Blizzard/Battle.net has been hacked!

Rico · August 10, 2012, 08:29:00 AM

Some data has been compromised. Change those passwords guys if you play Blizzard games. Or do what I do and get yourself an authenticator keychain or app.

If you play PC games from Blizzard Entertainment such as Diablo III and World of Warcraft you need to review your account security as soon as you can.

Blizzard has confirmed a security breach compromised a large amount of user account data for Battle.net gamers. Blizzard is warning players on North American servers (including players from North America, Latin America, Australia, New Zealand, and Southeast Asia) that hackers have nabbed user e-mail addresses, answers to security questions, a database of "cryptographically scrambled" passwords, and as sensitive data related to dial-in and smartphone app-based two-factor authentication.

full story:
http://www.pcworld.com/article/260714/blizzard_hack_a_security_guide_for_battlenet_users.html

billybob476 · August 10, 2012, 08:50:14 AM

Yeah they got encrypted passwords so it's not the end of the world but they also managed to get some info relating to the authenticators. My understanding is they'll be pushing updates to the smartphones authenticators as well.

Full post from Mike Morhaime: http://us.blizzard.com/en-us/securityupdate.html

Rico · August 10, 2012, 08:56:55 AM

I'm not quite sure how the mobile authenticator generates the number it does. Isn't it tied to the specific device somehow too? Like your phone or iPad? I've been using the authenticator on my iPad for awhile now.

billybob476 · August 10, 2012, 09:47:25 AM

The mobile authenticator has a serial number attached to your specific instance which it uses to sync with the server. it's a type of public/private key encryption.

KingIsaacLinksr · August 10, 2012, 10:28:13 AM

Even with authenticators, Diablo 3 player accounts have been hacked. So it won't secure your account 100%. Change passwords as always and don't use the same passwords for your accounts.

Rico · August 10, 2012, 04:01:47 PM

Quote from: KingIsaacLinksr on August 10, 2012, 10:28:13 AM
Even with authenticators, Diablo 3 player accounts have been hacked. So it won't secure your account 100%. Change passwords as always and don't use the same passwords for your accounts.

Where did you read this? I don't know anyone with an active authenticator that has been hacked.

KingIsaacLinksr · August 10, 2012, 10:23:03 PM

Quote from: Rico on August 10, 2012, 04:01:47 PM
Quote from: KingIsaacLinksr on August 10, 2012, 10:28:13 AM
Even with authenticators, Diablo 3 player accounts have been hacked. So it won't secure your account 100%. Change passwords as always and don't use the same passwords for your accounts.

Where did you read this? I don't know anyone with an active authenticator that has been hacked.

It was part of the major hack-a-thon going on a little bit after the game was released. I guess I could go look up the story again, but there were reports of accounts getting hacked despite the authenticator.

Rico · August 11, 2012, 05:20:06 AM

I read a lot of those reports too and there were a lot of rumors and talk with regards to authenticators. Yes, no system is hack-proof but I really find it highly unlikely that between a solid password and an authenticator that you are in much danger of having your account compromised.