Page 4 of 11 FirstFirst ...
2
3
4
5
6
... LastLast
  1. #61
    Quote Originally Posted by Kaeh View Post
    If they got the serial numbers to your authenticators on your account, managed to unencrypt the password they could get into your account, easily. However, what they said is "what they CURRENTLY KNOW" is that they cannot use the info they retrieved. If they did get the serial number it is as simple as downloading one of the few apps around that use the authenticator algorithm on the PC (For legitimate use) and plug the serial numbers into those and use it for people whom's account is protected by that.
    They got enough to bombard you with emails and fake battlenet sites to get the password. And then they even have access to real money.


    Like some ppl have said here - Blame D3. Hackers will go to the next level now to get D3 accounts and make money of items.

  2. #62
    Quote Originally Posted by Joán View Post
    I hope you have a source for this remarkably outrageous statement. If they had gotten over private authenticator keys and serial numbers they would not be saying:



    Stop with this nonsense FUD.
    You should re-read. All they need to do is crack the pass words right now to gain access. It says right in the statement the north american bnet authenticators on smart phones *may* have been compromised. Read as: was. Company like blizzard does nothing off the cuff, they had 5 days to prepare this statement, it's laced with policy and politicking.

    A few days from now it wont matter though, since a software update will fix it, i doubt they will be able to crack the scrambled pass words between now and then.

    Reading between the lines is hard.
    Signature Nazi's suck.

  3. #63
    Quote Originally Posted by Gourmandises View Post
    they're easy hackable aswell
    Quote Originally Posted by Gourmandises View Post
    easy hackable aswell
    Quote Originally Posted by Gourmandises View Post
    easy hackable
    Quote Originally Posted by Gourmandises View Post
    easy
    Always adorable when people who haven't a clue about something try to make it out otherwise. FYI, authenticators are extremely difficult and time consuming to hack, and the only known "hack" requires a great deal of timing and far more information than an ordinary account would. It usually just isn't worth the effort, and it's not like someone can target your account and go "herp derp, he has nice stuff, I want to hack his authenticated account". It's an EXTREMELY specific and unlikely series of events that has to transpire, with you giving the hackers the exact info they require to do the hack, before it's even possible for them to do.
    Last edited by Throrion; 2012-08-09 at 10:54 PM.
    This is my signature. You will now remember me.

  4. #64
    Look at it this way, they didn't get passwords from the blizz hack, but they did get authenticator info. Back during the D3 Hack craze farmers openly admitted they hacked fan sites to get login details for thousands of accounts without authenticators.... well guess what, now it's thousands with authenticators who used the same password in both and are at risk.

  5. #65
    Quote Originally Posted by IsaacM View Post
    I wonder if credit card info was compromised too and they're still keeping it a secret.
    It would be Illegal for Blizzard to hide information like that. It is their JOB to let you know if anything like that happened.

    However on-topic.

    It was bound to happen. Xbox,PSN and the Millions of other web-sites,communities that were hacked. It was only a matter of time until someone targetted Blizzard.

    A shame they told us about this a week later after it happened, Right away would have been nice.

  6. #66
    Quote Originally Posted by Muezick View Post
    You should re-read. All they need to do is crack the pass words right now to gain access. It says right in the statement the north american bnet authenticators on smart phones *may* have been compromised. Read as: was. Company like blizzard does nothing off the cuff, they had 5 days to prepare this statement, it's laced with policy and politicking.

    A few days from now it wont matter though, since a software update will fix it, i doubt they will be able to crack the scrambled pass words between now and then.

    Reading between the lines is hard.
    If you read the line

    With regard to Mobile Authenticators, information was taken that could potentially compromise the integrity of North American Mobile Authenticators.
    And translate it to

    All authenticators are now useless but Blizzard doesn't want to say it and we have to "read between the lines".
    Then I believe you will find a remarkably large number of interesting theories about the "truth" of the world out on the internet. This is the kind of selective and intentional misinterpretation that is responsible for every conspiracy theory out there.

  7. #67
    Quote Originally Posted by Malcor View Post
    A shame they told us about this a week later after it happened, Right away would have been nice.
    Why would their first reaction to a big breach of security be "better quickly write up a tweet saying 'we got hacked lol'" rather than spending the time to fix the fucking issue good and proper.
    Jsz
    <The Requiem> US-Horde Mythic
    > twitch.tv stream <

  8. #68
    Now Blizzard should realize that case-sensitive passwords is a must.

  9. #69
    Quote Originally Posted by Calene View Post
    Now Blizzard should realize that case-sensitive passwords is a must.
    that was my first thought when they mentioned hashed passwords, without case-sensitivity decrypting is not as hard as they make it out to be, the possible characters are much more limited.

  10. #70
    Quote Originally Posted by jsz View Post
    Why would their first reaction to a big breach of security be "better quickly write up a tweet saying 'we got hacked lol'" rather than spending the time to fix the fucking issue good and proper.
    yeah cause warning people is really gonna take a lot of time huh?
    I do think its insane they waited an entire week ,wtf Oo

  11. #71
    Pandaren Monk Moosie's Avatar
    Join Date
    Jun 2011
    Location
    England
    Posts
    1,851
    Quote Originally Posted by Alenarien View Post
    Nice to know our subscription fees are going toward good security as opposed to beer/pot/hookers/dividends.
    No amount of money can stop hackers, if they want it, they will get, this is not blizzards fault and they have dealt with it in a good manor.
    Last edited by Moosie; 2012-08-09 at 11:00 PM.
    Moosie <After Hours> : Feral / Restoration

  12. #72
    Quote Originally Posted by Joán View Post
    If you read the line



    And translate it to



    Then I believe you will find a remarkably large number of interesting theories about the "truth" of the world out on the internet. This is the kind of selective and intentional misinterpretation that is responsible for every conspiracy theory out there.
    Believe what you like. I've no interest in changing your opinion or proving you wrong.
    Signature Nazi's suck.

  13. #73
    GG for making us use email as user names and then not encrypting those with the passwords, that's an hour or two I won't get payed for changing my game mail.

  14. #74
    So on the server "terenas", there was a guy selling Reins of the Crimson Deathcharger x 5.....i'm just wondering if it was something he got from blizzard during this security breach? and whoever buys them, will they get banned?

  15. #75
    Quote Originally Posted by Ryme View Post
    Well dang, I wish I knew how they've managed this, out of curiosity more than anything.
    I can answer this question with a high degree of confidence.

    Reused passwords from a breach in another service was used to access an account on Blizzard.

    Access into the admin systems were gained, and seed information for the authenticators was stored there and accessed as well.

    This was most likely not a 'hack' per se, but rather that one (or multiple) employees were simply insecure and the system was breached through the front door.

  16. #76
    This is more worrysome to the Diablo 3 players who have their Paypal info attached to their battle.net.

    They got access to our email, security answer, and for those using a mobile authenticator, the serial #.....

  17. #77
    Keyboard Turner Caseyzissou's Avatar
    Join Date
    Oct 2011
    Location
    Montana
    Posts
    4
    I bet it was that fucker James Holmes.

  18. #78
    High Overlord Elynis's Avatar
    Join Date
    Apr 2012
    Location
    Q Continuum
    Posts
    167
    Thank you Blizz for being upfront and informative, most of us really do appreciate it

  19. #79
    The Patient Jetstream's Avatar
    Join Date
    Jul 2010
    Location
    Austin, TX
    Posts
    306
    Meh. If they thought Credit Cards had been breached they'd be on the horn with all the banks right now saying "these are the cards that have been compromised, issue new cards."

    In fact, when another website I did business with got hacked a couple years ago that's exactly what happened. Bank of America sent me a new card without me even knowing something had happened.

  20. #80
    Legendary! Ryme's Avatar
    Join Date
    Jul 2009
    Location
    In a field, somewhere
    Posts
    6,157
    Quote Originally Posted by Talon View Post
    I can answer this question with a high degree of confidence.

    Reused passwords from a breach in another service was used to access an account on Blizzard.

    Access into the admin systems were gained, and seed information for the authenticators was stored there and accessed as well.

    This was most likely not a 'hack' per se, but rather that one (or multiple) employees were simply insecure and the system was breached through the front door.
    All of the data that was stolen is accessible remotely? I would have thought that information of this level would have been stored on an internal network.
    I am the lucid dream
    Uulwi ifis halahs gag erh'ongg w'ssh


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •