Account Security Alert: Gawker Media

(Locked)

Community Manager
As some of you know, several Gawker Media websites, including Gawker, Gizmodo, Kotaku, Lifehacker, Jezebel, io9, Jalopnik, and Deadspin, were recently compromised. To help minimize the effects of this compromise -- namely for players who might be using the same login information for their Gawker Media accounts and their Battle.net accounts -- we issued password-reset emails for several accounts.

If you've received an email from Blizzard Entertainment requesting a password reset as a result of the Gawker Media compromise, clicking on the Account Management link included in the email's body will allow you to choose a new password. You can also log in to Battle.net Account Management directly by visiting https://us.battle.net/account/management to reset your password on your own. If you're unable to confirm that the email is legitimate* or prefer not to follow email hyperlinks, this may be best option for you.


If you used your Battle.net email address to sign up with any of the Gawker Media sites listed above (for example, to post comments), we also recommend that you update your Battle.net email address as soon as possible via Account Management. If you are unable to complete this step or the password reset and believe your account might be compromised, please contact our customer support staff by using the Account Recovery Form ( https://us.battle.net/account/support/account-recovery.html ) and be sure to check out our Account Security Awareness guide ( http://us.battle.net/en/security/ ) for additional security tips and suggestions.


For more information about this situation, please visit Gawker Media's official announcement ( http://gawker.com/5713056/gawker-security-breach-were-here-to-help ) or Lifehacker’s comprehensive FAQ ( http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media ).


* To verify that an email has been sent by Blizzard Entertainment, please check the email's header information and hyperlink destinations: http://us.blizzard.com/support/article/25133
Edited by Lylirra on 12/14/2010 9:37 PM PST
- World of Warcraft
100 Troll Priest
14605
Thanks for the info. I did change my account already because of this!
85 Gnome Mage
7055
Never heard of any of this.
85 Blood Elf Priest
3670
Isn't it possibly a bad idea to ask people to click links in emails like that?

Wouldn't it be better to ask them to type battle.net in the address bar, etc etc?

Most of the fake emails disguise the link so it looks like it goes somewhere proper until you mouseover it, and some of the urls are pretty creative.
---------
List of CC and Interrupts
http://us.battle.net/wow/en/forum/topic/1406726958
Community Manager
Posted by Whynot
Isn't it possibly a bad idea to ask people to click links in emails like that?

Wouldn't it be better to ask them to type battle.net in the address bar, etc etc?


If you're able to confirm that the email is sent by Blizzard Entertainment, clicking on the included link is perfectly fine. We understand that many players prefer to remain cautious of hyperlinks in general due to the prevalence of phishing scams, though, which is why we also noted that you can log in to Battle.net Account Management to reset your password on your own. :)
66 Worgen Druid
530
Got hacked this morning.. go on lockdown people
100 Troll Hunter
11270
Posted by Whynot
Isn't it possibly a bad idea to ask people to click links in emails like that?


Security 101, actually. Never, ever, ever, ever click on a link in an e-mail. It doesn't matter if "you're sure it's from someone you know and trust". Just go to the website by typing it in.

Tsk tsk Lylirra.


Security 101, actually. Never, ever, ever, ever click on a link in an e-mail. It doesn't matter if "you're sure it's from someone you know and trust". Just go to the website by typing it in.


Tsk tsk Lylirra.




Perfectly acceptable to click on a link if the headers check out. :P
Edited by Mikolai on 12/14/2010 7:07 PM PST
85 Human Mage
2335
<Posted by Whynot Isn't it possibly a bad idea to ask people to click links in emails like that?


Security 101, actually. Never, ever, ever, ever click on a link in an e-mail. It doesn't matter if "you're sure it's from someone you know and trust". Just go to the website by typing it in.




Indeed. There's prolly some hackwad out there now sending out official looking emails from "Blizzard" with a nice tidy link that gets you royally screwed.
Edited by Amneris on 12/14/2010 7:13 PM PST
85 Blood Elf Priest
1670
Cant believe blizzard is telling people to click links in emails ROFL the scammers make emails that with addresses that are legit but once clicked take you to a dodgy site.

BTW FIX PRIESTS HEALZ!!!
12/14/2010 6:25 PMPosted by Lylirra
namely for players who might be using the same login information for their Gawker Media accounts and their Battle.net accounts -- we recently issued password-reset emails for several accounts.


How would you happen to know this info?
85 Blood Elf Death Knight
0
I received this email too, but beware that some of the warning emails are also fake, they requested you to change your password but the links to do so took you to copycat sites, so NEVER follow the links in any emails
Edited by Apathic on 12/14/2010 7:25 PM PST
100 Undead Priest
8490
Do we need to reset our passwords if we're not worried about this?


My password for WoW is a completely unique password, not used anywhere else on the internet for any THING else.


How would you happen to know this info?



Gawker probably gave them the list.
Edited by Solder on 12/14/2010 7:19 PM PST
85 Night Elf Hunter
4220
yeah you should edit that and just say go to battle.net . People are dumb... have to make things easier for them.
85 Blood Elf Priest
3670
See, my concern--and I know how to check headers. Believe me, I fervently did each time I got a CATACYSM BETA KEY email--is that most players don't. The prevalence of warcraft phising emails, paypal phishing emails, and facebook phishing emails proves this.

I never did get that key... =(.

And of course, there's some neat tricks you can do. If a wrod cotnains all the rihgt letters and ends and begins corrcetly, people have a difficult time seeing that.

Not to rnention the fail that is capital i and lowercase L being pretty identical.

(Betcha didn't notice 'mention' doesn't start with an m.)
---------
List of CC and Interrupts
http://us.battle.net/wow/en/forum/topic/1406726958
64 Dwarf Paladin
970
12/14/2010 7:19 PMPosted by Nazgulrider
yeah you should edit that and just say go to battle.net . People are dumb... have to make things easier for them.


No joke. I think Blizzard puts a little too much faith in people sometimes.
85 Draenei Death Knight
3945
Posted by Lylirra
If you've received an email from Blizzard Entertainment requesting a password reset as a result of the Gawker Media compromise, please click on the link included in the email's body to choose a new password. You can also log in to Battle.net Account Management to reset your password on your own ( https://us.battle.net/account/management ).


Naughty, naughty Blizzard. Very few of your users know how to read email headers (or would bother, since it's faster to type www.battle.net), and I would have no trouble at all simulating everything but. If I was the type, I bet I could have 10,000 accounts hacked by tomorrow morning because of this short-sighted post. Links in emails are ALWAYS a bad idea, and I am disappointed that Blizzard would post this up. Did Lylirra's account get hacked, perhaps?
85 Draenei Death Knight
3945
12/14/2010 7:07 PMPosted by Mikolai
Perfectly acceptable to click on a link if the headers check out. :P


And you also read the source code for the link, sure. But it's faster to type http://www.battle.net than to dig down to the headers (the actual raw headers, not the "From" box which can be faked).

Think of email in terms of normal mail. I copy some letterhead, say your local government taxation office, and send an official looking letter that says if you don't pay $X into account no <blah> by <insert date here> you're going to jail. The letter looks completely legit. But lets say that you are FORCED to put your real return address on the envelope (because in email you effectively are). If you have the envelope, you know it's a fake. If you had the letter without the envelope, you can't tell. Email is the same. The headers are the envelope. If you read them, you can see the truth. If you only look at the letter it could be identical to the real thing in every way except the actual link, and HTML mail lets you obscure the link too. A simple man-in-the-middle attack (which means that the server you log in on really does authenticate to the Blizzard server and changes your real password, it just slurps up the new one along the way) and you're hacked. It's EXTREMELY easy to do. Hang on, I'll sit down and do one now, it'll take me about 20 seconds .... (joking about the doing, not about how long it takes).
68 Night Elf Hunter
1000
Well, I'm glad to finally hear that the emails were sent from Blizzard. I was worrying about this all day.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]