Blizzard Says Battle.Net Has Been Hacked 340
An anonymous reader writes "Blizzard announced today that its Battle.net service was compromised. The company is urging users to change their login information immediately. Blizzard is stressing that payment information was not compromised. 'The unauthorized access included email addresses associated with Battle.net accounts in all regions, outside of China. Additional information from accounts associated with the North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) was also accessed, including cryptographically scrambled versions of passwords (not actual passwords), the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators. It's important to note that at this time, Blizzard does not believe this information alone is enough to gain access to Battle.net accounts.'"
Thanks! (Score:5, Funny)
Thanks for your always-online requirement for Diablo 3! So very useful if I want to play alone.
Re: (Score:3, Informative)
Diablo 3 is a multiplayer game with a where you can choose to not directly interact with other players, but without the auction house the whole itemization would need to be completely different.
That was one of the things they realized with D2, the reason it stuck around was the multiplayer, they just got the idea that the whole thing should be multiplayer. starcraft has less of an excuse because there's no meta economy in starcraft.
Re:Thanks! (Score:5, Insightful)
Re:Thanks! (Score:5, Informative)
It's not an argument. It is. The game is a multiplayer game. Just because that's a stupid idea doesn't mean it isn't the one they went with.
I'm sorry that your point of view is just wrong. But it is. The whole game was balanced around you being able to buy and sell from the auction house. That was a deliberate choice on blizzards part, and without the AH the game becomes prohibitively hard because you just can't get the right itemized gear and you need an astronomical amount of farming to get through the content. Again, I'm not saying that's a *good* design, but that is the design. If anything the game suffers because you almost never loot anything you actually want, I think I looted one inferno difficulty item I actually used, all of the rest I had to buy.
They certainly could have designed the itemization differently or had a full on single player mode with different itemization. But they didn't.
The 'core activity' of diablo is 'click'. I'll grant you that activity is mostly unchanged form previous versions. But most games are more than just one core activity.
they wouldnt even work with me on a refund, when I had issues 3 weeks after launch because I pre ordered it, and therefore it was more than 30 days out of date, eventhough i only had the game for aweek less than 30 days.
yes well, that's a whole other topic. But once they have your money they don't want to give it back.
Re:Thanks! (Score:5, Interesting)
Re: (Score:2)
I understand your argument, I really do. however I dont understand any good reason to disable to single player mode from d2 (which the char was not able to play on battlenet, and therefore not able to access the "real money" market activision set up (in convinced this is an activision move, and not something blizzard would have done prior to being bought up) I simply disagree with the way the game was handled. Hell I pre ordered, pre downloaded, and still couldnt play for 2 days after it was "released" all because of server issues. If that the the route all games are going to go.. i guess I am not a gamer any longer. Thats just me, but I will not deal with that, Ill keep playing super mario world and D2 and be happy.
I am not the other guy, but maybe I can clarify: It is an online game. That is a fact. You may not like that, you may not have played previous Diablo games online ever, but Diablo III is sever side. It is an online game. That is not an argument, it is a statement of fact.
You are free to not like that and not buy the game and mention how much you dislike the fact, but it is still fact, not an argument. I agreed with their decision here, but I hope they (like me) look at it in retrospec and say "yeah
Re:Thanks! (Score:5, Insightful)
Let me clarify further: Diablo 3 is an extremely shitty game that not only is overpriced by about 3x, but then seeks to monetize even further with it's online crapola.
As a free2play online game, Diablo 3 would be excusable. As the anchor in a very popular trilogy of AAA titles, it's inexcusable.
Further, to heal FAIL on top of FAIL, the information that you had to give them to create an online account with Blizzard in order to play this mediocre free2play crap is now in the hands of some Bulgarian sleazebags who will do their best to monetize Diablo 3.
Blizzard couldn't have mistreated Diablo fans much worse without infecting every one of them with Ebola virus and then smacked them in the face with a meat tenderizer.
Naturally, Blizzard bears zero liability for any damage that might be caused by their inability to keep customer records secure because everyone who played the game had to sign away all of their rights in the endless EULAs that they had to agree to on installation and with every single update.
Let me end this rant with a brief prayer: Jesus, Lord Baby Jesus, I beseech you. Please make the prostates of every one of the Blizzard upper management, board of directors and major shareholders swell up to the size of honeydew melons so that it takes them 15 minutes just to squeeze out a painful, burning drop of urine. And let them know, Father, that this pain is directly caused by their behavior with Diablo 3 (which, if it makes any difference to you, Baby Jesus, has satanic overtones). And I further pray, Lord, that you make an example of them so horrible as to cause sweaty, trembling nightmares for the upper management of every game developer and publisher, so that their nights may be beset with horrors so that they might look into their souls in order to change their ways and stop fucking over their customers. I pray this in the name of God (may Allah protect him), Amen. PS: please let the Bears win their home opener by 14 points or more..
Re: (Score:2)
Re: (Score:3, Insightful)
Let me clarify further: Diablo 3 is an extremely shitty game that not only is overpriced by about 3x, but then seeks to monetize even further with it's online crapola.
Diablo 3 is almost the same as Diablo 2 pre-LoD with better graphics and a gameplay rebalanced toward more casual players than hardcore one:
- No need to spend 40+ hours to try a new build.
- An gold auction house (i.e. game money, not real $) to buy high level object without excessive grinding or spending hours in forum to find price, descriptions and reliable vendors.
Of course the guy still playing Diablo 2 today, Diablo 3 will feel dumbed down and "no elitist" enough. I played Diablo 2 as an obsessive
Re:Thanks! (Score:5, Insightful)
I'm afraid you're praying to the wrong God here. Jesus would tell you to forgive, and seek in you the strength to go to Blizzard and convince them to lose their bad ways, by being a loving example to them, as you'd like them to be to you.
Muhammad would tell you to behave, be a good moslem, and insist Blizzard upper management is bound for fiery inferno anyway so why care.
Buddha would tell you to care less for videogames, and maybe instead enjoy your next meal more (hmmm pork).
Nanak would just smack you over the head, and then pee in your general direction.
Eris would grant you your wish, turning Blizzard's management even more sour, then She would make you buy their next yet-shittier game nonetheless so you'd share some of the pain you sought to inflict, for the lulz.
Most other deities would require costly sacrifices and long imprecations upfront just to listen, mostly understanding your plea half wrong anyway. And their antagonist deities would curse you afterwards.
Re: (Score:2, Interesting)
The real money auction house is an example of a free to play concept, and players were exchanging real money through unofficial channels. That poses huge security problems (like the one's people are talking about with WoW), which translate to customer support problems, and blizzard figured they could get a cut.
Even without the real money though, the regular auction house is your entire region, and a main source of gear for high level balance. The ability to dupe items in D2 caused no end of balance grief a
Re: (Score:2, Interesting)
I've discussed in previous posts our piracy rate and dropoff in sales with the proliferation of bit torrent.
Steam has pushed back the other direction, but well, it's an online service, and you pay them 30% for the privilege of using their infrastructure rather than your own.
For us, because we only use steam for retail sales and not authentication or matchmaking well... guess what, even now a year after release 50% of the copies in active use right now are using 1 CD key (with only 4000 concurrent users that
And the counter argument (Score:4, Insightful)
How many paying customers see other people getting it for free and decide they also no longer want to pay?
Proof of this behavior? Walking through a red light, once one person does it, others follow.
Guarding against theft is not just to stop active thiefs, it is also a way to keep non-thieves from turning to thieving.
Proof with regards to copyright infringement?
Whenever a story runs in the main stream media on thepiratebay or napster or whatever, every geek gets asked by non-geeks how they can get in on the action.
Re: (Score:3)
To say the PC Game industry hasn't been damaged by piracy is disingenuous. The fact that far fewer games are produced, that fringe genres are not even developed anymore, and that we have had to deal with more draconian copy protection schemes are all a result of the ease of piracy on an open platform like a general purpose computer.
Re: (Score:2)
you need an astronomical amount of farming to get through the content
Re: (Score:2)
Unfortunately being invulnerable doesn't make drop rates better. Earns you lots of money from the AH though.
Re: (Score:2)
While true, it points to the major problem. The entire reason single player must be played "online" is because its a real money auction house. This single design decision drove all of the "features" that everyone detests. Their greed is the problem here.
Re: (Score:2)
No, not just the real money auction house. The regular one too. The RM AH is so blizzard can get a cut of the real money changing hands.
Re: (Score:2)
And to not have to balance two different games. As a purely single player experience D3 is like 8 hours, or 8000 if you want to farm stuff. With multiplayer it's a good 50-200 hours, and then significantly diminishing returns after that.
Re: (Score:2)
No, Blizzard realized there were still people selling runes 10 years after D2's release and thought: Christ, why aren't we getting a piece of that action?
Every decision after that became suspect. The drop rates, the difficulty levels, even the layouts of the maps. Everything can (and has been) designed to push people towards the RMT AH. They have a direct economic incentive to do so.
Re: (Score:2)
There are lots of single player games that are a special case of multiplayer (where for example you still connect to a server, albeit a local one) with special rules, lots of FPS single player campaigns are like that, and there are single player games that have no support for multiplayer at all.
Diablo isn't either of those. Because of the auction house and achievements connection the game depends on connecting you to a server to facilitate those things. Now I grant you that those things didn't need to be
Re: (Score:2)
they already suckered me out of my money
hence the real money auction house. That you've quit playing reduces the value of the real money auction house (even if you never use it it's connected to the regular auction house as part of the broader economy).
If you read anything they've been saying it's pretty clear they fucked up, badly. And they realize it. They aren't sure what to do about it, but they definitely aren't happy with how much people are (or aren't) playing the game, because that's their revenue model. Think of it like a free to pla
Re: (Score:2)
Ironically you go on this rant about how "uneducated" the American public is while fucking up the basic details of what you claim to know so much about. The term "cryptographically scrambled" is much more accurate than saying "encrypted", because guess what, the passwords ARENT encrypted, they are hashed. "Scrambled" and "Hashed" in reference to passwords are sort of similar, though scrambled in reference to words usually implies some sort of random re
Comment removed (Score:4, Insightful)
not just the application that gets hacked (Score:3)
Re: (Score:2)
Yah (Score:5, Insightful)
Can I please have my single player offline games back?
Re:Yah (Score:5, Funny)
"No." -Activision
Re:Yah (Score:5, Insightful)
Can I please have my single player offline games back?
Speaking just for myself, I'm skipping both StarCraft 2 and Diablo 3, because of the onerous DRM and always-online requirements Blizzard now uses.
I wonder if the DRM and always-online requirements are preventing enough piracy that results in sales, to overcome the loss of buyers like me.
Re:Yah (Score:5, Insightful)
My guess is that what they're losing in sales to people like you (and me), they're more than recouping in the buy-things-for-real-world-money shenanigans they've instituted.
Sucks, but I guess that's how the cookie crumbles.
Re: (Score:2)
Ah well, I'm still glad people like us are doing what we can, and voting with our wallets.
(Piracy is not an option in my house.)
Re: (Score:2)
Ah well, I'm still glad people like us are doing what we can, and voting with our wallets.
(Piracy is not an option in my house.)
Honestly, I don't expect voting with my wallet to have any real impact. However, Torchlight 2 should provide roughly the kind of fund I'd been hoping for from D3. So even if Activision doesn't care that I go for T2 vs. D3, at least I can still have my fun.
Re: (Score:2)
Prepare to get super annoyed with the control scheme though. I really feel RTS controls were all rubbish until StarCraft 1, but stuff like Dune RTS and WC1... I honestly don't know how I played it. Then again I guess I didn't try to play it like I do now with RTS games were I like to try and pretend like I have great micro/macro.
Re: (Score:2)
"I said no to star craft two and diablo 3 as well."
Not a loss, the original developers are long gone. D3 and SC2 are bland and the magic is long gone. They survive through sheer inertia and new bodies without a long history of gaming.
Re: (Score:2)
My guess is that what they're losing in sales to people like you (and me), they're more than recouping in the buy-things-for-real-world-money shenanigans they've instituted.
-- Or --
They blame the lost sales on piracy and use the figures to justify even more draconian nonsense.
Re: (Score:2)
Can I please have my single player offline games back?
Speaking just for myself, I'm skipping both StarCraft 2 and Diablo 3, because of the onerous DRM and always-online requirements Blizzard now uses.
I wonder if the DRM and always-online requirements are preventing enough piracy that results in sales, to overcome the loss of buyers like me.
You didn't miss anything with Diablo 3 really. It was ok, but nothing great. A step back for Blizzard if you ask me. With StarCraft 2 it was your own loss if you liked multiplayer. Also it had an offline mode that thanks to internet issues I got to make several uses of.
Re: (Score:3)
Are they doing the same thing they did when they said they broke the pre-order record? That is, counting all the copies of D3 they gave away to WoW subscribers who signed up to the Annual Pass as pre-orders. That's the only reason I have the game. I played it for maybe 2 weeks. Then it got old. I played D2 for years.
Cryptographically Scrambled Passwords (Score:5, Interesting)
I'm going to go out on a glass-half-empty limb here and say that means encrypted, not salted and hashed. "Cryptographically Scrambled" is too obviously ambiguous. I hope I'm wrong!
Re:Cryptographically Scrambled Passwords (Score:4, Funny)
It smell like XOR... ;)
Re:Cryptographically Scrambled Passwords (Score:4, Informative)
Which is still very secure if they used a one time pad with the XOR.
The only thing stronger than XORing with a one time pad, is XORing the input with itself.
Re: (Score:2)
For storage, possibly, for authentication, I'd say it's quite the opposite ;)
Re:Cryptographically Scrambled Passwords (Score:5, Informative)
the server carries a verifier for each user, which allows it to authenticate the client but which, if compromised, would not allow the attacker to impersonate the client
Re: (Score:2)
SRP is augmented by PAKE, I've heard people call it the latter before which is wrong. Some info here [wikipedia.org] for those that have never heard of it. But it's not new, but it's very useful.
Using scrambling rather than cryptography (Score:4, Informative)
Using scrambling rather than cryptography gets around cryptographic export and import restrictions. This is why it was possible to decypt a lot of Windows and Microsoft Word scrambled content, and why Windows NT password recovery tools existed.
Unless you want to lock yourself out of most Asian countries where videogaming comes close to a religion, and is therefore worth gobs of money, you will not build something which violates their import restrictions. See also:
http://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography#Status_by_country [wikipedia.org]
Re:Cryptographically Scrambled Passwords (Score:5, Informative)
The letter from Blizzard itself says they use the Secure Remote Password protocol, so this is what they mean by "Cryptographically Scrambled":
http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol [wikipedia.org]
Re: (Score:2)
Yeah, but the salted hashes aren't of much value then...
Re: (Score:2)
On the contrary, it is much easier to brute-force the password matching a known salt and hash on your own workstation, cluster, or botnet than it would be to brute-force it through repeated logins to a remote server, particularly if basic security precautions are implemented, such as rate-limiting login attempts and locking the account after several failures.
Salted and (repeatedly, as with bcrypt) hashed passwords are much better than merely hashed passwords, which are in turn somewhat better than plain-tex
Re: (Score:2)
I'd agree with you, if there were a real very high value to the accounts, which is doubtful. The computing power needed to brute force the salted, hashed passwords is probably more expensive than the reward is valuable. It's not worth the hassle.
Well now. (Score:5, Funny)
Since I''m over 25 and work for a living, this does not effect me.
Re: (Score:2)
and since I got into Diablo and Starcraft when I was under 25,
this does effect me.
Re:Well now. (Score:5, Funny)
Since I am 25 and do nothing for a living, your incorrect spelling of 'affect' affects me.
Re:Well now. (Score:4, Informative)
Since I''m over 25 and work for a living
making you the target market for games, and modern MMO's. Especially so if you're male. Because you know, the people who actually work at blizzard want to play their own game, and they're mostly over 25 and have jobs. So if you're one of the 40 million or so people who ever created a battle.net account for starcraft or diablo or WoW then yes, this effects you. Because what was your security question, have you ever reused it, and was it publicly available information?
Re: (Score:3)
Since I''m over 25 and work for a living, this does not effect me.
Well this will surprise you then. The prime market for MMO's and gaming in general is...
Male, 25-41, working, with an average yearly income of $38,000
Re: (Score:2)
So, looks like I'm cancelling that e-mail address. (Score:2, Insightful)
and removing my CC (oh, wait, I already did that).
This is going to be bigger than the Sony breach
honestly (Score:2)
Re: (Score:2)
I bought D3 about 1 week after launch. Was very disappointed. Asked for a refund - four times. Blizzard refunded me.
Re: (Score:2)
Re: (Score:2)
I pre ordered the game.
Why would anyone do that in this day and age? A game is something you download, so paying for it more than a day or so before it comes out seems pointless. Waiting until there are some reviews seems better still.
Having D3 at the launch did you little good - the servers were so overloaded that playtime was quite limited the first week.
Re: (Score:3)
If they got my passwords now, I dont care. After the hassles i have had with D3 from day 1 I dont even care anymore,
Yeah i gave up on it too, the having to wait to play because the servers were full, the lag, the crashes...there's no reason it couldn't have just been an offline game like its predecessors. Very disappointed with it.
Anyone have real information? (Score:3, Informative)
Re:Anyone have real information? (Score:5, Informative)
Re: (Score:3)
They messed up the link in the article.
http://us.blizzard.com/en-us/securityupdate.html [blizzard.com]
The Responsible Thing To Do (Score:5, Funny)
Technically I'm working from home today, but I guess good security dictates I log into WoW to change my password and check for any foul play.
Re: (Score:2)
FYI, "secret" questions can not be changed. (Score:5, Interesting)
Re:FYI, "secret" questions can not be changed. (Score:4, Informative)
That hasn't been true for over a year [epicnpc.com].
Also, they're going to en masse make everyone change their security question/answer real soon now.
Re:FYI, "secret" questions can not be changed. (Score:5, Informative)
Re: (Score:2)
Unfortunately, your mother's maiden name never changes, so you're basically SOL at your bank, broker, utilities and other services, too.
Re: (Score:2)
They said they're working on a change to the security question.
But yes, in general this is bad. Although that's sort of the idea behind salting and hashing passwords, that even if someone gets the passwords they still can't recover them.
Ironic. . . (Score:4, Insightful)
Re: (Score:2)
Rainbow tables (Score:3)
Re: (Score:2)
scrambled? Do they mean hashed or ... Or did you just hash+salt them? I for one would really like to know!
I think what's best is unsalted, over easy, and hash browns on the side.
Who cares.. (Score:3, Interesting)
Summary: It's fun but too easy going through normal, nightmare and hell if you gather a party. Then you hit the inferno act 2 brick wall, and your only hope for punching through that is either the RMAH or something like 100+ hrs into cheese-farming spots like dank cellar (gold) or the ancient path goblin (rares).
I found myself wishing someone else would "play" for a while because the game part peeled away and it was revealed to be a stupid repetitive virtual item farming-trading game. I bought the game mid-May, and haven't touched it past June and don't plan to either. Gonna keep it around for a couple more weeks and then give my login info to the first friend who shows interest when I go back to school for TA'ing in september.
Re:What do you expect? (Score:4, Interesting)
You know it's not a console game, right?
Right?
Blizzard have mulled over the possibility of a console release from time to time, but there's nothing announced. The game's not that different from its predecessors - as you yourself note.
In fact, the Diablo series is historically a PC/Mac series. There was a Playstation 1 version of the original, but it never got much traction. This series is as computery as a very computery thing that was just made even more computery by the injection of a big pile of computer.
I think you're using "console" as a shorthand for "shallow and repetitive". Well, I can certainly agree that Diablo games are shallow and repetitive. Absolutely. Definitely. With cherries on.
But then, I look at some of the console games I own and I don't necessarily see much in the way of shallowness or repetition in some of those. Valkyria Chronicles (PS3 exclusive) is absolutely brimming with depth and complexity, packaged beneath a highly accessible exterior. Dark Souls (360 and PS3, belated PC version due later this month) is more action oriented, but has one of the deepest and most precise combat systems I've come across. The Forza Motorsport (360 exclusive) games have depth coming out of their ears.
By all means criticise the Diablo series for its core gameplay - god knows it deserves a bit of a grilling as a counter-point to the fawning it got from some review sites. But if you're claiming it's a console game, you look ridiculous and if you're claiming that all console games are shallow, you look ignorant to boot.
Been a while (Score:2)
Oh man, I think I created an account for Starcraft I. Do you suppose it's still active? I doubt I can remember what password I used all those years ago, or what email address I might have had at the time.
Defeating your own security 101 (Score:4, Interesting)
This is for real (Score:5, Informative)
Real links here: http://us.blizzard.com/en-us/securityupdate.html [blizzard.com]
http://sea.battle.net/support/en/article/important-security-update-faq [battle.net]
The important thing to note is that the passwords were encrypted with Secure Remote Password protocol, meaning that Rainbow Tables are ineffective since each password is individually encrypted instead of using a common hash. Also, the process is CPU expensive so brute forcing is highly unfeasiable for reasonably length passwords.
Fool me once... (Score:2)
Now, I have a password I don't use anywhere else, a mobile auth'er (that I changed the serial number on after I read about this breach), and I have it set to *always* require the auth'er to log in. Now that whatever mobile auth'er info they got regarding my accoun
Stupid SHIT (Score:3)
There is a ton of stupid SHIT being posted here on the slashdot comments. I don't blame the commenters one bit, thought. Why? Because the article was a regurgitated rehashed pile of shit in comparison to the actual Blizzard press release... which was really hard to find, ya'know, being the top post on Blizzard.com after all... A very key detail, the usage of SRP, is completely missed by the article, which is leading to the majority of the confusion here and elsewhere.
http://us.blizzard.com/en-us/securityupdate.html [blizzard.com]
Great, Blizzard, to receive this thru 3rd party! (Score:3)
As a long-term Blizzard customer, I am outraged; to have this news delivered through third party.
No notification came from Blizzard thru e-mail. Cool way to support your customers..
Re: (Score:3)
meet me.
I have a maxed out Mage on Rexar that hasn't yet been hacked, BUT I do agree w/ you. Everyone 'else' I know has had their accounts just trashed.
Naked Gnomes everywhere...
Re: (Score:2)
Whoever hacked it had a seriously weird sense of priorities too. They had sold the starting gear off my level 1 bank alt types and mailed off the money (at a loss!) but hadn't bothered to strip my midrange characters. They used my level 85 main charact
Re:This is not news (Score:4, Interesting)
That's actually pretty common when people do get hacked. If you have gold they immediately mail it off and sell it, and then try and bot farm whatever the best gold/hour is. That might be tradeskilling, that might be cash runs through bosses, sort of depended.
My lingering suspicions is that WoW was vulnerable to a session spoof attack at some point, or the usual exploit of a flash vulnerability to get your password, but their systems became overall pretty robust with authenticators added in.
In your case I'd guess a flash vulnerability, possibly a 0 day one, those are much less of a problem today than they were 2 or 3 years ago when browsers weren't well sandboxed etc. etc. But those sorts of things always got a few people.
Re:This is not news (Score:5, Interesting)
My account keeps being hacked*, despite the fact I don't login, have no real interest in playing the games, change it to random passwords even I don't remember, run linux day to day, and have it associated to a gmail account which hasn't had any suspicious activity. I've tried to reason with them, but they refuse to listen. I've come to the conlusion that Blizzard are incompetant in this area.
* I've never seen any proof of my account being hacked besides their e-mails telling me and locking my account. I managed to get them unlocked the first few times, my characters still has all items and gold I remember. Now they want me to fax a passport or some 'real identification'. I honestly don't want the games that bad, I'm just annoyed they're taking them off me.
Re:This is not news (Score:5, Interesting)
My account keeps being hacked*, despite the fact I don't login, have no real interest in playing the games, change it to random passwords even I don't remember, run linux day to day, and have it associated to a gmail account which hasn't had any suspicious activity. I've tried to reason with them, but they refuse to listen. I've come to the conlusion that Blizzard are incompetant in this area.
* I've never seen any proof of my account being hacked besides their e-mails telling me and locking my account. I managed to get them unlocked the first few times, my characters still has all items and gold I remember. Now they want me to fax a passport or some 'real identification'. I honestly don't want the games that bad, I'm just annoyed they're taking them off me.
If I had mod points I'd vote this up.
My battle.net / wow account was fine for years. Never had a problem. Then I installed StarCraft2 and its updates. A day later I get a legitimate e-mail from Blizzard telling me my account had been used to spam the chat channels on wow. Changed my password, and started using their iPhone authenticator app. Nothing from any of my characters was missing. Not a single thing.
When it comes to security I don't think Blizzard knows what it is doing.
Re: (Score:2)
Re: (Score:2)
BUT if you happen to use the same password in other sites/services, change it at those places.
[1] They might then get the plaintext of your password instead of the "scrambled" version.
Re: (Score:3)
Of the 56 unique players in my guild when we quit, only 2 had ever been hacked. We've certainly had people who were hacked off and on over time, (and most of them left the guild) but once they brought in authenticators it was pretty rare for people to get hacked. Even before that, you usually had to do something stupid to get your account hacked.
The most common culprits for it were from re-using passwords (especially on WoW fansites, because duh...) and people buying gold. Then there was the usual keyl
Re: (Score:2)
As I mentioned below, because i'd forgotten about them, when I typed this flash exploits as well (which of course had keyloggers of various sorts). Strategy videos and all that.
Re: (Score:2)
I got hacked back in Vanilla when I was running on a Windows machine. It was a result of a key logger I picked up from the Curse addons site after they were compromised. Since moving back to a Mac for my primary WoW machine I haven't been compromised since. I also avoid using Curse as my primary source of Mods, preferring WoW Interface.
Re: (Score:2)
My account had a max level character in every slot of my main server. Never got hacked.
Next theory.
Re: (Score:2)
I played from release day until last year. My account was never hacked.
I use noscript and, when I could get one, an authenticator. I also don't use the same email address for my battle.net authentication as I did for other WoW forums, so phishing was even easier to identify.
Re: (Score:3)
Many people use the same password for all accounts including their e-mail. You can also assume that the same login and/or e-mail username is used in other places by many people and attempt to access other outside accounts. This creates a huge security threat for those affected.
Re: (Score:2)
Last week my friend has his D3 account hacked, and they treated him as if it was his fault! What a bunch of assholes. Get your shit together Blizzard!
Their shit IS your shit, and being all together is actually the problem; Both in terms of security and bandwidth bottlenecks...
Re: (Score:3, Insightful)
Your "friend" is likely an idiot who has a key-logged, malware-ridden machine. 99.99% of the time, what someone calls "hacking" is nothing more than poor personal security on their own machine.
Re: (Score:3)
Re: (Score:3)
Well, it might be an "inside job", but not in the way you're thinking.
There was a issue with MS Xbox Live accounts being compromised recently. I was one of the ones affected by this and, until I learned more about it, I was utterly puzzled as to how it had happened.
See, prior to the Sony breach, I had been guilty of a bit of password sharing between accounts. After the Sony breach, I get more sensibly paranoid and, other than random don't-really-care forum accounts, everything gets its own password. As part
Re: (Score:3)
No, not Trojan or key logged or phished or anything stupid like that.
Sorry but every time I see someone say that I laugh. It's like they think their computers are impervious or perfect and there is no way in hell they can be at fault. It's ALWAYS the other guy!
Back in the WoW BC days I was hacked. I thought I was pretty good with security. Come to find out I visited some website blog that was exploited with an iframe/XSS logger. That's how my password was logged. You don't have to have something installed on your computer to get keylogged.