Diablo® III

Important Security Update

08/14/2012 06:41 PMPosted by spiderisland


Federal law on reporting security breaches would dictate otherwise, as someone who used to work for a Credit card company.


a corporation not following the law to a T??? UNHEARD OF


Oh the "Evil Corporation" argument. If Blizzard was so "Evil" they wouldn't have said a thing in the first place. Because by contacting law enforcement, and by making the announcement, they put themselves right into the cross-hairs, of the FTC and other regulatory agencies.
Reply Quote
08/09/2012 05:50 PMPosted by Indi
Lets not email our customers and hide this issue on the forums... at least Sony owned it. Blizzard is trying to brush it under the rug. Bravo


you do realize this info is on the game launcher? trolls, they never learn.
Reply Quote
85 Troll Druid
1255
Posts: 571
I have found out that 3 of my RealID friends had not known about the hack. This clearly shows that the "important security update" link isn't visible enough to get attention of some people. It is kind of like flushing the toilet and not remembering going through the motions of doing it. So automatic to just click "play" on the launcher without paying attention to all the links there, because not everyone thinks that something as critical as "Blizzard got hacked" would be linked there.

Also, people trust Blizzard's security more or less, so they wouldn't automatically connect "important security update" with "Blizzard got hacked". If I didn't know anything, I would interpret that as "they came up with a new authenticator app version?" or something.
Reply Quote
08/14/2012 10:01 PMPosted by boozzer
Lets not email our customers and hide this issue on the forums... at least Sony owned it. Blizzard is trying to brush it under the rug. Bravo


you do realize this info is on the game launcher? trolls, they never learn.

You do realize that not everyone plays the game anymore but still could be concerned about their account safety?
Reply Quote
08/15/2012 12:53 AMPosted by Nafty


you do realize this info is on the game launcher? trolls, they never learn.

You do realize that not everyone plays the game anymore but still could be concerned about their account safety?


I have not played D3 since mid-June and most everyone I know out of my "social gaming circle" (which is roughly around 200+ ppl) have not played D3 since around the same time. We also stopped playing WoW years ago and SC2 was a one campaign deal which took up a week, maybe a few played a month at most. To assume everyone who created a BattleNet account is still logging in and reading the login screen is again wrong. They know the true numbers of who out of their customer base is still playing their games or not. Whether those players who still actively play their games want to believe it or not, the way Blizzard has handled this situation was not ethical.

When Sony had their breach I had not played any of their games in literally years but I still have my account there just in case they come out with something I might be interested in later on. I have had my Sony account since they bought out Everquest and you know what? I still was notified when they had their security breach.

The only notification I have received that remotely looks like a notification from Blizzard was a phishing e-mail I got two days ago warning me of trying to sell my account publicly and if I do not click on their link and give them all of my personal information they are going to delete my account. An e-mail obviously not from Blizzard but it was the first e-mail I have received with Blizzard's name on it since this whole deal started. That is pathetic.
Reply Quote
Posts: 74
But an authenticator. you cant get hacked. its that simple. never been hacked ever. the key chain one. not the mobile app crap.
Reply Quote
85 Blood Elf Paladin
2555
Posts: 11
I keep getting emails supposedly from Bliz saying :

Greetings!

It has come to our attention that you are trying to sell your personal Diablo III account(s).
As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled.
It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.
(link here)
Login to your account, In accordance following template to verify your account.

* First and Surname
* Secret Question and Answer
Show * Please enter the correct information

If you ignore this mail your account can and will be closed permanently.

Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment
http://www.blizzard.com/support/
Diablo III , Blizzard Entertainment 2012
Reply Quote
I keep getting emails supposedly from Bliz saying :

Greetings!

It has come to our attention that you are trying to sell your personal Diablo III account(s).
As you may not be aware of, this conflicts with the EULA and Terms of Agreement.
If this proves to be true, your account can and will be disabled.
It will be ongoing for further investigation by Blizzard Entertainment's employees.
If you wish to not get your account suspended you should immediately verify your account ownership.
(link here)
Login to your account, In accordance following template to verify your account.

* First and Surname
* Secret Question and Answer
Show * Please enter the correct information

If you ignore this mail your account can and will be closed permanently.

Once we verify your account, we will reply to your e-mail informing you that we have dropped the investigation.

Regards,

Account Administration Team
Blizzard Entertainment
http://www.blizzard.com/support/
Diablo III , Blizzard Entertainment 2012


That is a phishing email, if you followed the link in it You need to do some security sweeps of your computer. I strongly recommend that you download and run a deep run a scan, with Malwarebytes, with D3 or WoW open and at the login screen. Enter gibberish in the email address and password boxes, but DO NOT hit the "log in" button. Instead, run your malware scans (deep/full system scans) with that screen open in window mode. Some of the more recent malware are good at hiding until the log in screen is open.

If you followed the link and filled out any of the "template to verify your account," Run do not walk and change both your password and email account attached to your B-Net. But don't do so until after you competed your security sweeps, or from another computer that you know is clean.

08/15/2012 03:43 AMPosted by Eglyntine
I have had my Sony account since they bought out Everquest and you know what? I still was notified when they had their security breach.


Which they only did over 30 days after they discovered it, and then only after only Anonymous forced them to. Oh by Law they had to contact you individually since the hackers got everyone's credit card information.

08/15/2012 03:43 AMPosted by Eglyntine
The only notification I have received that remotely looks like a notification from Blizzard was a phishing e-mail I got two days ago warning me of trying to sell my account publicly and if I do not click on their link and give them all of my personal information they are going to delete my account. An e-mail obviously not from Blizzard but it was the first e-mail I have received with Blizzard's name on it since this whole deal started. That is pathetic.


Are you trying to imply that the Phisher's got your email address from the Blizzard compromise? I didn't think those hackers needed to send you a phish, since Blizzard's password encryption is so easy to crack, and since they have your SQ&A.
Edited by Ewing#1365 on 8/15/2012 6:54 AM PDT
Reply Quote
85 Troll Druid
1255
Posts: 571
Are you trying to imply that the Phisher's got your email address from the Blizzard compromise? I didn't think those hackers needed to send you a phish, since Blizzard's password encryption is so easy to crack, and since they have your SQ&A.


OF COURSE THEY GOT THE EMAILS FROM THE BREACH: ALL 10 MILLION OF THEM. And they are probably working very hard at both sending phishing emails AND decrypting the passwords; a multi-faceted approach to stealing people's information.


I also received a phishing email the same day I noticed that security update link on D3 homepage. My SQ&A has nothing to do with my password, as my password doesn't have any meaning (string of numbers, letters, and special characters). It would take too long for hackers to brute force the password. Decrypting all passwords could also take long, and many have already changed their passwords. The easy way to get the password is to send out phishing emails to everyone and wait for gullible people to click on the link.
Reply Quote
Are you trying to imply that the Phisher's got your email address from the Blizzard compromise? I didn't think those hackers needed to send you a phish, since Blizzard's password encryption is so easy to crack, and since they have your SQ&A.


OF COURSE THEY GOT THE EMAILS FROM THE BREACH: ALL 10 MILLION OF THEM. And they are probably working very hard at both sending phishing emails AND decrypting the passwords; a multi-faceted approach to stealing people's information.


Then why haven't I gotten a Phish yet? Maybe I am just lucky and they have not gotten to me yet. However I have friends and family who have never played WoW, D3 or any other online game, and for years they have received WoW, D3 related phishing attempts. Tell me how did the Blizzard leak give their information, to the phishers/hackers?

How did phishers get email address for all of the years before the compromise? They get them the same way as "normal" spammers get any email account names.

From the Blog you linked:

Hackers with additional resources would have little trouble cracking a significant percentage of Blizzard passwords in a week or two.


Blizzard notified us and advised us to change our passwords within 4 days of discovering the compromise. The encryption doesn't have to be perfect, it just needs to hold up long enough for us to change them.

Again: Yes Blizzard did screw up. But they are not responsible, for all of your personal internet security weakness/mistakes. You can learn from what happened and tighten up, your own internet/computing security. Or you can keep blaming Blizzard for everything.
Edited by Ewing#1365 on 8/15/2012 11:25 AM PDT
Reply Quote


Are you trying to imply that the Phisher's got your email address from the Blizzard compromise? I didn't think those hackers needed to send you a phish, since Blizzard's password encryption is so easy to crack, and since they have your SQ&A.


No, I was saying that it is the only e-mail that has come in my mailbox that has had the words Blizzard in it. Meaning, nothing from Blizzard directly saying we had a security breach. I was not implying that I was hacked by it or any such thing. It was pretty obvious a phishing e-mail. Maybe I should have put *sarcasm* at the end of that line in the original post.
Reply Quote
Phishing emails already starting to roll on in.

I'm really not happy about this, I've been getting WOW phish emails since I created my battle.net account for starcraft. I don't even have a wow sub!

Now they started sending me Diablo 3 ones too!

Isn't there a law against allowing emails to be leaked?
Reply Quote


Are you trying to imply that the Phisher's got your email address from the Blizzard compromise? I didn't think those hackers needed to send you a phish, since Blizzard's password encryption is so easy to crack, and since they have your SQ&A.


Oh and I already stated that when I was originally hacked they did get my e-mail and password from the Blizzard compromise. Since I changed everything on the backend I am sure now they are trying to phish additional info. Why are you being so obtuse about this whole situation? I am glad that you are so superior that you have never been hacked in your life and until the weekend of the 4th I was able to say the EXACT same thing. It was a mistake on my end to not think of the scenario of some internal employee actually taking the information from Blizzard but you know what I will not make that mistake again.
Reply Quote
08/15/2012 11:37 AMPosted by spiderisland
Yes Blizzard did screw up. But they are not responsible


Legally they are.


They are not responsible:

For you using the same email address, with your real name on it; to sign up every website, free give away offer, on the net.

For Phishers fireing off mass emails to totally random addresses in hope of getting a bite from a WoW/D3 player.

For Hackers will player's compromised email accounts(unrelated to Blizzard's compermise), to send out phishing email to everyone on that player's contact list. they do this in the belief(rightly so) that these player's friends, may play online games as we.

For you posting your personal information on social networks.

For you picking up keyloggers or other malware.

While it is possible that the source of your phishing email. However it is just as likely, if not more so, that your Phishers got your email from their "Conventional" sources. To blindly blame Blizzard for it all is more then foolish.

Again: Blizzard messed up, but you should clean up your own act as well.
Reply Quote


Are you trying to imply that the Phisher's got your email address from the Blizzard compromise? I didn't think those hackers needed to send you a phish, since Blizzard's password encryption is so easy to crack, and since they have your SQ&A.


Oh and I already stated that when I was originally hacked they did get my e-mail and password from the Blizzard compromise. Since I changed everything on the backend I am sure now they are trying to phish additional info. Why are you being so obtuse about this whole situation? I am glad that you are so superior that you have never been hacked in your life and until the weekend of the 4th I was able to say the EXACT same thing. It was a mistake on my end to not think of the scenario of some internal employee actually taking the information from Blizzard but you know what I will not make that mistake again.


Your assuming your compromise is a result of Blizzard's compromise, is just as foolish. You have no way of knowing for sure. Again for you own sake entertain the possibility it was from something on your end.

Since your hack have You run security sweep of your computer? Even if you have I strongly recommend that you download and run a deep run a scan, with Malwarebytes, with D3 or WoW open and at the login screen. Enter gibberish in the email address and password boxes, but DO NOT hit the "log in" button. Instead, run your malware scans (deep/full system scans) with that screen open in window mode. Some of the more recent malware are good at hiding until the log in screen is open.

If you haven't run full deep scans with the login screen open, they you haven't done every thing to make sure your computer is secure.

It is not being a fanboy to try to encourage people to improve their own personal security as well.
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]