(US) Blizzard hacked

Discussion in 'General Discussion' started by Tent, Aug 9, 2012.

  1. Offline

    Tent Community Member

    And another giant fell victim to hacking.

    Announcement can be found here : http://us.blizzard.com/en-us/securityupdate.html
    More info can be found here: http://eu.battle.net/support/en/article/important-security-update-faq

    Affected data:
    While most of this is US based, EU emails were leaked so you might get (more) spam/phishing mails.
  2. Offline

    Menru Veteran BOON

    I rly dont understand how a high value company can be hacked by some ppl...
  3. Offline

    Gurtholfin Veteran BOON

    Not sure if you work in the area, but there would be literally hundreds of hackers trying to get into their systems. There are in turn hundreds of routes that people can take to hacking OS, database, application servers, application code etc. In the end, Blizzard is made up of humans and humans make mistakes.

    You would be amazed at how many sites you can still get into by using something like Username: smithj Password: test' or 1=1
    And that's the most basic of simple hacks (SQL injection)

  4. Offline

    Fizzee Veteran BOON

    Or the old "admin/password" combo when nubs forget to change the default on wifi routers.

    The thing is, no matter how good the security is, there are always ways to beat it, it just takes a bit of luck, a bit of time and a fucktonne of brilliance.

    I don't blame the person for hacking Blizzard, it's a human curiosity, but I do blame and have no respect for not letting actiblizzard know the exploit and stealing data.
    White hats I respect
    Black/grey hats can go suck a bag of dicks
  5. Offline

    Menru Veteran BOON

    Yea, you r right. I rly dont know about this kind of stuff maybe thats why im so surprised. But it does make you feel a little uncomfortable to be honest.
  6. Offline

    Katiechops Guild Master

    noone has ever cracked my login = Katiechops, PW = Password yet \o/..... oh wait...
  7. Offline

    Tent Community Member

    They should tighten up their IDS/Firewalls/Databases.
    I was quite shocked by the amount of info they managed to get.

    In a reasonably contained hack they usually get stuff like a list of emails from mailing lists.
    But security questions, passwords, emails and authenticator information (Possibly other stuff they don't have to report)?
    They did pretty well getting that (.. or Blizzard failed pretty hard on the security).

    Ah well, we can only guess.
  8. Offline

    Gurtholfin Veteran BOON

    It suggests that they actually got inside the database, possibly as a sys admin user. Once in there, they could pretty much get everything that they mentioned, including the encrypted passwords. If it was a backdoor into an administrative interface this wouldn't make sense, since there would be no reason to expose an encrypted password through such an interface, as it would be equally as useless to a Blizzard admin. Looks like sys database access to me.... but yeah, we can only guess.

Share This Page