Page 11 of 11 FirstFirst ...
9
10
11
  1. #201
    How long has this compromise been in place? How many accounts have been compromised because of this neglect of Blizzard Entertainment?

    Back in August of last year my account was hacked while being inactive for 6 months. I immediately got my account unbanned and noticed there was no time on my account which would make it impossible for someone to log in. Blizzard INSISTED that my end was compromised and not theirs. Regardless of the fact that my Mac, that I play on, is clean of any viruses and I use WPA2 Enterprise wireless security at home. After sending them pictures of my account being logged in after it was banned and calling them multiple times the only thing I would get is the generic "It's your fault" response. Any who this entire ordeal took a month to fix, due to some problem with our Guild Bank being inaccessible to everyone in the guild.

  2. #202
    Quote Originally Posted by Pyridoxine View Post
    How long has this compromise been in place? How many accounts have been compromised because of this neglect of Blizzard Entertainment?

    Back in August of last year my account was hacked while being inactive for 6 months. I immediately got my account unbanned and noticed there was no time on my account which would make it impossible for someone to log in. Blizzard INSISTED that my end was compromised and not theirs. Regardless of the fact that my Mac, that I play on, is clean of any viruses and I use WPA2 Enterprise wireless security at home. After sending them pictures of my account being logged in after it was banned and calling them multiple times the only thing I would get is the generic "It's your fault" response. Any who this entire ordeal took a month to fix, due to some problem with our Guild Bank being inaccessible to everyone in the guild.
    Did you have a authenticator, key loggers can show up as a spybot and not a virus so virus scanners wont see it, wireless security is easily hackable by anyone with linux knowledge, do you use your computers internal firewall, what are the ports.........i can keep going if you want? :P there are many different ways to get into your account an yes sometimes they will add time to your account that has been offline for any amount of time, whats 13 dollars to someone that could potentially use your account to make hundreds if not thousands of dollars.
    They dont care what your level is or how long you have been playing (or haven't) its all about the account.

    Macs ar good against potential threats but there not invulnerable http://arstechnica.com/apple/2012/04...ssword-needed/ Took apple 2? weeks to fix that PC's were patched over night.

    Also some virus scanners just plain suck an dont catch everything so it could come down to what software you use.
    Last edited by Bahska; 2012-08-10 at 06:28 PM.

  3. #203
    I had someone use my paypal account within days of the Sony breach. Best thing you can do is just monitor your bank accounts and credit card charges. When that happened I set up mobile alerts, they text you when there's activity on your account. (You can choose which activity is important enough to send an alert for.)

    If your credit card information was stolen, you might want to request a new card from your bank. You are usually given one free new card per year, and this doesn't happen that often anyway.

  4. #204
    I'm a little shocked because I just saw this on the BBC website and it's well down the MMO-C front page. Blizzard are just advertising this as a "Security Update"???? (I would think that they would be a bit more robust than that....)

    Just checked my 2 email accounts and NO warning email from Blizzard at all, but I do have 19 phishing emails already from Blizzard-Entertainment and D3 Online \lol.

  5. #205
    Quote Originally Posted by Axxy View Post
    I'm a little shocked because I just saw this on the BBC website and it's well down the MMO-C front page. Blizzard are just advertising this as a "Security Update"???? (I would think that they would be a bit more robust than that....)

    Just checked my 2 email accounts and NO warning email from Blizzard at all, but I do have 19 phishing emails already from Blizzard-Entertainment and D3 Online \lol.
    If you had been here the same day this news post was put up then you would have seen it at the top. Stop drinking the conspiracy kool-aid.
    Alayea - Enhance/Resto (Main) Lithala - BM/Surv Gekkani - Disc/Shadow
    Mathrie - Fury/Prot Mayae - Resto/Bal Elita - Frost/Blood
    Chrystie - Frost/Fire Draika - Combat Ioreth - Ret/Prot
    Vexbolt - Demo/Destro Yin - WW

  6. #206
    The Lightbringer Tharkkun's Avatar
    Join Date
    Oct 2008
    Location
    Minnesnowta
    Posts
    3,458
    Quote Originally Posted by Axxy View Post
    I'm a little shocked because I just saw this on the BBC website and it's well down the MMO-C front page. Blizzard are just advertising this as a "Security Update"???? (I would think that they would be a bit more robust than that....)

    Just checked my 2 email accounts and NO warning email from Blizzard at all, but I do have 19 phishing emails already from Blizzard-Entertainment and D3 Online \lol.

    You should change your email address because it's been farmed and sold. It takes a while to make it around so it wouldn't be from the recent compromise which means another website which allows email addresses to be displayed has been hacked.

    ---------- Post added 2012-08-10 at 04:29 PM ----------

    Quote Originally Posted by Klog View Post
    I had someone use my paypal account within days of the Sony breach. Best thing you can do is just monitor your bank accounts and credit card charges. When that happened I set up mobile alerts, they text you when there's activity on your account. (You can choose which activity is important enough to send an alert for.)

    If your credit card information was stolen, you might want to request a new card from your bank. You are usually given one free new card per year, and this doesn't happen that often anyway.
    Sony didn't disclose it for 18 days, not to mention there were public forums talking about how Sony was running an old version of Apache a few months before the break in was made public. What's worse is Sony had a public facing website that was allowed to access the internal network which is very bad and it most likely was going on for months.

    Blizzard stated it was an internal break in which leans towards an employees laptop becoming infected with malware/rootkit. Most malware makes a lot of noise so any decent IDS system would've let them know quickly that someone's laptop has been compromised.

    I work for Oracle and we are notified within a few hours of a compromise. If I start up a P2P client, I'll get called at my desk in 30 minutes or less.

  7. #207
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:ぺこ
    Posts
    8,172
    Quote Originally Posted by Tharkkun View Post
    Sony didn't disclose it for 18 days
    7 days tyvm.
    Quote Originally Posted by Tharkkun View Post
    Blizzard stated it was an internal break in which leans towards an employees laptop becoming infected with malware/rootkit. Most malware makes a lot of noise so any decent IDS system would've let them know quickly that someone's laptop has been compromised.
    Where was this stated anyways.
    Last edited by Remilia; 2012-08-10 at 11:07 PM.

  8. #208
    Dreadlord MouseD's Avatar
    Join Date
    Oct 2011
    Location
    Local Mouse Hole
    Posts
    978
    Quote Originally Posted by Gourmandises View Post
    Not that authenticators would have helped... they're easy hackable aswell
    The key fob auth is quite damn hard to hack...seeing its not connected to the internet at all.....and there is a very very small window for them to even try a man in the middle attack...now the auth on mobile phones are more and faster to be hack due to simple fact..most of the new phones that use those apps is connected to the internet.....personally I use the key fob one and think its better then phone app one...seeing cell phones can be broke..stolen...dropped and damaged....so then you can't use it...were as a key fob one you can attack it too your computer and its right there.

  9. #209
    China unaffected............. just sayin

  10. #210
    Blizzard was asking for this by releasing ability to cash out of Diablo 3. Money that is earned in Diablo 3 should not be able to be cashed out for real currency unless blizzard is willing to deal with the same type of cyber criminals that target international banks. Sad thing is that Blizzard's RMAH cuts are Diablo 3's revenue source.

  11. #211
    Quote Originally Posted by Seegtease View Post
    Yeah, Blizzard, and any other major companies who have been hacked are obviously full of incompetent fools, since they got hacked. They certainly don't have any training in network security. Blizzard should have had a drool cup.

    But since you seem to be the pro when it comes to this, why don't you get a job there and fix their systems so they will never get hacked again? I'm sure they'd pay you well. Oh, you couldn't? That's a shame.
    This is where reading comprehension comes in handy. I never said anything about Blizzard's own systems. I said if you can't secure YOUR OWN computer, you're an idiot. Which is why they offer authenticators. Most of the wow population is a drooling mass of stupid, much like you for failing to recognize a simple observation.

  12. #212
    Quote Originally Posted by Bahska View Post
    Did you have a authenticator, key loggers can show up as a spybot and not a virus so virus scanners wont see it, wireless security is easily hackable by anyone with linux knowledge, do you use your computers internal firewall, what are the ports.........i can keep going if you want? :P there are many different ways to get into your account an yes sometimes they will add time to your account that has been offline for any amount of time, whats 13 dollars to someone that could potentially use your account to make hundreds if not thousands of dollars.
    They dont care what your level is or how long you have been playing (or haven't) its all about the account.

    Macs ar good against potential threats but there not invulnerable Took apple 2? weeks to fix that PC's were patched over night.

    Also some virus scanners just plain suck an dont catch everything so it could come down to what software you use.
    No. I did not have an authenticator. At the time when I was playing I had the mobile authenticator on my iPhone. However seeing as I do iOS development and I'm constantly installing beta firmwares from Apple I de-authorized my mobile authenticator from my phone when I stopped playing. Spybot is a piece of software for Windows I think you mean Spywear. As for Spywear I only used my Mac to play WoW and to program using XCode. I also used Google Chrome to browse the web, to which at the time no one was able to get out of chrome's sandbox and install something on the local computer. (That didn't happen till March of this year.) All of my ports were and still blocked on my router and also on my computer's firewall. My Battle.net password consisted of a 16 character randomly generated password consisting on different case letters, numbers, and symbols. (This has been bumped to 27 characters.) This password was also only used for Battle.net. The anti-virus I use is ClamXAV, the Mac OS X port of the ever so popular ClamAV which is used on many Unix/Linux based server around the world. It's also worth noting that I've had my WoW account since vanilla (November of 2005) and my account was never once hacked since this incident.

    Also you don't find it strange that my account was 'hacked' without any time being added to the account? (My WoW Characters were cleaned of all their items and the guild bank emptied so they must have been able to login to WoW with no gametime added. [Wish I knew how to do that.]) You don't find it strange that my character was logged into after hours of being banned? (I have a screenshot of this from a friend that noticed and brought it to my attention.) How about my account being so screwed up that no one in my guild could access the guild bank and it took Blizzard a month to fix this issue, even after having 3 different GMs took control of my character and tried it out for themselves? (Literally no one could access the guild bank when you right clicked on it nothing showed up.)
    Last edited by Pyridoxine; 2012-08-11 at 01:11 PM.

  13. #213
    Titan Nerraw's Avatar
    Join Date
    Jun 2010
    Location
    Denmark
    Posts
    11,521
    Quote Originally Posted by sirgenesis View Post
    China unaffected............. just sayin
    As stated several times, the Chinese servers are run by a 3rd party.
    Quote Originally Posted by Erin View Post
    I only saw a few minutes of it but it looked slicker than a lubed up olympic swimmer fleeing from a shark.

  14. #214
    Quote Originally Posted by Coldhearth View Post
    This is where reading comprehension comes in handy. I never said anything about Blizzard's own systems. I said if you can't secure YOUR OWN computer, you're an idiot. Which is why they offer authenticators. Most of the wow population is a drooling mass of stupid, much like you for failing to recognize a simple observation.
    If Blizzard can be hacked, you can be hacked. I'd imagine their systems are more secure than yours.

  15. #215
    Gotta hand it to Blizzard. They really have the sheep snowed on this one.

    Response to SOE being hacked: It's SOEs fault. People leaving SOE in droves.
    Reponse to other Battle.net users getting hacked: It's your fault. Not Blizzards. Get an authenticator. Use a unique password. Use a unique email. Don't download addons from untrusted websites. Don't click on links in phishing emails. Always verify the web address before entering your information.
    Response to Blizzard being hacked: It's not Blizzards fault. This type of thing is inevitable.

    lol

    ‘SRP’ Won’t Protect Blizzard’s Stolen Passwords
    Last edited by Kaeleena; 2012-08-11 at 06:03 PM.
    Vanilla WoW was a diamond in the rough. Burning Crusade cleared the rough away and polished that diamond up. During Lich King, that diamond cracked from being over polished and in Cataclysm that diamond was replaced with a cubic zirconia.


  16. #216
    Quote Originally Posted by Pyridoxine View Post
    No. I did not have an authenticator. At the time when I was playing I had the mobile authenticator on my iPhone. However seeing as I do iOS development and I'm constantly installing beta firmwares from Apple I de-authorized my mobile authenticator from my phone when I stopped playing. Spybot is a piece of software for Windows I think you mean Spywear. As for Spywear I only used my Mac to play WoW and to program using XCode. I also used Google Chrome to browse the web, to which at the time no one was able to get out of chrome's sandbox and install something on the local computer. (That didn't happen till March of this year.) All of my ports were and still blocked on my router and also on my computer's firewall. My Battle.net password consisted of a 16 character randomly generated password consisting on different case letters, numbers, and symbols. (This has been bumped to 27 characters.) This password was also only used for Battle.net. The anti-virus I use is ClamXAV, the Mac OS X port of the ever so popular ClamAV which is used on many Unix/Linux based server around the world. It's also worth noting that I've had my WoW account since vanilla (November of 2005) and my account was never once hacked since this incident.
    It's a common misconception that you can only be hacked by something that was on your computer. Some people become compromised because they use the same user name and password on different sites, and then those sites become compromised and your account information is gained without anything ever getting on your computer. They then have access to your email, and then reset the Battle.net password.

    Also, using random letters, numbers and symbols doesn't prevent programs from brute forcing the password. In fact, random letter/number strings are easier for it to break. Using a string of common words is actually much more effective to prevent brute force attempts. See readwriteweb<dot>com/enterprise/2011/01/why-using-2-or-3-simple-words.php

    Most account information isn't obtained through brute force methods though, afaik. They are gained because people use the same information for every other account, and/or infected computers.

    Also you don't find it strange that my account was 'hacked' without any time being added to the account? (My WoW Characters were cleaned of all their items and the guild bank emptied so they must have been able to login to WoW with no gametime added. [Wish I knew how to do that.]) You don't find it strange that my character was logged into after hours of being banned? (I have a screenshot of this from a friend that noticed and brought it to my attention.)
    Not sure how you would know if game time was added or not. Most of the time, game time is added exploitively with fraudulent game time cards, which then are removed once they are determined to be fraudulent. However, in between that time, a player's account is compromised.

    How about my account being so screwed up that no one in my guild could access the guild bank and it took Blizzard a month to fix this issue, even after having 3 different GMs took control of my character and tried it out for themselves? (Literally no one could access the guild bank when you right clicked on it nothing showed up.)
    That doesn't sound related to the compromise at all actually. Many guilds have had similar issues unrelated to a compromise. It seems to be more of a guild UI issue.

    All a hacker would do is take the contents of the guild and leave as quickly as possible.

  17. #217
    The Lightbringer Tharkkun's Avatar
    Join Date
    Oct 2008
    Location
    Minnesnowta
    Posts
    3,458
    Quote Originally Posted by Remilia View Post
    7 days tyvm.
    Where was this stated anyways.
    Blizzard said it was an internal compromise. That would indicate an external, customer facing website wasn't compromised. Internal hacks are usually caused by malware/rootkits unless some yahoo walked into the building with a laptop. Which could have happened but I highly doubt it.

  18. #218
    Moderator Remilia's Avatar
    Join Date
    Apr 2011
    Location
    Avatar:ぺこ
    Posts
    8,172
    Quote Originally Posted by Tharkkun View Post
    Blizzard said it was an internal compromise. That would indicate an external, customer facing website wasn't compromised. Internal hacks are usually caused by malware/rootkits unless some yahoo walked into the building with a laptop. Which could have happened but I highly doubt it.
    Where was this piece of information stated.
    As in, where did you hear this, or where did blizzard state this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •