And another giant fell victim to hacking. Announcement can be found here : http://us.blizzard.com/en-us/securityupdate.html More info can be found here: http://eu.battle.net/support/en/article/important-security-update-faq Affected data: While most of this is US based, EU emails were leaked so you might get (more) spam/phishing mails.
Not sure if you work in the area, but there would be literally hundreds of hackers trying to get into their systems. There are in turn hundreds of routes that people can take to hacking OS, database, application servers, application code etc. In the end, Blizzard is made up of humans and humans make mistakes. You would be amazed at how many sites you can still get into by using something like Username: smithj Password: test' or 1=1 And that's the most basic of simple hacks (SQL injection) Gurth
Or the old "admin/password" combo when nubs forget to change the default on wifi routers. The thing is, no matter how good the security is, there are always ways to beat it, it just takes a bit of luck, a bit of time and a fucktonne of brilliance. I don't blame the person for hacking Blizzard, it's a human curiosity, but I do blame and have no respect for not letting actiblizzard know the exploit and stealing data. White hats I respect Black/grey hats can go suck a bag of dicks
Yea, you r right. I rly dont know about this kind of stuff maybe thats why im so surprised. But it does make you feel a little uncomfortable to be honest.
They should tighten up their IDS/Firewalls/Databases. I was quite shocked by the amount of info they managed to get. In a reasonably contained hack they usually get stuff like a list of emails from mailing lists. But security questions, passwords, emails and authenticator information (Possibly other stuff they don't have to report)? They did pretty well getting that (.. or Blizzard failed pretty hard on the security). Ah well, we can only guess.
It suggests that they actually got inside the database, possibly as a sys admin user. Once in there, they could pretty much get everything that they mentioned, including the encrypted passwords. If it was a backdoor into an administrative interface this wouldn't make sense, since there would be no reason to expose an encrypted password through such an interface, as it would be equally as useless to a Blizzard admin. Looks like sys database access to me.... but yeah, we can only guess.
