Blizzard got Hacked!

http://us.blizzard.com/en-us/securityupdate.html

Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, weve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,
Mike Morhaime

Here is the actual link if you don't trust the OP: http://us.blizzard.com/en-us/securityupdate.html

Thanks, just changed my password.

Changed my password, hope I can use my old password soon enough trough.

Thanks for the headsup. Info changed.

So, now its actually blizzard fault? A lot of accounts got hacked in the past and now they admit it?

Blizzard is pathetic.

Blizzard is pathetic.

jakes456

You have been throwing utter hatred towards big companies.

With all these companies getting hacked, looks like I picked a good job market. :D

In all seriousness though, this does suck. Hopefully the security will be increased and that Blizzard takes this as a serious warning.

Blizzard is pathetic.

jakes456

Every single company is more than capable of getting hacked. Blizzard if very popular and therefore a bigger target. Glad your game company isnt having issues though.

A while back got email saying my main character in wow was transfered to another server (Hadn't played in like a year) so reported and now account is banned not sure if lost my stuff. Then stupid me pays 60 dollars plus tax for Diablo 3 play for 2-3 weeks and get bored and a month later i try to play again and says I'm banned i go to web site and can't even log on there since my password is not working.

I finally get account password working after 5 days! and I'm still banned from Diablo 3. Never even played D3 online. I don't use external programs on games and i scan for malware and viruses on regular basis so its not me. Just got reply to ticket about banned account and replied with a form letter that said nothing.

Blizzard is never getting another penny from me.

Never even played D3 online. Sleepyz

This is just proof that authenticators, mobile apps, thingamijigs, and cryptographic stenogrofiers don't protect us from anything!Amigro

I'm sorry but did anyone read this at all or are you all just that stupid? They stole encryped passwords. They did not steal encryption keys or crack the way authenticators work. They have absolutely no access to any of our accounts.

So, now its actually blizzard fault? A lot of accounts got hacked in the past and now they admit it?

bahamutzzzz

It's always been the player's fault for getting their account stolen.

[QUOTE="Amigro"]

I'm sorry but did anyone read this at all or are you all just that stupid? They stole encryped passwords. They did not steal encryption keys or crack the way authenticators work. They have absolutely no access to any of our accounts.

ChubbyGuy40

[QUOTE="bahamutzzzz"]

So, now its actually blizzard fault? A lot of accounts got hacked in the past and now they admit it?

ChubbyGuy40

It's always been the player's fault for getting their account stolen.

The authenticator algorithm has been out for a while now, the bad guys were already able to copy authenticators with just a serial number. Your authenticator will not protect you until your change it.

Diablo 3 had a session hijacking vulnerability. Hackers could completely bypass any security you had on your account by joining a game with you and tinkering with some of the game's files.Temporius

That's false. RSA's security token was cracked, but Blizzard uses Vasco. If it was cracked, do you really think Blizzard and the community would've kept silent all this time?

That was also proven false. You could view the session ID for the persons in your game, but you could never spoof it to gain control. Several threads on d2jsp and Blizzhackers proved this. Even Blizzard said there were no instances of spoofing or hijacking being the cause of people getting hacked. If I remember right, some people saying they were hacked with auths were caught lying by some Blues.

[QUOTE="ChubbyGuy40"]

[QUOTE="Amigro"]Temporius

[QUOTE="bahamutzzzz"]

So, now its actually blizzard fault? A lot of accounts got hacked in the past and now they admit it?

ChubbyGuy40

It's always been the player's fault for getting their account stolen.

Love how its always the players fault for being hacked..Thats the most laughable excuse ive heard to often bye gamers..Its not our fault..In reality its blizzards with these damn spammers in diablo games.Most of the hackers are them guys..Got my account hacked once..They turned me back a few hours got all my things back..Blizzard lets these fools spam the chat room an have a way with spamming every five min..Instead of keeping a person there an booting them..Dont tell me its cost effective either..They can ask one of the fans to do it also..Just like everquest back in the day used to use fans to be kind of a eye for them..Lets face it these spammers stay because blizzard wants them to stay..If they wanted them gone they can do it..Its stupid that they are there day after day..These are your folks who are hacking people..Its no ones fault but blizzard alone..Dont tell me other wise either..

it's happening to most companys, Twitter, Facebook, PSN, Steam, Battle.net, Xbox Live, Amazon...They have all been hacked in the past couple of years.

anything can be hacked into if the person is good enough.

I had to change the security question on my email, because our blizzard usernames are our emails and the security questiosn for both were the same. Having unencypted security questions is pretty low for blizzard. :/

[QUOTE="Amigro"]This is just proof that authenticators, mobile apps, thingamijigs, and cryptographic stenogrofiers don't protect us from anything!ChubbyGuy40

I'm sorry but did anyone read this at all or are you all just that stupid? They stole encryped passwords. They did not steal encryption keys or crack the way authenticators work. They have absolutely no access to any of our accounts.

Thanks for the info, have my password changed. I'm also working on getting my e-mail changed but the site is having some difficulties ith that. Have a ticket opened as I'm typing this.

[QUOTE="ChubbyGuy40"]

[QUOTE="Amigro"]This is just proof that authenticators, mobile apps, thingamijigs, and cryptographic stenogrofiers don't protect us from anything!Amigro

I'm sorry but did anyone read this at all or are you all just that stupid? They stole encryped passwords. They did not steal encryption keys or crack the way authenticators work. They have absolutely no access to any of our accounts.

Just remember you're typing, not speaking.

greedy company should get hacked!...they deserve it

greedy company should get hacked!...they deserve it

commander1122

In most cases it's the players who get affected the most, there personal information is out there. I don't think the players deserve that...

[QUOTE="commander1122"]

greedy company should get hacked!...they deserve it

HyperWarlock

In most cases it's the players who get affected the most, there personal information is out there. I don't think the players deserve that...