Blizzard Says Battle.Net Has Been Hacked 340
An anonymous reader writes "Blizzard announced today that its Battle.net service was compromised. The company is urging users to change their login information immediately. Blizzard is stressing that payment information was not compromised. 'The unauthorized access included email addresses associated with Battle.net accounts in all regions, outside of China. Additional information from accounts associated with the North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) was also accessed, including cryptographically scrambled versions of passwords (not actual passwords), the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators. It's important to note that at this time, Blizzard does not believe this information alone is enough to gain access to Battle.net accounts.'"
Cryptographically Scrambled Passwords (Score:5, Interesting)
I'm going to go out on a glass-half-empty limb here and say that means encrypted, not salted and hashed. "Cryptographically Scrambled" is too obviously ambiguous. I hope I'm wrong!
Re:This is not news (Score:5, Interesting)
My account keeps being hacked*, despite the fact I don't login, have no real interest in playing the games, change it to random passwords even I don't remember, run linux day to day, and have it associated to a gmail account which hasn't had any suspicious activity. I've tried to reason with them, but they refuse to listen. I've come to the conlusion that Blizzard are incompetant in this area.
* I've never seen any proof of my account being hacked besides their e-mails telling me and locking my account. I managed to get them unlocked the first few times, my characters still has all items and gold I remember. Now they want me to fax a passport or some 'real identification'. I honestly don't want the games that bad, I'm just annoyed they're taking them off me.
FYI, "secret" questions can not be changed. (Score:5, Interesting)
Re:This is not news (Score:4, Interesting)
That's actually pretty common when people do get hacked. If you have gold they immediately mail it off and sell it, and then try and bot farm whatever the best gold/hour is. That might be tradeskilling, that might be cash runs through bosses, sort of depended.
My lingering suspicions is that WoW was vulnerable to a session spoof attack at some point, or the usual exploit of a flash vulnerability to get your password, but their systems became overall pretty robust with authenticators added in.
In your case I'd guess a flash vulnerability, possibly a 0 day one, those are much less of a problem today than they were 2 or 3 years ago when browsers weren't well sandboxed etc. etc. But those sorts of things always got a few people.
Re:Thanks! (Score:5, Interesting)
Who cares.. (Score:3, Interesting)
Summary: It's fun but too easy going through normal, nightmare and hell if you gather a party. Then you hit the inferno act 2 brick wall, and your only hope for punching through that is either the RMAH or something like 100+ hrs into cheese-farming spots like dank cellar (gold) or the ancient path goblin (rares).
I found myself wishing someone else would "play" for a while because the game part peeled away and it was revealed to be a stupid repetitive virtual item farming-trading game. I bought the game mid-May, and haven't touched it past June and don't plan to either. Gonna keep it around for a couple more weeks and then give my login info to the first friend who shows interest when I go back to school for TA'ing in september.
Defeating your own security 101 (Score:4, Interesting)
Re:This is not news (Score:5, Interesting)
My account keeps being hacked*, despite the fact I don't login, have no real interest in playing the games, change it to random passwords even I don't remember, run linux day to day, and have it associated to a gmail account which hasn't had any suspicious activity. I've tried to reason with them, but they refuse to listen. I've come to the conlusion that Blizzard are incompetant in this area.
* I've never seen any proof of my account being hacked besides their e-mails telling me and locking my account. I managed to get them unlocked the first few times, my characters still has all items and gold I remember. Now they want me to fax a passport or some 'real identification'. I honestly don't want the games that bad, I'm just annoyed they're taking them off me.
If I had mod points I'd vote this up.
My battle.net / wow account was fine for years. Never had a problem. Then I installed StarCraft2 and its updates. A day later I get a legitimate e-mail from Blizzard telling me my account had been used to spam the chat channels on wow. Changed my password, and started using their iPhone authenticator app. Nothing from any of my characters was missing. Not a single thing.
When it comes to security I don't think Blizzard knows what it is doing.
Re:Thanks! (Score:2, Interesting)
The real money auction house is an example of a free to play concept, and players were exchanging real money through unofficial channels. That poses huge security problems (like the one's people are talking about with WoW), which translate to customer support problems, and blizzard figured they could get a cut.
Even without the real money though, the regular auction house is your entire region, and a main source of gear for high level balance. The ability to dupe items in D2 caused no end of balance grief and problems that arise from that, and having a consistent relatively locked down platform for their main community, which is the multiplayer community is important then.
Also, yes, piracy has ravaged the PC game business (including the companies I contract with) and so everyone who can afford the infrastructure is moving to online setups.
You also have to keep in mind that from Blizzards perspective their main product is WoW, and everything else is an offshoot from that. They want WoW players to still be connected to other WoW players who happen to be in Starcraft or Diablo, and things like that. They're aiming for a total connected product line (sort of the way steam, XBL and PSN let you chat with your friends outside of the game you're playing), so your achievements in WoW carry over to diablo and the reverse, your friends are in both and so on. Again, not really sure that plan is working too well, but I can certainly see what they're trying to do. Blizzard isn't really the right outfit to pull that off though, mostly because it's the wrong level.
Re:Thanks! (Score:2, Interesting)
I've discussed in previous posts our piracy rate and dropoff in sales with the proliferation of bit torrent.
Steam has pushed back the other direction, but well, it's an online service, and you pay them 30% for the privilege of using their infrastructure rather than your own.
For us, because we only use steam for retail sales and not authentication or matchmaking well... guess what, even now a year after release 50% of the copies in active use right now are using 1 CD key (with only 4000 concurrent users that's a small sample, and well, time zones and so on), and none of those pirated copies are steam users. I'm not 100% sure how anyone else does it, but I know we give steam a list of keys and only those keys authenticate blah blah blah so their service it's just those. But gamersgate, impulse etc. not so much. And in this case the key in question was part of a broad allotment to the publisher.
Now I wouldn't equate 1 pirated copy to one lost sale, I think, given the previous sales figures (for previous games in the series and so on) I think about 20% of total players (40% of pirates since we're at 50/50 right now) equate to lost sales given our estimates, and some of the pirates are in china and can't buy our game anyway, so it's not all lost sales. But there's certainly a lot of hurt from it.
Obviously you can't know exactly. There's no way to have a synthetic test knowing exactly how many copies would sell if it wasn't for piracy. But sales are way down, forum use and active play sessions are about flat, so guess what, people are pirating the game and not paying for it. Fortunately in the intervening period the government of ontario started kicking in a bunch of money (about 40% of peoples pay) or the guys I work with would be out of business.
Re:What do you expect? (Score:4, Interesting)
You know it's not a console game, right?
Right?
Blizzard have mulled over the possibility of a console release from time to time, but there's nothing announced. The game's not that different from its predecessors - as you yourself note.
In fact, the Diablo series is historically a PC/Mac series. There was a Playstation 1 version of the original, but it never got much traction. This series is as computery as a very computery thing that was just made even more computery by the injection of a big pile of computer.
I think you're using "console" as a shorthand for "shallow and repetitive". Well, I can certainly agree that Diablo games are shallow and repetitive. Absolutely. Definitely. With cherries on.
But then, I look at some of the console games I own and I don't necessarily see much in the way of shallowness or repetition in some of those. Valkyria Chronicles (PS3 exclusive) is absolutely brimming with depth and complexity, packaged beneath a highly accessible exterior. Dark Souls (360 and PS3, belated PC version due later this month) is more action oriented, but has one of the deepest and most precise combat systems I've come across. The Forza Motorsport (360 exclusive) games have depth coming out of their ears.
By all means criticise the Diablo series for its core gameplay - god knows it deserves a bit of a grilling as a counter-point to the fawning it got from some review sites. But if you're claiming it's a console game, you look ridiculous and if you're claiming that all console games are shallow, you look ignorant to boot.