Posts: 821
Threads: 4
Joined: Aug 2011
It's probably good to put this out here in case anyone missed it. Blizzard was hacked earlier this week and the information that was potentially accessed depends on your region. I'm not a security guy, but from what I can gather it's possible that if you're in the NA region your password could be subject to dictionary attacks, and depending on how they handle the authenticator registration those might not be a proper safeguard either.
Link: http://us.blizzard.com/en-us/securityupdate.html.
At the very least, change your passwords!
Posts: 7,766
Threads: 94
Joined: Oct 2009
And they limit it to 16 characters. Sigh....
Posts: 1,780
Threads: 16
Joined: Jan 2006
There's a FAQ that includes details of what was compromised from which region:
http://eu.battle.net/support/en/article/...update-faq
I guess most of you are NA servers, which is the region that had most data accessed.
The biggie seems to me to be that they've got secret question/answer stuff, which can be used to identify you if you ring in or to "retrieve" accounts - it says there'll be some automated process coming to force you to change that, but might be an idea to change it now anyway. Particularly coz while they've told their phone staff to use other authentication steps, that relies on people remembering to change the script. You should change your password too but they say it's unlikely that that they'll reverse the encryption on the password database but I'd still change it for peace of mind  (And anywhere else you use that password, particularly important if you pair it with the same email address.)
For EU people they say they only got email address, so I guess we all get an uptick in spam and phishing, joy  (And I'm changing my password anyway just for peace of mind.)
Posts: 3,045
Threads: 49
Joined: Mar 2004
As far as I can tell the secret question and answer cannot currently be changed at BattleNet. You'll have to wait for them to prompt you when the facility to do it is implemented.
Posts: 4,443
Threads: 45
Joined: Nov 2009
Just be careful about openning blizzard emails (make sure it is legit) and change your password if it was less than 24 characters.
In Soviet Russia, Civilization Micros You!
"Right, as the world goes, is only in question between equals in power, while the strong do what they can and the weak suffer what they must."
“I have never understood why it is "greed" to want to keep the money you have earned but not greed to want to take somebody else's money.”
Posts: 1,303
Threads: 23
Joined: May 2010
Thank you for posting a thread about this. I have an account for Starcraft, but I don't really play much anymore, so without this thread I would have never even had a clue that Bliz got hacked. In fact, just about anybody with an account they don't sign in to frequently seems to be pretty much screwed, as Bliz has not bothered to send an email or anything saying, "BTW we got hacked plz change password k thx buy." Classy, especially coming off a company who has also had recent, serious issues with user security in Diablo!
[This is probably a little unfair to them... but this *is* supposed to be the company known for putting a borderline obsessive polish into their games, so it is puzzling at best that they don't seem to have the same polish in their security systems]
Played in: PBEM 4 [Formerly Jowy's Peter of Egypt] | PBEM 10 [Napoleon of the Dutch] | PBEM 11 [Shaka of France] | EitB XVI [Valledia of the Amurites] | PB7 [Darius of Rome] | Diplomacy 3 [Austria-Hungary] | PBEMm/o vs AutomatedTeller
Posts: 7,766
Threads: 94
Joined: Oct 2009
As you might guess from the above, I changed my password, but was unable to change my security Q/A. Now my account's been stolen and the email address is changed (they helpfully sent me an email saying that a confirmation email will be sent to the NEW address. Great security there guys, I'm speechless.) so I can't log in to battle.net at all anymore. (If I try to go through the account recovery process, entering your current email address is the first step. LOL?)
Two questions. 1) Is there some way I can get my account back? I've tried calling their phone #; however their queues are always "full" so they hang up on me. Is this even worth pursuing? 2) Do I need to worry about saved credit card info or just that I lost my games? The latter is insulting and pretty disappointing from blizzard but not such a big deal.
Posts: 13,225
Threads: 25
Joined: Oct 2010
I've had friends who have called Blizzard before. They are definitely reachable by phone. I imagine they are overloaded for this reason right now though.
The post from Morhaime says that they know of no credit card information being stolen.
Posts: 7,766
Threads: 94
Joined: Oct 2009
NobleHelium Wrote:I've had friends who have called Blizzard before. They are definitely reachable by phone. I imagine they are overloaded for this reason right now though.
The post from Morhaime says that they know of no credit card information being stolen.
Thanks. Regarding CCs, I guess I'm wondering if someone could buy blizzard things once they have the account, using stored CC info. I don't remember how it works (whether it stores all the CC info) and I can't check since I can't log in. I would guess not but it would be a big thing to be wrong about.
Posts: 13,225
Threads: 25
Joined: Oct 2010
Well, I just went through most of the purchase workflow on Battle.net and you may have stored payment methods that can be used if you've purchased something there before. I haven't actually done this, so I have no stored payment methods. But I do see a dropdown for which I only have "Other Payment Method" as a selection, so it seems likely that if you bought a game there with a credit card before, that may be one of the selections in the dropdown.
This is only in the digital games section, separate from the Blizzard Store. So I'm pretty sure they can't do things like buy a thousand WoW in-game pets to gift to other people, but they might be able to buy a copy of Diablo II for your account (and only your account).
|
