Diablo® III

Important Security Update

The least you use it the more secure it is. Again Blizzard has always suggest we use a email account that is totally dedicate to our B-Net Accounts only. While you should check it frequently, you should not use it for anything else.


Okay, please use 1o2p3ea2X3 or some other uncanny combination of characters/numbers as your login name for that email and a password that is at least 24 characters long and must contain punctation, caps, numbers and special characters. Oh and you must change it every day

Soon enough you will forget and this becomes the least secure email account because you kept the details so 'secure'

Also part in bold, please stop embarassing yourself by contradiction. More checking = more usage = less secure?
Reply Quote
08/13/2012 11:22 PMPosted by kickthecat
The least you use it the more secure it is. Again Blizzard has always suggest we use a email account that is totally dedicate to our B-Net Accounts only. While you should check it frequently, you should not use it for anything else.


Okay, please use 1o2p3ea2X3 or some other uncanny combination of characters/numbers as your login name for that email and a password that is at least 24 characters long and must contain punctation, caps, numbers and special characters. Oh and you must change it every day

Soon enough you will forget and this becomes the least secure email account because you kept the details so 'secure'

Also part in bold, please stop embarassing yourself by contradiction. More checking = more usage = less secure?


Are you kidding me? You actually use email accounts that use all, or part of your real name; and use that same email account for everything including your B-Net account. How quaint for someone who is trying to lecture me on how I don't understand internet security. Bet you give real answers for your SQ&A as well.

Is your B-net account's email address totally different and unique from any of your others, or is the same basic name? Example: normal email address is JohnDoe@xyz.com, and the B-Net email address is johnDoe@wxy.com. Each of my 8 or 9 email account have totally unique names, and none of them can be use to identify me personally.

I have never, ever received any phishing attempts to the email account I only use for B-Net. I still haven't received one even now, over a week after Blizzard's compromise.

I am not worried about them knowing my SQ&A and Email account name, because I never give the correct answer to any SQ&A. and I don't use the same ones twice every where. I use a totally unique and different password for my email account, then from that of my B-Net, or any of my others for that matter. So I am confident that my email address is secure, and the hackers can not change my nor access my password that way.

When I send someone a RealID invite I temporally change my B-Net email to a throwaway one, until it goes trough, and then change it back. I even did this when sending my adult son a RealID invite.

You need to be careful about the information you post on social network, and Guild/online game related sites. If you post too much it just makes it easier for hackers to steal your identity. If you talk about playing online games then the Phishers/hackers, know you play .online games If you tell the whole world you mother’s maiden name, then the whole world know the answer to one of your possible secret questions. If you post your email address, that is also your B-Net account name, you have given away half your log in information.

It was through Public Information about Sarah Palin on the internet, that allowed a hacker to find her email account and guess her SQ&A. All he had to do to gain control of her email account was use her SQ& A, with her Email provider, forgot password feature.

On my SQ&A I gave a misleading answer to my secret question but still make it something I can remember. Example: They ask what is my mother’s maiden name, I may give my father’s mother’s maiden name; If they ask what was my high school mascot I give the mascot of my high school’s crosstown ravels; etc... Note: those are just examples of my thought process in making SQ&A, and not the actual ones I use.

I have 9 totally unique email address, with each having their own unique passwords and SQ&A: One of them I only use for my B-Net account and nothing else. The only online game phishing email I ever received, was on the account, I use to sign up for Curse. even then my email provider warned it that it most likely was a phishing attempt.

All of that said as a precaution, I have already changed my password and have made a new email account made, to attach to my account at the time we are prompted to change Our SQ&A
Edited by Ewing#1365 on 8/13/2012 11:52 PM PDT
Reply Quote

Are you kidding me? You actually use email accounts that use all, or part of your real name; and use that same email account for everything including your B-Net account. How quaint for someone who is trying to lecture me on how I don't understand internet security. Bet you give real answers for SQ&A as well.


I guess you are quite dumb considering you don't know security is not always dependant on the user him/herself setting very high passwords and very hard to 'guess' email names that one will take ages to remember and possibly forget. Thereby defeating the purpose of supposedly 'secure' passwords and email names

Is your B-net account's email address totally different and unique from any of your others, or is the same basic name? Example: normal email address is JohnDoe@xyz.com, and the B-Net email address is johnDoe@wxy.com. Each of my 8 or 9 email account have totally unique names, and none of them can be use to identify me personally.


Lol 8-9 emails, and you have different 'secure' passwords for all of them? Guess you are must have a photographic memory because your average human can remember about 3-4 such things before he/she will struggle and then proceed to use the same password for all the email accounts

I have 2 email accounts, 1 as a main for registering actual sites (Blizzard, Runescape etc) and another to register on non official sites like forums and other trashy stuff. Work email is limited to work only.

I have never, ever received any phishing attempts to the email account I only use for BNet. I still haven't received one even now, over a week after Blizzard's compromise.


Phishing is very easy to avoid as long as you stop clicking links in emails and use actual links from official sites via typing in the URL


I am not worried about them knowing my SQ&A and Email account name, because I never give the correct answer to any SQ&A. and I don't use the same ones twice every where. I use a totally unique and different password for my email account, then from that of my B-Net, or any of my others for that matter. So I am confident that my email address is secure, and the hackers can not change my nor access may password that way.


Of course, you should not use the same password for everything. SQAs should contain only answers only known to you duh.


You need to be careful about the information you post on social network, and Guild/online game related sites. If you post too much it just makes it easier for hackers to steal your identity. If you talk about playing online games then the Phishers/hackers, know you play .online games If you tell the whole world you mother’s maiden name, then the whole world know the answer to one of your possible secret questions. If you post your email address, that is also your B-Net account name, you have given away half your log in information.


Because Blizzard just did it on a lot of player’s behalf for the BNET half.
And you obviously need a valid email account (throwaway or not) so you get alerts (watch for phishing) to actual changes in your account.

What you post online matters somewhat, but you can take steps to limit the damage while not going overboard in social media


It was through Public Information about Sarah Palin on the internet, that allowed a hacker to find her email account and guess her SQ&A. All he had to do to gain control of her email account was use her SQ& A, with her Email provider, forgot password feature.

On my SQ&A I gave a misleading answer to my secret question but still make it something I can remember. Example: They ask what is my mother’s maiden name, I may give my father’s mother’s maiden name; If they ask what was my high school mascot I give the mascot of my high school’s crosstown ravels; etc... Note: those are just examples of my thought process in making SQ&a, and not the actual ones I use.


Facepalm, that’s the whole point of secret Q&A, only YOU know the answer , however silly or far fetched it is, to the question


I have 8 totally unique email address, with each having their own unique passwords and SQ&A: One of them I only use for my B-Net account and nothing else. The only online game phishing email I ever received, was on the account, I use to sign up for Curse. even then my email provider warned it that it most likely was a phishing attempt.


Perhaps you are super human, but most people aren’t and certainly don’t require 8 email accounts with 8 different passwords. Stop putting forth this idea that will defeat the purpose of online security

You are pretty much the definition of a Blizzard fanboy who can’t think straight,
Reply Quote
what time is this in Asia?
Reply Quote
Posts: 65
I remember a month ago when the die hard fan boys said blizzard could never be hacked into. Too Funny.
Reply Quote
08/14/2012 12:07 AMPosted by kickthecat
I guess you are quite dumb considering you don't know security is not always dependant on the user him/herself setting very high passwords and very hard to 'guess' email names that one will take ages to remember and possibly forget. Thereby defeating the purpose of supposedly 'secure' passwords and email names


Lol 8-9 emails, and you have different 'secure' passwords for all of them? Guess you are must have a photographic memory because your average human can remember about 3-4 such things before he/she will struggle and then proceed to use the same password for all the email accounts

I have 2 email accounts, 1 as a main for registering actual sites (Blizzard, Runescape etc) and another to register on non official sites like forums and other trashy stuff. Work email is limited to work only.


It must be sad to have such a bad memory that you can only remember 2 email address, and even then you need to have your real name in it to do so. Here is a hint that may help you write them down and keep them somewhere safe, if your memory is that bad. That is of course if you are able to remember where you put them. The same applies to your passwords.

On a side note I hope you have changed your Runescape, ect.... emails, since this happened, because those accounts are at risk now as well.

08/14/2012 12:07 AMPosted by kickthecat
Phishing is very easy to avoid as long as you stop clicking links in emails and use actual links from official sites via typing in the URL


Yes it is but isn't it better never to receive them at all? As I said the the only WoW phish I ever received was to the email account I use for curse and other game fan sites. I didn't need to check the header, because, I never had my B-Net account tied to it.

08/14/2012 12:07 AMPosted by kickthecat
Of course, you should not use the same password for everything. SQAs should contain only answers only known to you duh.


While it may not of been you one of the angry posters here was mad, because his SQ&A contained his real personal information. While he had every right right to be angry about Blizzard's compromise; He should be mad at him self as well for his own mistake in the matter.

Perhaps you are super human, but most people aren’t and certainly don’t require 8 email accounts with 8 different passwords. Stop putting forth this idea that will defeat the purpose of online security

You are pretty much the definition of a Blizzard fanboy who can’t think straight,


I learned this stuff the hard way myself after the Sony, Rift fiascoes(both had 2 compromises in one year). Again after going through that learned; It is up to me to keep my accounts, email, passwords, and SQ&As, totally separate from each other. If that meant having to have 9 different email accounts then so be it. It is a lot easier then having to change them all, if one of them gets compermised.

Again after going through all of that with Sony, and Rift; I am not being a fanboy when I say Blizzard's handling of this, is 1,000 times better and a heck of a lot more professional.
Edited by Ewing#1365 on 8/14/2012 9:57 AM PDT
Reply Quote
Anyone whos information was part of the data that was accessed or potentially accessed should be emailed by blizz immediately.
Reply Quote
08/14/2012 08:36 AMPosted by Ewing
I guess you are quite dumb considering you don't know security is not always dependant on the user him/herself setting very high passwords and very hard to 'guess' email names that one will take ages to remember and possibly forget. Thereby defeating the purpose of supposedly 'secure' passwords and email names


Lol 8-9 emails, and you have different 'secure' passwords for all of them? Guess you are must have a photographic memory because your average human can remember about 3-4 such things before he/she will struggle and then proceed to use the same password for all the email accounts

I have 2 email accounts, 1 as a main for registering actual sites (Blizzard, Runescape etc) and another to register on non official sites like forums and other trashy stuff. Work email is limited to work only.


It must be sad to have such a bad memory that you can only remember 2 email address, and even then you need to have your real name in it to do so. Here is a hint that may help you write them down and keep them somewhere safe, if your memory is that bad. That is of course if you are able to remember where you put them. The same applies to your passwords.

On a side note I hope you have changed your Runescape, ect.... emails, since this happened, because those accounts are at risk now as well.

08/14/2012 12:07 AMPosted by kickthecat
Phishing is very easy to avoid as long as you stop clicking links in emails and use actual links from official sites via typing in the URL


Yes it is but isn't it better never to receive them at all? As I said the the only WoW phish I ever received was to the email account I use for curse and other game fan sites. I didn't need to check the header, because, I never had my B-Net account tied to it.

08/14/2012 12:07 AMPosted by kickthecat
Of course, you should not use the same password for everything. SQAs should contain only answers only known to you duh.


While it may not of been you one of the angry posters here was mad, because his hid SQ&A contained his real personal information. While he had every right right to be angry about Blizzard's compromise; He should be mad at him self as well for his own mistake in the matter.

Perhaps you are super human, but most people aren’t and certainly don’t require 8 email accounts with 8 different passwords. Stop putting forth this idea that will defeat the purpose of online security

You are pretty much the definition of a Blizzard fanboy who can’t think straight,


I learned this stuff the hard way myself after the Sony, Rift fiascoes(both had 2 compromises in one year). Again after going through that learned; It is up to me to keep my accounts, email, passwords, and SQ&As, totally separate from each other. If that meant having to have 9 different email accounts then so be it. It is a lot easier then having to change them all, if one of them gets compermised.

Again after going through all of that with Sony, and Rift; I am not being a fanboy when I say Blizzard's handling of this, is 1,000 times better and a heck of a lot more professional.


i do agree with you. security breach happend even on the FBI CIA and NSA servers.... the fact that blizzard told us right away is a very good thing they dont act like sony lol. for those who ask whats compromised it seems its everything except the physical authentificators. and for those who said blizz should email those who got compromised... its everyone in north america i read
Reply Quote
You are pretty much the definition of a Blizzard fanboy who can’t think straight,


Lets see:

Sony and Rift were compermised twice in the same year. So far Blizzard only once.

Both times each Sony and Rift lost my passwords, that they had stored in plain text. While it may or may not be the best encryption, at least Blizzard did have them encrypted. As long as the encryption, holds up long enough for us to change them, that is all that should matter.

Both Sony and Rift did not compartmentalize Player's account information; and lost my personal(real name, address) and Credit Card information. Blizzard compartmentalize our information, and did not lose our personal(real name, address) and Credit Card information.

The first time for Sony; they tried to cover it up, and took over 30 days for them announce they were compromise, and they announced it then only because Anonymous forced them to. The first time for Rift; they denied they had a problem and took no steps to fix it, until a "Whitehat" posted in their forms, how it could be done.

On the other hand: It only took Blizzard 4 days to notify us, and only took them that long because, they had to fix the leak, determine What, and how much data was compromised, and in order to notify Law Enforcement first.

Am I disappointed in Blizzard that this happened? Yes: But after going through all of that with Sony and Rift, I have learned excrement happens, and takes it stride. In comparing my experiences between the three, am I more impressed with Blizzard's handling of this? Your darn right I am.

So if that makes me a Blizzard fanboy so be it.

Edit: I only posted about my personal experience with Sony and Rift. It should be noted that Steam, Square-Enix, Bioware, Cryptic all had their data bases compermised as well within the last year. Since I do not have accounts with them, I do not know what or how much, player information was lost by them. Nor do I know how well they handled their situations.
Edited by Ewing#1365 on 8/14/2012 9:39 AM PDT
Reply Quote
On the other hand: It only took Blizzard 4 days to notify us


I feel that simply making an announcement about a security breach on a message board, hearing about the breach from other news sources, or even hearing it from word of mouth is inadequate for informing the consumer.

One of the reasons for having an email used for login purposes is for marketing. How many of yous received email promotions for Panda? Would it really be that hard for Blizzard to send out mass emails to notifiy the customers that there was a security breach and to have the consumers manually go to battle.net to change their passwords???

Or how about for some of us that have SMS Protect enabled on our accounts to receive a message about the compromise via a SMS message?

The first thing I myself did when I found out about the breach was to change my bnet password, terminate the bnet link to my PayPal account, and change my PayPal account password.

I myself have been burned once through Steam. I still use Steam, I just do not store my cc anymore on their service.
Edited by Madmat#1333 on 8/14/2012 10:12 AM PDT
Reply Quote
08/14/2012 10:11 AMPosted by Madmat
On the other hand: It only took Blizzard 4 days to notify us


I feel that simply making an announcement about a security breach on a message board, hearing about the breach from other news sources, or even hearing it from word of mouth is inadequate for informing the consumer.

One of the reasons for having an email used for login purposes is for marketing. How many of yous received email promotions for Panda? Would it really be that hard for Blizzard to send out mass emails to notifiy the customers that there was a security breach and to have the consumers manually go to battle.net to change their passwords???

Or how about for some of us that have SMS Protect enabled on our accounts to receive a message about the compromise via a SMS message?

The first thing I myself did when I found out about the breach was to change my bnet password, terminate the bnet link to my PayPal account, and change my PayPal account password.

I myself have been burned once through Steam. I still use Steam, I just do not store my cc anymore on their service.


While in some aspects it might of been better if they had sent us all an email, however they were not required to since no personal or financial information(as defined by law) was lost.

Here is some food for thought on the matter:

The average Player is not able to tell the difference between phishing and real emails. A lot of players who get a lot of spam might of thrown it away thinking it was just another phishing attempt.

Some players are already getting Phishing email about this(whether or not through conventional spamming means, or from the compermised email list). By not sending out individual email at this point, it makes it easier for player know those are are in fact phishing attempts.

Also a lot of real emails from Blizzard end up in players junk filters. I have seen players on the forums mad that there was some kind of action on their account, without notice from Blizzard only to find it in their junk folder.

Another problem is players dismissing the notice as another Blizzard promotion, and trashed it without reading. When Rift sent me an email about their 2nd compromise, I had stopped playing 6 months before. At first I thought it was another promotion to get me back to the game.

If hacker have already gained control of some of the email, ether through this compromise, or their more conventional sources, they could deleted or forward the email from Blizzard with you never seeing it.

Lastly as I said they are required by law to notify us individually, if our personal and financial Information( as defined that law) was compermised. Blizzard had stated that there is "No evidence" of that information being compermised. Our not getting such of an email is a bit of confirmation, that it wasn't gotten.

While those may or may not be Blizzard's reasoning for not sending everyone an email is anyone's guess. I am just trying to figure out Blizzard thinking on this, without the "Evil corporation" mind set. Are they good reasons, maybe, maybe not. At this late date it really doesn't matter. Anyone who doesn't know about it by now is living under a rock.
Edited by Ewing#1365 on 8/14/2012 11:22 AM PDT
Reply Quote
08/14/2012 10:11 AMPosted by Madmat
On the other hand: It only took Blizzard 4 days to notify us


I feel that simply making an announcement about a security breach on a message board, hearing about the breach from other news sources, or even hearing it from word of mouth is inadequate for informing the consumer.

One of the reasons for having an email used for login purposes is for marketing. How many of yous received email promotions for Panda? Would it really be that hard for Blizzard to send out mass emails to notifiy the customers that there was a security breach and to have the consumers manually go to battle.net to change their passwords???

Or how about for some of us that have SMS Protect enabled on our accounts to receive a message about the compromise via a SMS message?

The first thing I myself did when I found out about the breach was to change my bnet password, terminate the bnet link to my PayPal account, and change my PayPal account password.

I myself have been burned once through Steam. I still use Steam, I just do not store my cc anymore on their service.


THIS IS MY POINT! It has never been to sit here and argue whether ppl should have or have not tied their personal info to their accounts. We all make decisions that make us eventually go, "Hmmm maybe I should have done that differently." after something tragic happens. But the whole point I have been trying to make is that Blizzard has still yet to notify their majority of it's customers.

They can send out junk advertisements about upcoming games or promotional deals but they cannot send out a simple e-mail that says, "Hey dumba$$, you know this e-mail address and the personal info you gave us? It was stolen so get over to the Battlenet website and either delete your account or change the information to something that is completely different and not tied to your social security number."

How hard would that be and why have they not done it yet if they care so much about their customer base? And saying it is because someone might not see it or the hackers might use it for nefarious reasons is a bit lame. I get phishing e-mails all of the time from FB and even my bank that says someone tried to hack my account so click this link and change your information. Every time I go straight to the website (not through the e-mail) and check it just to make sure. Which pretty much everyone else I know that is familiar with a computer these days knows to do the same thing. Even my 86 year old Grandmother who an avid FB user knows not to click on links in e-mails. It is/was a lame excuse they used after the fact when they were called out by every news outlet for not informing their customer base directly.

Also another thing to say that if the customer does not know about it by now must be living under a rock? A lot of us old timers are pretty sick with the way the internet has taken it's turn to the "Social Age" and we go for weeks sometimes *gasps* months without getting on the internet for more than the occasional make sure the world has not burned down around us check. But I always skim my e-mail (including the junk mail folder) to see if I have anything important.

They should have and still should directly themselves notify all of their customers.
Edited by Eglyntine#1813 on 8/14/2012 2:05 PM PDT
Reply Quote
Posts: 63
I'm the same as Ewing here but I have 10 email addresses with completely differently usernames and passwords and I remember them all
Reply Quote
Release the 911 tapes, the least you can do is give us a good laugh.
Reply Quote
Blizzard did not say when this breach occurred. Since this is a company for whom the word SOON™ can mean months, it's not unreasonable to think that the word "recently" can also mean a longer amount of time than one might generally mean when using the word.


Federal law on reporting security breaches would dictate otherwise, as someone who used to work for a Credit card company.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]