Attention: Battle.net security breach
#21
(08-15-2012, 06:34 PM)shoju Wrote: I guess the part that surprised me, was that this information, which is supposed to help keep accounts safe, was in some way shape or form exposed to a hack/loophole/open door.

I wont pretend to understand how they have it set up, but it seems.... less than optimal.

It's really no different than them getting to the SRP passwords. It's a breach, and the authenticator serials would have to be stored somewhere near the passwords. However, in reality, the most usable part they got was the email addresses to send phishing emails to for the gullible to click on.

The rest? The authenticator info, as I mentioned above, is of questionable value, unless they can reverse-engineer it to get codes somehow, which I have no idea whether they can or can't easily. My money is on not being able to easily.

SRP passwords? Too much trouble to decrypt.

Secret answers? Theoretically those could be used to reset passwords on an account, but, I'm hopeful that Blizzard isn't going to blindly let people use exposed secret answers for password resets at the moment. Maybe secret answers plus a scanned DL image? Who knows?

So, yes, it's disturbing that they got breached. However, no one is immune, Blizzard hasn't appeared to try to hide it, and in fact has been pretty forthcoming about what was lost. They have a much better track record than some others, and lost less 'easily usable' information than is lost in many cases.
--Mav
Reply
#22
Oh I agree, they have been really forthcoming about it, and there doesn't seem to be much "fear" to be had. I'm just... surprised at how the intrusion happened. I guess I shouldn't be, They are a pretty big fish.
nobody ever slaughtered an entire school with a smart phone and a twitter account – they have, however, toppled governments. - Jim Wright
Reply
#23
(08-15-2012, 07:36 PM)shoju Wrote: Oh I agree, they have been really forthcoming about it, and there doesn't seem to be much "fear" to be had. I'm just... surprised at how the intrusion happened. I guess I shouldn't be, They are a pretty big fish.

I am surprised that they did not have an intrusion of this size or larger before now considering how big a fish that they are.

And also, you can now log into battle.net to reset your password and mobile authenticators.
Reply
#24
(08-15-2012, 11:54 PM)Ruvanal Wrote: And also, you can now log into battle.net to reset your password and mobile authenticators.

You mean secret question and mobile authenticators. Big Grin

If you have the keyfob authenticator, you don't need to change anything. Evidently their serials were not exposed.
--Mav
Reply


Forum Jump:


Users browsing this thread: 5 Guest(s)