battery
Keyboard Custom mechanical keyboard tm680
Software Windows 11
Benchmark Scores 70-80 fps 3440x1440 on cyberpunk 2077 max settings
I laughed so hard and said myself:
In the whole forums i register, they get the one i dont! :)
 
Joined
May 21, 2008
Messages
4,113 (0.71/day)
Location
Iowa, USA
System Name THE CUBE 2.0
Processor Intel i5 13600k
Motherboard MSI MPG Z690 EDGE DDR4
Cooling Phanteks PH-TC14PE BK 2x T30-120 Fan mod mount
Memory G.Skill TridentZ 3200 MT/s C15 32GB 2x16GB
Video Card(s) Gigabyte Aorus 1080 Ti 11GB OC: Core 2GHz, Mem 5.7GHz
Storage WD SN770 250GB / 3x WD SN850X 2TB / Toshiba X300 4TB / 2x RAID1 Toshiba P300 3TB
Display(s) Samsung 49" Odyssey OLED G95SC 240Hz 5120 x 1440
Case "THE CUBE" Custom built, pure Red Alder wood
Audio Device(s) Beyerdynamic DT 880
Power Supply Corsair RM1000X
Mouse Logitech G700
Keyboard Logitech G910
Software Windows 11 Pro
Changed password to be safe much harder now should take over 60,000 years to get it a a rate of 100,000 passwords a sec.

But I also use a authenticator.
 
Joined
Nov 27, 2006
Messages
2,106 (0.33/day)
System Name Norfree
Processor i5 3570k @4.4
Motherboard Gigabyte UD5H
Cooling 212 Evo
Memory 4x4GB Kingston 1600 @ 1833 9cl
Video Card(s) Sapphire Nitro Fury
Storage Corsair SSD, WD Black
Display(s) 1080p TV
Case Corsair 300-R
Audio Device(s) Auzentech Prelude > Fidelio X2s and AD-700s
Power Supply PCP&C Silent 950w
Software Win 10 Pro 64
Oh no, someone might steal my Diablo 3 account that I never use and my long-canceled WOW subscription. What ever will I do?
 
Joined
Jan 23, 2012
Messages
361 (0.08/day)
Location
South Africa
Processor Pentium II 400 @ 516MHz
Motherboard AOpen AX6BC EZ
Cooling Stock
Memory 192MB PC-133
Video Card(s) 2x Voodoo 12MB in SLI, S3 Trio64V+
Storage Maxtor 40GB
Display(s) ViewSonic E90
Audio Device(s) Sound Blaster 16
Software Windows 98 SE
 
Joined
Apr 30, 2008
Messages
4,875 (0.84/day)
Location
Multidimensional
System Name Boomer Master Race
Processor AMD Ryzen 7 7800X3D 4.2Ghz - 5Ghz CPU
Motherboard MSI B650I Edge Wifi ITX Motherboard
Cooling CM 280mm AIO + 2x 120mm Slim fans
Memory G.Skill Trident Z5 Neo 32GB 6000MHz
Video Card(s) Galax RTX 4060 8GB (Temporary Until Next Gen)
Storage Kingston KC3000 M.2 1TB + 2TB HDD
Display(s) Asus TUF 24Inch 165Hz || AOC 24Inch 180Hz
Case Cooler Master NR200P Max TG ITX Case
Audio Device(s) Built In Realtek Digital Audio HD
Power Supply CoolerMaster V850 SFX Gold 850W PSU
Mouse Logitech G203 Lightsync
Keyboard Atrix RGB Slim Keyboard
VR HMD ( â—” Ę–ĚŻ â—” )
Software Windows 10 Home 64bit
Benchmark Scores Don't do them anymore.
God damnit Blizzard, now I'm gonna feel worried every time I play SC2 :(
 
Joined
Dec 2, 2009
Messages
3,351 (0.64/day)
System Name Dark Stealth
Processor Ryzen 5 5600x
Motherboard Gigabyte B450M Gaming rev 1.0
Cooling Snowman, arctic p12 x2 fans
Memory 16x2 DDR4 Corsair Dominator Pro
Video Card(s) 3080 10gb
Storage 2TB NVME PCIE 4.0 Crucial P3 Plus, 1TB Crucial MX500 SSD, 4TB WD RED HDD
Display(s) HP Omen 34c (34" monitor 3440x1440 165Hz VA panel)
Case Zalman S2
Power Supply Corsair 750TX
Mouse Logitech pro superlight, mx mouse s3, Razer Basiliskx with battery
Keyboard Custom mechanical keyboard tm680
Software Windows 11
Benchmark Scores 70-80 fps 3440x1440 on cyberpunk 2077 max settings
I think it is the web programmers fault. They use the old mysql_escape_string instead of mysqli_real_escape_string($connect, $fetch($query))
 
Joined
Nov 14, 2011
Messages
75 (0.02/day)
Location
Hamilton, Ohio
System Name Enforcer
Processor i5 3570k
Motherboard ASrock Z77 Extreme4
Cooling Cooler Master Hyper 212 evo
Memory 8gb G.skill Ripjaws X 1600
Video Card(s) EVGA SC GTX 780 3gb
Storage Samsung 840 Evo 250gb SSD, Seagate Barracuda 1TB
Display(s) Asus VH226h 21.5" LCD (1920x1080)
Case CM Storm Enforcer
Power Supply Rosewill Hive 750w
Mouse Logitech G9x
Keyboard Corsair k70
Software Windows 7 home premium 64-bit sp1
This is the first I've heard of them ever being hacked, I been playing WoW on and off since 05'.

Having an authenticator and using pre-paid game cards, I'm personally not worried about anything. Out of roughly 10 million people who play wow, plus other blizzard games, also inactive accounts created over the years... Odds are pretty slim anything happened to you.
 

Jacez44

New Member
Joined
Apr 29, 2012
Messages
35 (0.01/day)
Location
Givatayim
System Name White Phoenix
Processor Intel i7-2600k @ 5.1Ghz (1.525v)
Motherboard Gigabyte P67A-UD7
Cooling Thermalright TRUE
Memory G.SKill 16GB DDR3-2000 CL9
Video Card(s) eVGA GTX 680 2GB
Storage Crucial M4 256GB w/12TB NAS
Display(s) 2007FP / 3007WFP / 2007FP
Case White Antec p190
Audio Device(s) X-Fi XtremeGamer
Power Supply Silverstone 1000w [Single Rail]
Software Windows 7 64-bit SP1
Just like Sony, they have more than enough money and more than enough riding on their online integrity to let something like happen.

I would say it is either something unavoidable or they're really trying to skim the bottom line..
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,436 (2.43/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
I think it is the web programmers fault. They use the old mysql_escape_string instead of mysqli_real_escape_string($connect, $fetch($query))

more than likely they dont use mysql.
 
Joined
Feb 18, 2011
Messages
1,259 (0.26/day)
Ok, let's imagine I work as the head of internet security at Blizzard and I see all those ****-ups at Sony, Nvidia, etc... So guess what I do? I pick up my huge salary and go home to take some rest what I truly deserve.... for months after months .......... obviously;)
 

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.21/day)
Location
Cheeseland (Wisconsin, USA)
Seems to me that a lot of people here have little knowledge concerning internet security.
There is no such thing as 100% secure, as the "guards at the gates" will always have some inherent weakness which sooner or later someone will find and exploit.

Training and updating is, of course, paramount but that will not stop a hacker who finds a way in that no one knew existed. As protection gets better so do the hackers, and it's a constant battle to keep networks secure.

And Easy Rhino is right ... one disgruntled employee with server access, and a bone to pick, will foil your best efforts at intrusion prevention.
 

koorosh

New Member
Joined
Dec 1, 2009
Messages
38 (0.01/day)
Location
Iran
System Name Heftop!
Processor Pentium Dual Core T3400 @ 2.16 GHz
Motherboard Toshiba
Memory 2GB Kingston + 1GB Samsung DDR2
Video Card(s) Crappy GMA X4500 128MB shared
Storage Toshiba 500GB 5400rpm
Display(s) 15.4"
Case Satellite Pro S300-EZ1511
Software Vista HB SP2 32bit | Fedora 16 x86_64
And those suckers still force you to use your real name for accounts! There's no privacy anymore:shadedshu

Even if they didn't get the credit cards and other info, the emails and names are enough for spamming.

Name + Email + some other personal info = Spam (scam) that really looks like an actual email!
 
Joined
Feb 18, 2011
Messages
1,259 (0.26/day)
Seems to me that a lot of people here have little knowledge concerning internet security.
There is no such thing as 100% secure, as the "guards at the gates" will always have some inherent weakness which sooner or later someone will find and exploit.

Training and updating is, of course, paramount but that will not stop a hacker who finds a way in that no one knew existed. As protection gets better so do the hackers, and it's a constant battle to keep networks secure.

And Easy Rhino is right ... one disgruntled employee with server access, and a bone to pick, will foil your best efforts at intrusion prevention.

But if hackers are always a step ahead no matter what (and they were, they are, and they will be ofc), doesn't it paramount to prevent the leeching of mass database chunks to anybody at any time?
I have to admit that it was more than 15 years ago when I had to touch security related stuffz, (so I pretty much have no clue how it's going nowadays), but these massive user data leaks are happening all over the globe, and somehow I feel that there must be a way to prevent it happening this large scale, even if it's impossible to avoid it entirely .
These kind of news telling stories that the hackers are getting the whole user databases, and the only question is that if they can "decode" it or not in that particular case.

(I hope all of this doesn't sounds like that I want to be a smart*** here, because (honestly) I'm not...:B)
 

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.21/day)
Location
Cheeseland (Wisconsin, USA)
But if hackers are always a step ahead no matter what (and they were, they are, and they will be ofc), doesn't it paramount to prevent the leeching of mass database chunks to anybody at any time?

Yes, but the user base must have access to their personal information in order to change it if the need arises. Herein lies the problem for security people.
When you open a window to let the air in, it can be very difficult to keep the dust out despite your best attempts.

I have to admit that it was more than 15 years ago when I had to touch security related stuffz, (so I pretty much have no clue how it's going nowadays), but these massive user data leaks are happening all over the globe, and somehow I feel that there must be a way to prevent it happening this large scale, even if it's impossible to avoid it entirely.

As more and more information is kept online, more will be hacked. It's the nature of the beast.
Even the best minds in the security fields fight this kind of thing daily. It is no trivial task.
Add to that the fact that even the best admins are human and may make mistakes ...

These kind of news telling stories that the hackers are getting the whole user databases, and the only question is that if they can "decode" it or not in that particular case.

This is usually more the media capitalizing on sensationalistic news than the reality. If things are encrypted in a secure manner it is still VERY difficult to extract information.

(I hope all of this doesn't sounds like that I want to be a smart*** here, because (honestly) I'm not...:B)

Better to be a smartass than a dumbass. lol
Just kidding, your post was fine and brings up good discussion.
 
Top