Blizzard internal network compromised, encrypted passwords stolen

By Shawn Knight · 19 replies
Aug 9, 2012
Post New Reply
  1. Blizzard has confirmed that their security team recently discovered their internal network had been compromised. The team says they quickly took steps to seal off access and opened an investigation with security experts and law enforcement to uncover exactly what……

    Read more
  2. dennis777

    dennis777 TS Enthusiast Posts: 285   +33

    Posted this in the forum a while ago...
  3. My account was hacked a couple of weeks ago. My email was changed and account was compromised. My email was changed to someone from China's. Most of my gear was replaced with gold mining gear.
  4. treetops

    treetops TS Evangelist Posts: 2,073   +219

    Since release people have been reporting being hacked on the forums in insanely high numbers, I was hacked too. They dont have a list of people hacked? With peoples email and pass(if they have it) they can raid bank accounts and paypal accounts across the web, time to change my password AGAIN.

    I suspect they do have passwords due to the large volume of peoples account being hacked. Personally d3 is the only game I have ever been hacked on.
  5. It is no wonder to be honest.
    I posted some security vulnerabilities on their forums and all they did is delete my posts or lock them. One of the most basic security bad practices: passwords are not case-sensitive.

    This reduces the number of passwords a brute force tool has to try by a considerable amount. An answer was given in this way: "Even Facebook does this" and I replied with: "Funny how bad examples are always given; I can say that Google, Linux even Microsoft does not do this" and no action taken.
  6. my d3 account got hacked too, I'm about to change my pass on d3 and sc2...AGAIN
  7. passwords are not case sensitive ? really ? are you serious ?
  8. DanUK

    DanUK TS Booster Posts: 211   +9

    Yeah I almost get weekly emails saying my account has been hacked.. their security is shocking! Have added an authenticator phone app now and the problem seems to have stopped but still.. sort it out!
  9. Holyscrap

    Holyscrap TS Enthusiast Posts: 43   +18

    LOL these weekly emails are probably scam emails , which is how most people get "hacked" ( I used quotes there cause they are not hacked, they actually give away their passwords themselves)
  10. DanUK

    DanUK TS Booster Posts: 211   +9

    Yes while some of them are, others are legit. I never follow the links in the emails I just go straight to the website, and have found quite a few times now my diablo 3 account hijacked/suspended for spamming gold.
  11. Case insensitive passwords are not really a big deal, you know. The largest effect is probably save players the hassle of caps lock. Blizzard asks for a minimum of 8 characters and at least one digit and one letter. So let us say that at the very least, a hacker needs 36^8 search. If we add 26 more letters, it is (26+36)^8. Both numbers are both high enough to be above what would be an easy password search.

    Length is more important. Once we use 16 digits passwords that are not obvious, the number 36^16 becomes a completely impossible number. Adding 26 more letters really would not change it. Upper case letters also make pass phrases harder to type. Whilst encouraging pass phrases is better.

    If interested in security, do not bother with case sensitive passwords, instead increase their length or, in the case of blizzard, use an authenticator. The company allows 2-factor verification...

    Regarding the breach. It turns out that in comparison to other breaches, this one is pretty mild Seems blizzard actually has good security. And yeah MOST (not some) emails saying you've been hacked are actually spam and all of the ones that ask you for password are.
  12. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,890   +1,224

    Thanks for pointing that out, Guest... Blizzard strongly encourages the use of an authenticator (or maybe its even required by now). Passwords aren't very important when you need to be holding a physcial device (even your own phone with the app) to login.
  13. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,010   +18

    I think that part of the major fault of these web sites is that they allow weak passwords.

    All most of them do is tell you how weak/strong your password is.

    If thy adhered to a very strict level of what is allowed, people wouldn't be allowed to enter with weak passwords. And no, it wouldn't deter customers because people want to play Diablo 3 more than they dislike having long passwords.
  14. Your account has been hacked! Click on this link to log in and change your password for your safety. "Link> My server that looks just like" Here you enter your password and they got it. Dumb users. Remember the question to ask. If my account has been hacked. How would you even know it?
  15. All of you using the same passwords for crap like online games and your bank accounts, should not speak at all.... *sigh* ridiculous!!
  16. fimbles

    fimbles TS Evangelist Posts: 1,185   +208

    Not played on my WOW account fr some time now, I have an authenticator so im hoping its safe.
  17. yorro

    yorro TS Booster Posts: 251

    My password was hKUO/.*Yvh@BXjbcd+sQ

    Now I have to change it again. That sucks man.
  18. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,890   +1,224

    Well... you never know. If they get your password they can choose to unlink your authenticator. But to do that, they'd need to log in with your authenticator and fax them a photo copy of an official ID.

    Ironically... your Blizz account is probably totally safe, even if they can figure out how to decrypt a password. But if you use the same password for something else (like your email) they might get access to it.

    This really is a big hyped up story for the sake of trying to make news.
  19. Sniped_Ash

    Sniped_Ash TS Maniac Posts: 253   +108

    If you don't have an authenticator tied to your account, that is dumb and has been dumb for years.
  20. DanUK

    DanUK TS Booster Posts: 211   +9

    When you get a legit email from blizzard saying your D3 account has been susupended for spamming gold.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...