Slashdot Mirror
Blizzard Says Battle.Net Has Been Hacked
An anonymous reader writes "Blizzard announced today that its Battle.net service was compromised. The company is urging users to change their login information immediately. Blizzard is stressing that payment information was not compromised. 'The unauthorized access included email addresses associated with Battle.net accounts in all regions, outside of China. Additional information from accounts associated with the North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) was also accessed, including cryptographically scrambled versions of passwords (not actual passwords), the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators. It's important to note that at this time, Blizzard does not believe this information alone is enough to gain access to Battle.net accounts.'"
Thanks for your always-online requirement for Diablo 3! So very useful if I want to play alone.
Can I please have my single player offline games back?
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
I'm going to go out on a glass-half-empty limb here and say that means encrypted, not salted and hashed. "Cryptographically Scrambled" is too obviously ambiguous. I hope I'm wrong!
So the hashed passwords were or we're not salted?
Since I''m over 25 and work for a living, this does not effect me.
If you want news from today, you have to come back tomorrow.
and removing my CC (oh, wait, I already did that).
This is going to be bigger than the Sony breach
How much is your data worth? Back it up now.
If they got my passwords now, I dont care. After the hassles i have had with D3 from day 1 I dont even care anymore,
have you seen my sig? there are many others like it but none that are the same
Nothing on battle.net, blizzard.com or any other location but marketwatch. Link in the article goes to a non-existant page on blizzard.com. Not saying shenanigans just yet, but some real information would be nice.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
meet me.
I have a maxed out Mage on Rexar that hasn't yet been hacked, BUT I do agree w/ you. Everyone 'else' I know has had their accounts just trashed.
Naked Gnomes everywhere...
How much is your data worth? Back it up now.
When my account got hacked, it was the final straw that led me to quit WoW. All signs pointed to it being an inside job. I had a dedicated (hard) password for the site, I had not visited any questionable websites, and I hadn't installed any addons in months.
Whoever hacked it had a seriously weird sense of priorities too. They had sold the starting gear off my level 1 bank alt types and mailed off the money (at a loss!) but hadn't bothered to strip my midrange characters. They used my level 85 main character with bot-aided speedruns through Karazhan. Ironically, when I regained control of my character, I had a ton of gold from their most recent run. I donated it all to my guild and quit the next day. Since I was an officer, they'd looted that too - but since it was a casual guild the gold they got me easily replaced any items in there we'd cared about.
<Complete your profile by adding a signature!>
My account keeps being hacked*, despite the fact I don't login, have no real interest in playing the games, change it to random passwords even I don't remember, run linux day to day, and have it associated to a gmail account which hasn't had any suspicious activity. I've tried to reason with them, but they refuse to listen. I've come to the conlusion that Blizzard are incompetant in this area.
* I've never seen any proof of my account being hacked besides their e-mails telling me and locking my account. I managed to get them unlocked the first few times, my characters still has all items and gold I remember. Now they want me to fax a passport or some 'real identification'. I honestly don't want the games that bad, I'm just annoyed they're taking them off me.
Technically I'm working from home today, but I guess good security dictates I log into WoW to change my password and check for any foul play.
They didn't get billing information and can easily revert any accounts that get messed up.
Once a Battle.net account is created, the first name, last name and security question can not be changed. Since these questions are now compromised, everyone is SOL.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Blizzard is now going to give us free stuff so we don't fret about this.
Please let it be mount swag. That'll be awesome. I guess I'd better buy a subscription card tomorrow.
Word choice? Dwarfed!
That's a sign I tell you!
Same WoW password since 2004, never been hacked once. I might not even change it after this because , frankly, i dont care.
Good-bye
Have the fully removed any backdoor? hopefully they've taken huge steps to ensure that now password changes cannot be intercepted before the encryption process :)
Of the 56 unique players in my guild when we quit, only 2 had ever been hacked. We've certainly had people who were hacked off and on over time, (and most of them left the guild) but once they brought in authenticators it was pretty rare for people to get hacked. Even before that, you usually had to do something stupid to get your account hacked.
The most common culprits for it were from re-using passwords (especially on WoW fansites, because duh...) and people buying gold. Then there was the usual keyloggers and so on.
I've suspected that the battle.net network has been compromised for a long time. I've known way too many people that have had their account compromised for no discernible reason. No, not Trojan or key logged or phished or anything stupid like that. Just straight up compromised. Often, it's someone who's not touched a blizzard game in months or years.. And then out of the blue they get random emails from blizzard indicating some sort of acct activity has occurred, or they've been banned for something.
I wager there's a hole somewhere in the network that allows bad parties to get a hold of enough details to compromise certain accounts. .. Actually, I bet it's an inside job. Given the lucrative nature of blizzard accounts (Well, maybe not so recently but at one time hacking for wow gold was considered way more profitable than outright CC fraud) I would not be surprised if someone was taking money in exchange for account DB dumps.
I got hacked back in Vanilla when I was running on a Windows machine. It was a result of a key logger I picked up from the Curse addons site after they were compromised. Since moving back to a Mac for my primary WoW machine I haven't been compromised since. I also avoid using Curse as my primary source of Mods, preferring WoW Interface.
Sara
Designer, Gamer, Macgrrl in an XP World
I seem to recall reading in the Security Question comments how Battle.net's system was excellent. That portion of it may have been, and they seem to be responding well to this, but the timing is interesting.
You are not the customer.
That's actually pretty common when people do get hacked. If you have gold they immediately mail it off and sell it, and then try and bot farm whatever the best gold/hour is. That might be tradeskilling, that might be cash runs through bosses, sort of depended.
My lingering suspicions is that WoW was vulnerable to a session spoof attack at some point, or the usual exploit of a flash vulnerability to get your password, but their systems became overall pretty robust with authenticators added in.
In your case I'd guess a flash vulnerability, possibly a 0 day one, those are much less of a problem today than they were 2 or 3 years ago when browsers weren't well sandboxed etc. etc. But those sorts of things always got a few people.
"Instead, you must break down their pagan altars, smash their sacred pillars, and cut down their Asherah poles." cut down / hack. Same thing. Good job, Mr Bond ;)
As I mentioned below, because i'd forgotten about them, when I typed this flash exploits as well (which of course had keyloggers of various sorts). Strategy videos and all that.
So were the passwords salted or only encrypted? Do we have yet more passwords in the wild?
The use of secret questions are a weak form of password retrieval. Finding someones home town or mothers maiden name is not exactly difficult.
Oh the passwords are cryptographically scrambled? Do they mean hashed or encrypted? I imagine anyone with enough skill to steal all of those accounts knows how to operate a rainbow table. Why not just come clean an tell everyone their passwords are compromised too. Why leave everyone with a nebulous message like "cryptographically scrambled". Are they encrypted? Or did you just hash+salt them? I for one would really like to know!
How does this affect my bnetd server? Oh, that's right Blizzard sued it out of existence and I haven't purchased a blizzard product since then. No worries then, doesn't effect me.
/* TODO: Spawn child process, interest child in technology, have child write a new sig */
Diablo 3 was DOA. It is a hamster-wheel farming game revolving around the auction house with no depth nor creativity.
Summary: It's fun but too easy going through normal, nightmare and hell if you gather a party. Then you hit the inferno act 2 brick wall, and your only hope for punching through that is either the RMAH or something like 100+ hrs into cheese-farming spots like dank cellar (gold) or the ancient path goblin (rares).
I found myself wishing someone else would "play" for a while because the game part peeled away and it was revealed to be a stupid repetitive virtual item farming-trading game. I bought the game mid-May, and haven't touched it past June and don't plan to either. Gonna keep it around for a couple more weeks and then give my login info to the first friend who shows interest when I go back to school for TA'ing in september.
https://dalgamotor.wordpress.com/ - Elektronik beyinlere ozgurluk asisi (Turkish)
Using scrambling rather than cryptography gets around cryptographic export and import restrictions. This is why it was possible to decypt a lot of Windows and Microsoft Word scrambled content, and why Windows NT password recovery tools existed.
Unless you want to lock yourself out of most Asian countries where videogaming comes close to a religion, and is therefore worth gobs of money, you will not build something which violates their import restrictions. See also:
http://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography#Status_by_country
Last week my friend has his D3 account hacked, and they treated him as if it was his fault! What a bunch of assholes. Get your shit together Blizzard!
Their shit IS your shit, and being all together is actually the problem; Both in terms of security and bandwidth bottlenecks...
Only if Blizz takes down Battle.net for a month....
Oh man, I think I created an account for Starcraft I. Do you suppose it's still active? I doubt I can remember what password I used all those years ago, or what email address I might have had at the time.
Store password hashes in the database, but the answer to a security question, which enables resetting the password, in plain text. Cool story Blizzard
CLI paste? paste.pr0.tips!
My account keeps being hacked*, despite the fact I don't login, have no real interest in playing the games, change it to random passwords even I don't remember, run linux day to day, and have it associated to a gmail account which hasn't had any suspicious activity. I've tried to reason with them, but they refuse to listen. I've come to the conlusion that Blizzard are incompetant in this area.
* I've never seen any proof of my account being hacked besides their e-mails telling me and locking my account. I managed to get them unlocked the first few times, my characters still has all items and gold I remember. Now they want me to fax a passport or some 'real identification'. I honestly don't want the games that bad, I'm just annoyed they're taking them off me.
If I had mod points I'd vote this up.
My battle.net / wow account was fine for years. Never had a problem. Then I installed StarCraft2 and its updates. A day later I get a legitimate e-mail from Blizzard telling me my account had been used to spam the chat channels on wow. Changed my password, and started using their iPhone authenticator app. Nothing from any of my characters was missing. Not a single thing.
When it comes to security I don't think Blizzard knows what it is doing.
Authenticator! Oh yea it is free, if you have a smart phone.
When sony got hacked everyone and I mean everyone could not spewing unadulterate bile and hatred at sony for getting hacked and it went on for a year where no one couldnt post something without acting like a immature, bratty, uninformed child. Dozens of companies were hacked and now blizzard is but no one is pissed off.
well, I have an authenticator and several maxxed toons, but I had the mobile auth beforehand. Figured it was a good idea and my WoW account has never been hacked, but my gmail certainly has.
You could also try running a decent antivirus.
Real links here: http://us.blizzard.com/en-us/securityupdate.html
http://sea.battle.net/support/en/article/important-security-update-faq
The important thing to note is that the passwords were encrypted with Secure Remote Password protocol, meaning that Rainbow Tables are ineffective since each password is individually encrypted instead of using a common hash. Also, the process is CPU expensive so brute forcing is highly unfeasiable for reasonably length passwords.
Before I got an auth'er, I once logged into the armory app on my iPhone over an insecure wireless. Yeah, stupid, I know. My account was compromised shortly after. A couple weeks later, I got it back, intact to the way it was before the hack.
Now, I have a password I don't use anywhere else, a mobile auth'er (that I changed the serial number on after I read about this breach), and I have it set to *always* require the auth'er to log in. Now that whatever mobile auth'er info they got regarding my account is useless, I should be relatively okay.
Your "friend" is likely an idiot who has a key-logged, malware-ridden machine. 99.99% of the time, what someone calls "hacking" is nothing more than poor personal security on their own machine.
Cancelling your email, what? If it uses the same pass then change it, otherwise you don't even worry.
Hey... wow - at least it was just a list of linux hacks / exploits.
If it had been a list of windows hacks / exploits, it would have been at least a thousand times longer and slashdot would have run out of disk space and bandwidth to host it all!!!
Thanks for playing Shill!!
There is a ton of stupid SHIT being posted here on the slashdot comments. I don't blame the commenters one bit, thought. Why? Because the article was a regurgitated rehashed pile of shit in comparison to the actual Blizzard press release... which was really hard to find, ya'know, being the top post on Blizzard.com after all... A very key detail, the usage of SRP, is completely missed by the article, which is leading to the majority of the confusion here and elsewhere.
http://us.blizzard.com/en-us/securityupdate.html
Well it probably wasn't their Fault. A few accounts hackers have admitted to hacking fan sites and getting usernames and passwords from there, and trying them against battle.net, quite a few people use the same logon details.. and account hacked. Not Defending them what has happened (according to this article), But alot of people are blaming blizzard for hacked accounts that had nothing to do with Blizzard. They have really F'd up big time with D3, but account hacking issues up to now haven't been because of them.
I know I am replying to a troll, though I am not actually expecting any kind of sane reply from him, I'm rather replying to his post so that other users would notice the obvious flaw here.
The thing is, if the hack does not actually use any of the OS-specific features to gain access to privileged data then the OS is wholly irrelevant. All the hacks and attacks mentioned by the troll have been because of faults on the Internet-facing software that runs on top of the OS and would've happened just the same if the software was running on *BSD, OSX or Windows. Operating systems simply cannot protect against stupid people or faulty software, that is merely a pipedream. As an example if there is a bug in your latest Windows-based MMORPG that lets attackers gain access to your data do you blame Windows or do you blame the MMORPG for the failure? I sure would opt for the latter. With that in mind the troll in question here is simply trying to associate bugs in 3rd-party software with the OS, shifting blame from one party to another.
Trading 40 SoJs!
My account had a max level character in every slot of my main server. Never got hacked.
Next theory.
I don't think you've realized the magnitude of his insanity or trolling... the smoking crater from his last post here.
As I said, I don't expect any sane reply from him. In fact, I'm not expecting a reply at all. I merely wanted the...um, "less attentive" commenters not to fall prey to his obvious attempts, other than that I don't care who he is or what he has posted before.
I played from release day until last year. My account was never hacked.
I use noscript and, when I could get one, an authenticator. I also don't use the same email address for my battle.net authentication as I did for other WoW forums, so phishing was even easier to identify.
It doesn't hurt to be nice.
Actually depending on what the hackers do, changing your password might actually make things worse[1]... Plus Blizzard don't seem to have figured out the details of the hack, so why waste time creating an uberstrong password if they could get hacked again?
BUT if you happen to use the same password in other sites/services, change it at those places.
[1] They might then get the plaintext of your password instead of the "scrambled" version.
why does everyone cry about not having single player? seems like the stuck up little rich kids that daddy always bought them what they wanted, now they cant play single player so keep crysing. WELL BOO FUCKING HOO YOU LITTLE BITCHES harden up! it was designed like that for a reason and it was a good feature!
OP might be meaning something else, but I own my own email domain, and set up an address for basically anything, having it go to a catch-all. Over the years, my warhammer@, lotro@, sony@, and now bnet@ emails are being redirected to /dev/null, because they're all in (or going to be in) the hands of spammers galore.
The flash exploit I believe. My ex had terrible securith with her gaming Vista laptop. I was more ignorant back then too with security issues as I have not worked in a pc shop yet and seen the machines coming in and the steps people took. I thought AV software was a waste too as I do not visit bad sites on this machines etc. I was quite stupid.
Nowdays I am so paranoid I tend to avoid firefox because it has no sandboxing, use flash that updates automatically, use Chrome which does it for me and has double sandboxing, am very serious with a good AV package and also run Malware bytes.
My kids run ancient java still probably on the old desktop out of my control to run minecraft and I shudder. I thought it was safe back then too in 2009/10. GOD. Windows 7 thankfully is much more secure as well as the steps I now take.
But still mac users back then were getting hacked and the ones who had access to the guild vault were always hacked. hmmm .... sorry something is up with that.
http://saveie6.com/
How many paying customers see other people getting it for free and decide they also no longer want to pay?
Proof of this behavior? Walking through a red light, once one person does it, others follow.
Guarding against theft is not just to stop active thiefs, it is also a way to keep non-thieves from turning to thieving.
Proof with regards to copyright infringement?
Whenever a story runs in the main stream media on thepiratebay or napster or whatever, every geek gets asked by non-geeks how they can get in on the action.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I loled
fuck blizzard! nothing else to say
It is a console game first of all. Console games do not have depth or replay value, rather they have difficulty levels that are locked forcing replay.
And Diablo has ALWAYS been a repetitive dungeon crawler/hack&slash game. That is what it is. And the only way to increase difficulty without improving AI is to add more monsters with more hit points and more resists and this creates the brick wall then your "skill" level is reached.
My advice for Diablo? Play it once, just like other games. Then STOP.
There are people who play Final Fantasy games to max everything or speed run RPG's and for THOSE people there is Inferno. They don't "play" a game for story or novelty, they play to get REALLY good at doing the exact same thing over and over again. If by some miracle of scripting a game company made every boss unique on every play through, these people would be REALLY upset. It stops them from using skillX at 3904872 HP followed by Y and Z in 2.322334 seconds.
Basically, the above poster is complaining that a porn movie gets a bit repetitive after the 100th play through. DUH!
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I've been getting targeted phishing emails for years now at my Battle.net's email account. Although I can see that WoW and Diablo had enough users that simply emailing people at random could be enough, I strongly suspect Blizzard has been compromised for a lot longer than they let on. At least my Authenticator still works.
With most hacks, the application gets hacked and the attacker gets access to whatever users privileges the application is running as. That user usually is an administrator when you're on windows, or it has access to local exploits that target administrator or system accounts. On linux, chances that someone gets root after compromising an application are smaller, or require more manual work at least. That makes the OS safer, but as you said, the chance to get hacked is just as big. Mind you, the OS is safer against automated attacks and script kiddies. Someone that really wants to get in and knows what they are doing, often can still find a privilege escalation.
I was promised a flying car. Where is my flying car?
You challenge has been answered, possibly here http://ask.slashdot.org/comments.pl?sid=3035653&cid=40926387 or maybe even over here http://science.slashdot.org/comments.pl?sid=3024445&cid=40867985. Some assembly may be required. No individual post is guaranteed to satisfy your desires, your mileage may vary.
I went to Battle.net to change my account password. I use KeyPassX to generate reasonably safe password. I can remember each generated password but that is fine, I usually copy/paste them. Oddly enough, Battle.net doesn't allow you to copy/paste passwords when you change them (not in the old password input, nor the new one).
Hacking WoW accounts is Prime Directive #4 of stuxnet.
Not really related to this article but... I'm inclined to believe that Blizzard on purpose tags some accounts as compromised to promote the one-time password authenticators...
I'm pretty sure that my computer is free of malwares since if it wasn't, my wow account would be the least of my problems. It happens that once, and only once, I was going to log in my account and it had been blocked. Of course they blamed on the existence of malware on my computer to what I just nodded my head and said 'ya,ya just give me access again kthxbai'.
I'm pretty sure they should have some protections against brute-forcing a password, but that was pretty much the only way they could have figured my account's password. To make sure, I generated an even longer random password and haven't been hacked on my WoW account ever since. Weird?
If I had a malware, I should have been by now... no?
I mean malwares don't magically disappear, do they?
Because, you know, that game takes longer than 5-20 minutes to play. Heck, it takes more than a few hours to play.
Alternatively, you can not bother playing Warcraft 1, not ask how to play Warcraft 1 and shut the fuck up when someone answers what they THOUGHT was a genuine question.
Because people have jobs and they don't want to spend their time helping assholes like you.
Especially those of us who have taken a break from Blizzard games?
No one I no of nor I have received any notification about this breech. It is not like they don't have my email address.
As for the part about credit card information, I can believe them for one reason. A while back we had an account deleted per our request because we wanted no CC information stored with any game company. Well we had to have the account deleted and you do that through an email to the Blizzard privacy group.
Guess what, they delete the account and all related information EXCEPT for the credit card. How did we know? Because we got billed on it six months later by Blizzard.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
This used to be true, but an increasingly popular means of compromising accounts involves using social engineering techniques not on the end user, but on the host company's support staff. Look around a bit and you'll find some shocking examples of how easily certain companies *cough* MS Xbox Live *cough* have been giving their support staff protocols which make it trivial for scumbags to compromise individual accounts via phone-call while knowing nothing more than a username.
But I agree that "hacking" is the wrong word in 99% of cases. If an account's compromised through a Sony style breach, that's "hacking". In other cases, it's best to use a different term.
Frankly its about time the credit card companies \ bank sorted themselves out. What we need is a number that can be given out but links to one merchant only. So if these numbers are retrieved by a third party damage is limited as they can only be used on the original site, and it would be trivial to revoke them when the intrusion was discovered. Unlike right now as when you discover someone might have your cc information, you have to cancel the card, wait for the new one to be issued and re-enter the new information into all the other sites.
The same goes for bank details. When we need to transfer cash electronically from one person to another, why not give us 'deposit only' details to give out?
I know the banking sector moves at a snails pace on things like this, but seriously, how hard can it be?
Blatant Advert: Android Apps!
I hade the same problems, it turned out that when you login from different locations this mechanism will be triggered...it has nothing to do with your account really being hacked. The only way to stop it is by using an Authenticator for the battle.net account...changing the security question is not possible (at least not according to the Blizzard hotline). I never saved my answer and had a long argument on the Blizzard hotline, which resulted in them sending me the random answer I had given when I opened my account a couple of years ago.
So:
- security questions answer is saved in plain text
- you cannot change it
- you have to use it to be able to login to play your games (or use an Authenticator -- which either costs money or you need to use your phone)
On a side note...why does anyone still rely on security questions? They have proven to be insecure by design time and time again.
As a long-term Blizzard customer, I am outraged; to have this news delivered through third party.
No notification came from Blizzard thru e-mail. Cool way to support your customers..
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
"For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed."
What about European servers?
They've sunk to new lows and are sinking their own ship http://science.slashdot.org/comments.pl?sid=3024445&cid=40887471
Post facts Penguins can't take that makes them look stupid and they react like the bitches they are with unjustified bad down moderations.
http://science.slashdot.org/comments.pl?sid=3024445&cid=40870249 .
* One of your own even says how it's done, & it's NO BIG TRICK to do the following here on /. to cheat the moderation system (I caught tomhudson = Barbara, not Barbie admitting to it (they're the same person)):
---
1.) Downmoderate using one of many sockpuppet alternate registered 'luser' accounts with mod points collected up (easily done by "pandering" to group think & modding one's Self (or should I say, SELVES, lol) up.
2.) Logout to preserve the cookie state & karma of said multiple sockpuppet accounts
3.) Troll, harass, & stalk (usually off topic with ad hominem attacks that are illogical in & of themselves) by ac posts
4.) Login to other sockpuppet alternative 'luser' accounts with mod points collected up, then upmoderate your own posts.
---
* The link above has "one of your own" illustrating how & why it's done... nuff said, & I didn't even do the saying of it!
APK
P.S.=> You fail, and you must LOVE punishment... especially self-inflicted ones, having to go off topic & worse afterwards (like unjust downmods) - hey, you only did it to yourself... ... apk
I don't think you've realized the magnitude of his insanity or trolling...
I got several replies from him -- none of them actually trying to debunk what I said and most of them trying to argue that because he has gotten modded up before he must therefore be right -- and I see what you meant! :)
You and me both. I didn't even bother getting an authenticator till blizzard so how much gold I had and mailed me one for free.
Forget the password. Are the email addresses and security questions encrypted?
Because with your email, security question and real-life address (assuming you entered real information), they can probably get into your email account (they say they forgot the password, and hey, they know the answer to the security question, so they must be legit), and have a good chance of getting into other accounts like Amazon and Ebay, since most people use the same email address/security question for everything.
Most slashdotters probably know how to protect themselves from this, but I'm sure most bnet users don't even bother.
How do you know your account is getting "hacked"? E-mail notification?
Checking my spam folder I've found that my account gets hacked every couple of days and there's a easy link to verify my identity and login credentials... It seems you don't even need an account to get hacked!
"...the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators..."
Bluntly now they have an email and an sample of your secret question. Given a question of "What is your Mother's Maiden Name" then script kiddies now have your email address and one of your potential secret question responses. WTF wouldn't you hash the answers....
They now have an email address, your phone number, a secret answer response. Christ all might Activision.... way to fuck up. Now ever script kiddie with that data dump is going to spam every major site with those email address and now with at least one potential secret question response... just wow...
-=[ Who Is John Galt? ]=-
And then you have buddy@ and significan_other@, and then it's your birthday and both buddy@ and significan_other@ send you a FREE postcard, and suddenly all your accounts are flooded with spam.... I guess you have all your emails redirected to /dev/null by now.
If you have an android phone get the Google Authenticator also. It's that added wall that makes you feel a little more at ease.
Clearly because you can't read. If you could read then you would have noticed that D3 is in fact a multiplayer ONLINE game with an option to not play with other people.
The chance it was in fact your friends fault is still very high. Blizzard hasn't given a date span as to how long ago this occurred so you can't say your friend is a perfect little saint just yet.
And now...my email is full of suspicious "Blizzard Entertainmen" emails demanding that I verify my information via their 'link' or my account will be banned...FOREVER! I think the Phishing emails are the worse and now it just got worse.
Posting this under an article about Battle.net being compromised borders on idiocy. Insightful idiocy nonetheless, which speaks volumes about this site's moderation.
Can anyone get a clear picture on what has actually been hacked?
Is it the Battle.net website (and fora)?
Is it the old Battle.net (WarIII and earlier)? Which realms?
Is it the newfangled Battle.net for Wow, SC2 and D3? (Does that have realms?)
What we need is a number that can be given out but links to one merchant only. So if these numbers are retrieved by a third party damage is limited as they can only be used on the original site, and it would be trivial to revoke them when the intrusion was discovered.
I know everyone hates on Bank of America, but they have exactly that. It's the main reason I didn't cancel my account there (during all of the other recent issues they've had) - the ShopSafe system they have for their CCs is pretty amazing. You generate a new CC# for online purchases. Once it has been used once, it's linked to that merchant, and will fail if any other merchant attempts to use it (which can be a bit of a hassle on occasion -- Amazon is not the same as Amazon Kindle is not the same as Amazon Marketplace, even if all of those are in a single account system from my perspective -- also fails if the merchant ever randomly changes their listed name or accounts on their end).
I won't defend anything else they may or may not do, since I barely touch most of their services, but as a basic direct-deposit-account-and-credit-card service they've been pretty good for me and the ShopSafe option is pretty cool (and likely patented or something which would explain no other institution managing to do it).
~Anguirel (lit. Living Star-Iron)
QA: The art of telling someone that their baby is ugly without getting punched.
Sounds about right! So it can be used for subscriptions, etc? Are listening First Direct?!
Blatant Advert: Android Apps!
APK shuts the trolls up with facts. Works every time.
Uberstrong password? You CAN'T set an uberstrong password! Case insensitive, alphanumeric only, 16 characters max. It's like requiring that a bank vault be secured with a sturdy rope.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I did get an email about it. But the spam filtering couldn't distinguish between a legitimate email from blizzard and those other emails about either the fact that I have been selling my account, a free invite to the beta of the next expansion pack, or another phishing email that my account was hacked...
Yes, it can be used for subscriptions (up to a year at a time - you choose how long a given number is valid, between 2 and 12 months). It also has a capped amount of cash associated with it (that you set when creating a new number), so even if the site you're buying from isn't on the level, you'd still only be at risk of losing whatever amount you expected to be paying (until fraud protections kick in), rather than suddenly having your card unusable until you can get the charges reversed.
~Anguirel (lit. Living Star-Iron)
QA: The art of telling someone that their baby is ugly without getting punched.
for again displaying just how little concern they have for customer security. security question answers should be... salted... hashed... DUH.
way to go blizzard, you guys are truly a bunch of f*cktards.