Blizzard compromised..

[GatorKram]

Figured I would post this here in case you don't go to the forums or play the game as often as you used to.

http://us.blizzard.com/en-us/securityupdate.html

[Tim]

Wow, thanks for the link GK!

Quote:

For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

That last sentence doesn't make sense. To log into WoW with a BNet authenticator, you need the email address (stolen), password (stolen as well, and with a post-crypt SRP list in the tens of millions, decrypting the PKE pass will occur very soon), and the authenticator PSK, you now have everything you need to log into a b.net account.

Also, something people should know.... Lists of email accounts being stolen from Blizzard have been going around the "black market" for some time, which indicates to me that Blizzard has been hacked before in the past.

I know of these lists because I've been contacted before in the past to purchase these lists, in addition to other well known WoW site owners. Back when I ran a very large WoW Guild hosting website, I was contacted by an entity who offered to sell WoW email user information in lists of 250,000 at a time (Eg, $50 for 250k, $100 for 500k, etc). This would indicate to me that Bliz was hacked prior, and that they have probably been hacked many times.

Either way, I applaud Blizzard for releasing to the public this information.

With that said, they are missing a crucial piece of information: When did this security flaw get detected? When do they estimate this flaw to have originally occured? IS this a day old? Month old? Has this been going on since WoW's creation? Etc. These are important questions that their customers (and legally so) should know.

[GatorKram]

If you look at the original message, they have another link at the bottom, that gives a bit more info: Important Security Update FAQ - Battle.net Support

They said they discovered the issue on the 4th. They do not however say if they know when it took place.

edit: Put 5th instead of 4th