Get the Desktop App for Battle.net Now
- All your games in 1 place
- Log in once
- Automatic game updates
The real name in the email address is the usual suggestion made by the email providers. And since when do you have to be a security expert to play games now? Oh, right, since they introduced the !@#$ty "always online" crap. So yes, I think it IS Blizzards fault and no the players were not sloppy.
Edited by Kashrlyyk#2904 on 8/13/2012 9:35 AM PDT
Hasty? Its been happening since release
I do not know of any email providers that suggests you use your real name as your email address, at least not within the last 10 or 15 years. My ISP did give me a temporary email using my real last name as the master account, until I could set it the way I wanted. However they advised me not to use it for anything, other then communicating with them. In fact they advised to change it's name ASAP.
Yes Blizzard had a compromise and they are responsible for what little information that was lost. However they have a compartmentalized system, with only Billing and Accounting services having access to our personal and financial information. Apparently those precautions worked, as the hackers were not able to access, that part of their system.
But they can't be held responsible for your own foolishness, of giving away your real name, by using an email address within it. every time you use that email address on the internet you are giving it away. Signup for another game, such as Steam, Sony, Square-Enix, Bioware, Cryptic, and Trion Worlds (Rift); guess what you have given it away because they all were hacked as well within the last year. Signed up for for any fan or guild, web sites, guess what you have really given it away, because their hosting site, are notorious for lax security. The Former host for my guild's web site was hacked 5 times withing the same year.
Excrement happens and this time it happened to Blizzard, and unlike Sony they didn't try to cover it up. They took responsibility and let us know ASAP, so We can take steps to secure our accounts, before too much damage was done. But you need to take responsibly doing something as foolish as using an email address that contained your real name.
Edited by Ewing#1365 on 8/13/2012 12:00 PM PDT
QUOTED FROM Runar
Quote by Eglyntine: Well considering that they logged into my e-mail account and sent out over 2000 spam mails, tried to hack into my Facebook account with the e-mail but the password is different (thank God) AND two of my bank accounts which was the same password only a few letters reversed I think it is safe to say that the passwords were unencrypted and are actively being used.
Reponse to Runar:
First off I am a "She" for posterity purposes in the furture. Secondly, I did not say that Blizzard did not encrypt their passwords. I said that they are saying the passwords were encrypted and that they are assuming that the ppl that stole them cannot or did not unencrypt them.
What I am saying is that this obviously false as they used my password to log into my account. Which means they have unencrypted the password file. That password I used has never in 20 years been guessed or hacked into. That is the solid truth. I have had many of my hacker and IT friends/co-workers run various programs to hack that password to make sure that it is solid. Whether you choose to believe that or not is on you because I know the precautions that I have taken. I am your paranoid internet user since I have been on here for 20+ years and have worked in IT security and in pretty much every field within IT for the last 20 years.
This was NOT a coincidence that just happened to occur the same time Blizzard was stolen from. This password as I stated in an earlier post was my most secure password and since I knew that Blizzard was a target for hackers I used it here to add to the security of my account. My account was not hacked into because of a weak password. It was stolen from Blizzard's databases, unencrypted and then used. That is a lot different than someone using a hacking program to guess someone's password.
And yes it was the same password I use on my e-mail because again, it is my most secure password and god forbid I want to use the same password so that I do not have to add another freaking password to the 100's I already have to remember. Yes I made the mistake of not considering the scenario that an internal employee of Blizzard would steal the information and I can guarantee that I will not make this mistake again. Again though, the point is that this has happened and Blizzard is taking a passe attitude about the situation and they still have yet to notify all of their customers directly as to what has happened. And they are also not being forthright in explaining all of the details and seriousness of what has happened. They are continuing to blame the customers for this problem.
I realize that nothing is unhackable. If someone is determined enough they can get into anything. But again I take that into consideration when I am on the computer/internet. I am a low profile type person so as to not draw attention to those that like to grief the hell out of someone bragging about how their stuff is unhackable. In this case I am drawing attention to it because ppl need to know the extent that their stuff on BattleNet has been compromised. Blizzard is down playing this situation and it is dangerous.
Again, I never said they are holding a txt file some where that is not semi-secure. I am saying that the encrypted files that were stolen have been unencrypted and are being used.
As for your example of the forums being blasted with tons of posts of ppl saying they were hacked. I am betting that most that have been hacked do not realize it was because of Blizzard because Blizzard has still not sent out a notification that their customer's information was stolen. I found out through a FB article that was posted on a completely different site than Blizzard's. It was a news article in the Washington Post. Although I suspected Blizzard when it first happened, I called them and after being treated like complete crap by the CS Rep I was reassured that nothing was compromised on their end. Then several days later I found the article on the Washington Post.
Most of the ppl that quit playing D3 months ago like I did have not been back to the forums and they stop reading most articles about it. But I bet you real money that there are a lot of ppl out there that have been hacked and they have no idea where or how their information was compromised. All they can do is what I did and do damage control the best way they can, trying to figure out how and what caused the issue through osmosis.
I am not the only one this has happened to and to assume that everyone is a moron and does not know what they are doing with securing their accounts is asinine. Once again, the victims here are being treated like we are the ones at fault and that we have no clue as to what we are doing when comes to securing our information. I am not blaming Blizzard for being stolen from, it happens. I am blaming them for how they are handling it and how they are treating the customers. It is like telling a #!*! victim it was their fault for being #!*!d because the party they attended got hijacked by a group of #*#%%*s and the hosts are trying to down play the bad publicity by saying the victims should have know better than to draw attention to themselves by dressing up nice for the party.
Edited by Eglyntine#1813 on 8/13/2012 3:19 PM PDT
Personal data is your real name, date of birth, address, phone number, Credit card number ect... With the exception of the phone numbers of the Dial up Authenticators users(which only works on WoW accounts) none of that was lost.
Again While Blizzard has accepted responsibility for the lose of our B-Net Cryptographically scrambled versions of the passwords, SQ&A, and our email account names. Blizzard has always suggest that we use a totally different and unique passwords, and email accounts from any of our others. So if you didn't follow that advice and used the same password, and email everywhere, or worse an email address with your real name; you do share partial responsibility for any problems that may come of it.
If you are driving down the street at 80 mph, and another car makes a lift hand turn in front of you, and you run into them, you both will be at fault. Him for making an unsafe lift turn, and you for going 80 mph. When the Insurance companies start to hammer out who responsible for what; they most likely decide that the other driver is 90% responsible and you 10%. Note I had this happen to me in real life(I was the driver making the turn)
"Blizzard is incorrect in claiming that SRP 'is designed to make it extremely difficult to extract the actual password' after the verifier database is stolen," Jeremy Spilman, the founder of a company called TapLink, wrote in a blog post titled "SRP Won’t Protect Blizzard’s Stolen Passwords," which was published on Friday. "That they would make this statement is at best misleading and inaccurate, and dangerous if users believe their passwords are still actually safe."
"Hackers with additional resources would have little trouble cracking a significant percentage of Blizzard passwords in a week or two."
While Blizzard suggest that we change our passwords as a precaution, the hackers were not able to get our passwords themselves. What they got was Cryptographically scrambled versions of the passwords, that are protected by Secure Remote Password (SRP) protocol. However it would be foolish to assume that Blizzard would have given full and complete details on how exactly, or how well the passwords are Cryptographically scrambled. why give the hackers hints on how to crack them.
While given enough time, effort and computing power it is entirely possible for the hackers to obtain our actual passwords. But they would have to decipher them individually. The main thing is, Blizzard most likely made the cracking of the passwords difficult to the point it would be impractical, for them to do so.
Hackers want to get in and get out as fast as they, and with as little effort as possible. It just will take too much time and effort on their part, when there are so many accounts that they can obtain through conventional means. So is extremely unlikely that any individual accounts were compromised because of this. But you should still change your password as Blizzard suggested.
If you get robbed on the way to another party of theirs 3 months before, They can't be blamed for that. Or if in their invitation they advised you to leave your fine jewels, at home and wear paste copies instead; but you decide to wear the real one, you share some of the blame if they are taken in the robbery.
I laugh at fanboys, at first they were
They require our personal info so we can do digital downloads and such legally from the page since they allow us to digitally download older game clients ;)
Hell, if I had the ability to do this I would have just to spite Blizzard's smug "customer service". I have never dealt with a company whose public face seems to so thoroughly hate the customers that it supposedly serves.
Blizzard is the true fallen angel, they have went from an incredible gaming company that was creative and "one of us" into an irresponsible company that has sacrificed the quality of their product in the name of the RMAH and can't protect its customers' critical information. I've gotten years of enjoyment out of their products, but I'm afraid that time is coming to an end.
"Well look, I already told you! I deal with the g*dd@mn customers so the (software) engineers don't have to! I have people skills! I am good at dealing with people! Can't you understand that? What the hell is wrong with you people?" -- Blizzard employee of the month...
You do realise many email addresses have some form of real name or initials so people can ID that emails being sent from the address are legit and not some spam or trash email account. Also make its easier to remember, as you would easily forget a username "firstemail" but not "jsmith".
I can agree to using different emails for different purposes, but you do know that if your account gets hacked the only way to retrieve it is through your registered email
Which should be your most secure one and something you use quite often.
You know I am pretty much done with this conversation because it is pretty obvious that you all are going to defend Blizzard to the end and unless this happened to you then you have no idea what you are talking about. I did not get hacked on any other forum or site besides this one. I had that password in three places, my e-mail, my bank account and Blizzard. My computer was hack free, my banking institute was hacker free that weekend, and my e-mail server (which I run myself) was not hacked into. They used that e-mail and that password. Choose to believe it was a complete coincidence all you want, blame the customers right along with Blizzard, I know it is fun for some of you and makes you feel all superior. It is the whole "Until it happens to you then you refuse to believe the story". But the truth of the matter is that it was a breach on their end and ppl were hit with the backlash. In the future I will be sure not use their services so I will definitely make sure this does not happen again. Blizzard has shown that they could really care less what happens to their customer's information as long as they have ppl like the fanboys defending them and feeding them with cash. Blizzard can do no wrong. Congratulations and Bravo!
I do however feel sorry for those that know what I am talking about and those that still have not been told what happened. Every major reporting agency out there feels the same way we do about how Blizzard has handled this situation so it does give me some consolation that not everyone has been implanted with the Blizzard Happy Chip.
I am not defending Blizzard, about the compromise itself, yes they let us all down. However I had accounts with both Sony and Rift and the both got hacked twice last year(you would think they would have learned the 1st time). Nether one made any attempt to encrypt our passwords they were kept in plain text. They both lost my personal and credit card info. Sony actually tried to hide the compromise from us for over 30 days.
At least Blizzard was able to keep our Credit card info secure, and they did not store our Passwords in plain texts like those other companies did. Perhaps their encryption is not the best in the world, but then again it could be the best. We may never know because they certainly not going to help the hackers crack it, by giving out to much info. However as long as it holds up until, we can change our passwords, that is all that matters.
After my experience with both Sony and Rift; Heck yeah! I am impressed with Blizzard handling of this.
However no matter how badly Blizzard Screwed up, it still does not excused the bad security habits some of you seen so proud of. Really using the same password on your B-Net account, email account, and on your Bank Account! Heck forget you used it on your B-Net account, using the same password on your both email and bank account, by itself is beyond foolish.
You can be as mad at Blizzard all that you want. But please, for your own sake, learn from it, and tighten up your online security practices.
The least you use it the more secure it is. Again Blizzard has always suggest we use a email account that is totally dedicate to our B-Net Accounts only. While you should check it frequently, you should not use it for anything else.
Edited by Ewing#1365 on 8/13/2012 10:24 PM PDT
Threats of violence. We take these seriously and will alert the proper authorities.
Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.
Harassing or discriminatory language. This will not be tolerated.