Blizzard Hacked

I don’t mean “some guy who plays a Blizzard game was hacked”. I mean, “Blizzard’s internal network was compromised”.

See here:

I think it’s ironic that this doesn’t affect my old Diablo 2 characters in the slightest (since they are all offline, on my harddrive). But if I had ever played Diablo 3, which was online-only in part for “security” reasons, then I would have at least some cause to worry.

On the plus side, at least the passwords that got stolen were hashed. This might turn out to be more embarrassing than anything.

Huh. Maybe they should use authenticators. Because SecurId won’t get hacked… again.

It has come to my attention that BattleNet passwords are not case-sensitive. This will make decrypting the hashes significantly easier. Not good.

Ah, yet another reason to give up on this game.

And give up on …

And that is just a small portion :slight_smile: Yeah, good to know so users can be aware and change passwords and be cautious. But to act like this is something new or not expected in this day and age is rather naive.

You do understand the implication of my use of the word “another,” right?

I don’t need a game whereas I might need some of this other stuff. But he did say “another” - there’s plenty of reasons not to play Diablo3.

Oh I agree, plenty of reasons not to play any Blizzard game. Or any other game you don’t enjoy. The problem with this hack I am seeing all over the internet, is people making it like Blizzard has shoddy security, or only Blizzard suffers at the hands of hackers.

Really this should be marked up as another hack not a checkmark against Blizzard. At least the passwords where encrypted. No one is immune as lulzsec/anonymous have shown time and time again.

Wait Amazon was on that list…they were hacked? When?

I changed my password, but from what I could dig up, you can’t change your security question online. Anyone else know how it can be done?

The reason this should be a checkmark against Blizzard is that they justified their always-online system in part on its security. There are at least thousands, and possibly millions, of people who would be either not affected by this, or less affected by this if Blizzard did not require a BattleNet account to play Diablo 3 and Starcraft 2.

You can’t blame a town for having crime, but you can blame them for making it a requirement to live in the ghetto. (Oh! For the days of the gated-LAN-community!)

Over the next few days they said they are going to implement a method for changing that.

They justified it as a method of DRM that is the checkmark, not the hack. Always online is the future of gaming, we cannot change that. If always online, or random online checks went away I would be very happy, but they are not going away so I accept them as a nuisance I will live with to play a game I want to play. Others feel different and I understand that and support them in their valiant struggle against the machine.

Oh my god, Kalush Information Network LTD is on there! :eek: How will I live? How will I love again??

Actually, it took forever for Blizzard to acknowledge that it was DRM at all. Their public line (that fooled no one, of course) was that it was all for the good of the playerbase.

I’m really not at all hacked off (heh) at Blizzard about this; I recognize it’s a risk for any online entity and I think they do make a credible effort to protect against hacking, game fraud, etc., and they generally respond promptly to any issues. I don’t make financial transactions with them through their online portal, so the only thing at risk is my game identity and the dubious sanctity of my email address. My decision to play or not play D3 has nothing to do with this episode, but it does add to the feeling of “This game is becoming too much like work.”

If Blizzard ever does fix the gameplay issues and make the game actually fun to play, I wouldn’t let fear of hackers stop me from playing it again.

Yeah hacking is just life these days.

But DRM that interferes with gameplay to the level this does is not par for the course as far as Im concerned.


The one thing that bugged me was that they said that no customer financial information was in the compromised data. Except that, given the existence of the Real Money Auction House, customer login passwords are financial information. I’m not too worried about this case since the passwords were hashed, but I think that they still haven’t quite realized all of the full implications of having the RMAH.

How much good are hashed passwords if your password is insecure? I’m really asking here, I don’t know. But surely there’s a reason insecure passwords are considered bad, and it obviously can’t be because people will brute force your account, since that’s easy to stop.

I think the reason it is good they are hashed is they cannot be done in bulk. A hacker would have to go password by password which would take an obscene amount of time iirc.