And I thought Blizzard had reached the deepest depths of their fall from best gaming developer to total and unmitigated disaster. I guess all those players who got hacked when D3 first was released and had Blizzard blame it on them feel vindicated. Shame on all the Blizzard fanboys for how they treated those people at the time.
Oh how the mighty have fallen.
Edit: for those who down rated my post consider the following:
Blizzard did not say when this breach occurred. Since this is a company for whom the word SOON™ can mean months, it's not unreasonable to think that the word "recently" can also mean a longer amount of time than one might generally mean when using the word.
Furthermore, despite the fact that they claim that no plaintext passwords were stolen, they do admit that passwords could be figured out via what was stolen. Additionally, since all battle.net logins are e-mail addresses, these hackers can compare the battle.net e-mail addresses they hacked from Blizzard with other databases which have been hacked and did include plaintext passwords. Anyone paying attention knows there are hundreds of millions of compromised e-mail addresses from various hacker attacks in the last couple years.
These hackers are then given a set of what they know for sure will be valuable login names (e-mail addresses) with which to cross reference with other databases they have access to. At least some of the people will have used the same password at some other place which has been compromised, and then the hackers have access to their battle.net login.
Not only that, but Blizzard is going to be updating the mobile authenticator software, which implies they believe there is a chance that said hackers could get through that security feature. I use a mobile authenticator so I know now that hackers have my battle.net login, they have an encrypted form of my password. They have information concerning my mobile authenticator (likely the seed used so the login server and my authenticator app generate the same code), they have my security question and answer. They have my full name.
And we have no idea when this breach occurred, because Blizzard was intentionally vague about when it happened. So yes, I find it quite possible that this breach occurred a few months ago and that many of the early "I got hacked" threads where the fanboys lined up to berate and blame the person saying it was their fault ... maybe it wasn't their fault after all.
If I had been hacked and I was absolutely sure that I had not been scammed via a phishing attack and had no malware/keyloggers on my machine and had been mocked and berated by all the Blizzard fanboys, I would certainly feel very vindicated after this announcement.
Down rate my post all you want. It's well reasoned and it's just sad that when Blizzard admits to this staggering breach of our trust and having allowed their security to be compromised to such a point that our real names, e-mail addresses, encrypted passwords, mobile authenticator seeds, security questions and answers ... and maybe more things they didn't specifically tell us about ... were taken by hackers ... people still want to downrate anyone who reads between the lines and realizes that this breach could have happened quite a long time ago. Words relating passage of time do not mean the same thing to Blizzard as they do to normal people.
Edited by Drixx#1418 on 8/9/2012 7:28 PM PDT