Blizzard's Network Hacked

[Strazdas]

PSN has been down for like a week now. looks like some hacker is getting around the gamers life. you know, gaming became so improtant real hackers became interested, this sumemr is kind of a milestone for gaming.

 

[jurnag12]

The untouchable net has been taken, the Stone of Irvine has fallen.

The Dragon has come again.

 

[chadachada123]

So let me get this straight: Blizzard denies to high hell that their game could POSSIBLY have a hole that would allow spoofing, etc to explain the sudden loss of items of some of their users.

And then gets thoroughly hacked themselves.

The irony and misery is delicious and satisfying.

Edit: I see that CriticKitten beat me to it, and did a much more satisfying job explaining it.

Remember back when Blizzard was trying to convince us that turning Diablo 3 into a game that relied heavily on Always-On DRM would make the game more secure from hackers? And remember how they told us that Battle.net was just so secure and that there was no way that hackers could get in and interfere with your gameplay, even as numerous people reported that accounts were being hacked and relieved of items in Diablo 3?

Pepperidge Farm remembers. And so do I.

While I don't normally wish harm upon anyone and I feel very sorry for the poor gamers who has entrusted Blizzard with their information, I have to be honest: Blizzard deserves every last bit of this. They were the ones boldly proclaiming that Diablo 3 was the next step in hacker-free gaming, arrogantly presuming that their Battle.net system could not be hacked, and using the DRM as a platform to make more money through the Auction House. This is what kills good studios: steps towards money and away from quality.

Turn back now, Blizzard. You're going down a path that leads to EA-ism: a blind focus on corporate interests and money-making over quality assurance and putting care into your products. Once you start down the dark path, forever will it dominate your destiny!

 

[chadachada123]

This is why we can't have nice things.
Blizzard fan or not, I don't see why those selfish hackers have to ruin things so much for others.

The goal in the end is to make money. Perhaps they didn't quite get far enough to do so this time but that is the ultimate drive. Even hackers cannot resist the benefits of capitalism.
When's the last time you ever seen a virus simply try to be nuisance and cripple a machine instead of stealing and spying? Capitalism it works, for hackers too!

Err...not really. Some hackers are in it to make money, absolutely, and most significant attacks like the one on Sony certainly are rooted in money, but a huge number of them are only in it for the sport, to test their abilities, etc.

Same with piracy. The actual crackers don't give a damn about money, it's all about the challenge.

Edit: In this case, it's a toss-up as to whether these hackers were looking to repeat Sony's problem or were just in it for sport. My defense was for hackers in general, not specifically this case. Illegal? Yes. Greedy? Not necessarily.

 

[Kopikatsu]

I'm tired of hearing company after company get hacked. If they want us to continue to use credit cards in confidence they need to protect our information!

Like they just left all the info out in the open.

When something like this happens, why does everyone always assume it's the company's fault?

'Cause it's easier to blame something that you can put a face on.

Hackers are...hackers. You don't know where they are, why they're doing it, or how they went about it. Or anything, really.

But a company is just kind of there. Also evil. All companies are evil because stuff.

 

[True_color222]

This is nothing new. Hackers have been getting into my account for a while now despite how many times I change my password.

 

[Ranorak]

This is why we can't have nice things.
Blizzard fan or not, I don't see why those selfish hackers have to ruin things so much for others.

The goal in the end is to make money. Perhaps they didn't quite get far enough to do so this time but that is the ultimate drive. Even hackers cannot resist the benefits of capitalism.
When's the last time you ever seen a virus simply try to be nuisance and cripple a machine instead of stealing and spying? Capitalism it works, for hackers too!

Sadly, I know WHY they do it.
It's just hard for me to understand you could ruin so many people's enjoyment for some selfish gain.

 

[xptn40S]

And this is why I think that companies should never claim to have a hack-proof service, because some douchebag-hackers will just take that as a challenge.

I'm just glad that this hasn't affected the European servers as well, the article almost had me worried for a bit.

 

[Zetatrain]

I haven't played WoW for nearly a year now so I really don't are about my Warcraft account. However, the last time my WoW account got hacked the hacker changed the password to my email address and that caused a lot of problems for me. Suffice to say, I've already changed my password.

 

[Nemu]

The "glad it happened" folks (both here and in other places I post) make me cringe. The schadenfreude they express is misguided, imo. It's not Blizzard who suffers from this, it's the customers whose info is stolen. This is the first time in a looooooooooooooooooooooong time that Blizzard has said "Hey guys, charge yer sh*t, some tools hacked us". As such, I'm willing to keep paying for their product. I regularly change my info, I also have a keychain authenticator, but I don't trust that folks aren't going to try to bust on in. It happens to everyone eventually.

Folks who hate their games, or successes, and are glad that Blizz got hacked shouldn't rest on their laurels. It won't be too long before XBox Live get hacked again.

 

[Kross]

Eh, I don't play Blizzard games. Nothing against them, I guess, but I'm just not a PC gamer.

However, I gotta say I'm glad. Hopefully they'll improve their security.
It might be a bit out of topic but I keep getting these emails from Blizzard saying my account was under investigation or something because of botting or scamming or whatever. I don't have a Blizzard account for the reason listed above! I keep trying to reply to them to tell them to gtfo but when I try to do so, it takes me to the official Blizzard customer support page and asks me to login to contact them.

It kind of defeats the purpose, you guys!

Not sure if you're joking/trolling, but those emails and websites aren't from Blizzard.

 

[The Great JT]

Already changed my information. Glad they got on telling everyone so quick.

 

[BENZOOKA]

EU Battle.net, still a secure fortress?

*sips apple juice out of a brandy glass on a rotating chair*


'Apparently' they took data that wouldn't allow them instantaneous access so my guess is they're going to sell it to gold farming companies or decoders. It would be a monumental task but it needs you to go onto your account and change the info or you'll just be bombarded with phishing scams and attempts on your account (which hopefully with the authenticator will fail but there's enough kids out there for it to affect).

But yeah, *sigh* get ready for a fresh wave of gold sellers/farmers on your realms. Sorry US.

I say. An antelope nibbling the hoops. Blizzard ought to improve their tinny security measures across the pond.

 

[Callate]

(facepalm)

"Pirates to the left of me, Hackers to the right, here I am... Stuck in the middle with you..."

 

[LetalisK]

And because Blizzard is a company with a half decent PR department, this will be promptly buried.

Yes like how their CEO wrote a huge blog, and posted it to every conceiveable means of online communication Blizzard has. Yep, certainly buried.

*sigh* There is more than one way to skin a cat, you know. My point was that anyone with a decent PR department will be able to handle this and it'll be old news quickly. It was a stab at Sony.

 

[irishda]

Remember back when Blizzard was trying to convince us that turning Diablo 3 into a game that relied heavily on Always-On DRM would make the game more secure from hackers? And remember how they told us that Battle.net was just so secure and that there was no way that hackers could get in and interfere with your gameplay, even as numerous people reported that accounts were being hacked and relieved of items in Diablo 3?

Pepperidge Farm remembers. And so do I.

While I don't normally wish harm upon anyone and I feel very sorry for the poor gamers who has entrusted Blizzard with their information, I have to be honest: Blizzard deserves every last bit of this. They were the ones boldly proclaiming that Diablo 3 was the next step in hacker-free gaming, arrogantly presuming that their Battle.net system could not be hacked, and using the DRM as a platform to make more money through the Auction House. This is what kills good studios: steps towards money and away from quality.

Turn back now, Blizzard. You're going down a path that leads to EA-ism: a blind focus on corporate interests and money-making over quality assurance and putting care into your products. Once you start down the dark path, forever will it dominate your destiny!

Kind of a logical fallacy. Strategy A fails once, therefore is entirely ineffective? Hell it took 'em 3 months to get information that apparently doesn't even give access to an account.

I've got reasons to hate the always-online model, but I'm not completely naive to think that it hasn't helped deter/protect against some cracks. And considering people have probably been trying to crack open this thing since day 1, I'd say it's been largely successful.

 

[CAPTCHA]

So I went to check my account which I haven't used in months, since I thought it would be prudent to change my password, but someone else had beaten me to it. I tried to get the new password sent to my email, which it wouldn't allow because to many attempts had been made. I contacted support and they rolled back my account.

Yay for securtity? :/

 

[Ken Sapp]

I notice it says nothing about the keychain authenticators. Can we take that to mean that those of us with them are less at risk then the mobile authenticator users?

I can say with a straight face, yes.

*pats keychain*

A keychain authenticator is no more secure than a software authenticator. Both use a secret sauce, a serial number, and a timer which are hashed to generate psuedorandom strings of numbers. If you have the secret sauce, serial, and know the method used to hash the sauce, serial and timer then you have the keys to the kingdom.

Look at what happened to RSA, one of the largest makers of keychain authenticators. Hacker managed to steal the secret sauce behind all of their authenticators which meant that if they could determine the serial numbers associated with a user's dongle then they had compromised one entire leg of user authentication. Any security from using authenticators is then destroyed.

They have not said that keychain authenticator information has been compromised as well yet, but I doubt that anyone who gained access to the mobile authenticator information didn't also gain access to keychain authenticator information. This is the same company that thinks that case-insensitive letters and numerals are sufficient security for your account password. That reduces the potential strength of passwords dramatically.

 

[MrBrightside919]

I just got my Battle.net account back from a goddamn chinese hacker like a month ago...

Thanks, Blizzard...I'm glad I can trust you with my information...

 

[antipunt]

The picture chosen is perfect.

Ticus: "hell... it's about..time"