You should re-read. All they need to do is crack the pass words right now to gain access. It says right in the statement the north american bnet authenticators on smart phones *may* have been compromised. Read as: was. Company like blizzard does nothing off the cuff, they had 5 days to prepare this statement, it's laced with policy and politicking.
A few days from now it wont matter though, since a software update will fix it, i doubt they will be able to crack the scrambled pass words between now and then.
Reading between the lines is hard.
Signature Nazi's suck.
Always adorable when people who haven't a clue about something try to make it out otherwise. FYI, authenticators are extremely difficult and time consuming to hack, and the only known "hack" requires a great deal of timing and far more information than an ordinary account would. It usually just isn't worth the effort, and it's not like someone can target your account and go "herp derp, he has nice stuff, I want to hack his authenticated account". It's an EXTREMELY specific and unlikely series of events that has to transpire, with you giving the hackers the exact info they require to do the hack, before it's even possible for them to do.
Last edited by Throrion; 2012-08-09 at 10:54 PM.
This is my signature. You will now remember me.
Look at it this way, they didn't get passwords from the blizz hack, but they did get authenticator info. Back during the D3 Hack craze farmers openly admitted they hacked fan sites to get login details for thousands of accounts without authenticators.... well guess what, now it's thousands with authenticators who used the same password in both and are at risk.
It would be Illegal for Blizzard to hide information like that. It is their JOB to let you know if anything like that happened.
However on-topic.
It was bound to happen. Xbox,PSN and the Millions of other web-sites,communities that were hacked. It was only a matter of time until someone targetted Blizzard.
A shame they told us about this a week later after it happened, Right away would have been nice.
If you read the line
And translate it toWith regard to Mobile Authenticators, information was taken that could potentially compromise the integrity of North American Mobile Authenticators.
Then I believe you will find a remarkably large number of interesting theories about the "truth" of the world out on the internet. This is the kind of selective and intentional misinterpretation that is responsible for every conspiracy theory out there.All authenticators are now useless but Blizzard doesn't want to say it and we have to "read between the lines".
Now Blizzard should realize that case-sensitive passwords is a must.
GG for making us use email as user names and then not encrypting those with the passwords, that's an hour or two I won't get payed for changing my game mail.
So on the server "terenas", there was a guy selling Reins of the Crimson Deathcharger x 5.....i'm just wondering if it was something he got from blizzard during this security breach? and whoever buys them, will they get banned?
I can answer this question with a high degree of confidence.
Reused passwords from a breach in another service was used to access an account on Blizzard.
Access into the admin systems were gained, and seed information for the authenticators was stored there and accessed as well.
This was most likely not a 'hack' per se, but rather that one (or multiple) employees were simply insecure and the system was breached through the front door.
This is more worrysome to the Diablo 3 players who have their Paypal info attached to their battle.net.
They got access to our email, security answer, and for those using a mobile authenticator, the serial #.....
Thank you Blizz for being upfront and informative, most of us really do appreciate it
Meh. If they thought Credit Cards had been breached they'd be on the horn with all the banks right now saying "these are the cards that have been compromised, issue new cards."
In fact, when another website I did business with got hacked a couple years ago that's exactly what happened. Bank of America sent me a new card without me even knowing something had happened.