Blizzard data leak 2012-08-12

Forums › Gaming › Blizzard data leak 2012-08-12

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#107373 10-Aug-2012 12:11

Just received and posted information about Blizzard Entertainment leaked data:

The unauthorized access included email addresses associated with Battle.net accounts in all regions, outside of China. Additional information from accounts associated with the North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) was also accessed.

The company says the information includes cryptographically scrambled versions of passwords but not the actual passwords, the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators.

Blizzard says that even with all this information hackers would not be able to gain access to Battle.net accounts.

Based on Blizzard’s investigation to this point, credit card and other customer payment data does NOT appear to have been accessed or affected. As a precaution, however, Blizzard encourages players to change their Battle.net password and any similar passwords used for other purposes.

PANiCnz

990 posts

Ultimate Geek

#670887 11-Aug-2012 08:28

My account just got locked out for "hacking", seems to much of a coincidence for these two events to be unrelated.

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#670955 11-Aug-2012 11:32

Good thing I have one of those handy tokens (that even my bank won't offer me) I guess. Best $6 + $20 shipping ever spent.

Ragnor

8223 posts

Uber Geek

Trusted

#671189 11-Aug-2012 21:26

Embarrassing for Blizzard but they are such a high profile target anyone not using their two factor authentication (battle.net authenticator) is crazy.

It's even available as a free app for android and iphone., best $0 I ever spent.

https://play.google.com/store/apps/details?id=com.blizzard.bma

http://itunes.apple.com/nz/app/battle.net-mobile-authenticator/id306862897?mt=8

freitasm

BDFL - Memuneh
79309 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#671193 11-Aug-2012 21:36

Kyanar: Good thing I have one of those handy tokens (that even my bank won't offer me) I guess. Best $6 + $20 shipping ever spent.

They had access to the token and the recovery information - whoever got that can get in anyway, unless you change your password now.

Ragnor: It's even available as a free app for android and iphone., best $0 I ever spent.

And Windows Phone as well.

Kaos36

709 posts

Ultimate Geek

#671731 13-Aug-2012 11:18

Changed PW.

Good timing hackers (Not!) just when expansion due out next month.

Worst Response To A Crisis:
From a readers' Q and A column in TV GUIDE: "If we get involved in a nuclear war, would the electromagnetic pulses from exploding bombs damage my videotapes?"

Kyanar

4089 posts

Uber Geek

ID Verified

Trusted

#671869 13-Aug-2012 16:02

freitasm:
Kyanar: Good thing I have one of those handy tokens (that even my bank won't offer me) I guess. Best $6 + $20 shipping ever spent.

They had access to the token and the recovery information - whoever got that can get in anyway, unless you change your password now.

Ragnor: It's even available as a free app for android and iphone., best $0 I ever spent.

And Windows Phone as well.

Only the software tokens. The RNG seed for the physical authenticator (which is a Digipass Go 6 device) is still secure as only the HSM has that info.

Now with the recovery information, they could theoretically call up and get Blizzard to reset my password and/or disconnect my hardware authenticator. Since we can't actually change our security question answers though, I don't see changing my password making a whit of difference. One would hope though that Blizzard has instructed their CSRs to require physical identification prior to actioning any password reset/authenticator lockout type calls.