Really, Blizzard? Seriously. Again.
Time to make sure security's upto date.
Seems to be US servers only from the details but seriously you would think blizz would have it's shit together by now...
Can't buy Ferraris if you sink money into security and other irrelevances.
So how secure this SRP thing really is? Is it realistically possible to brute force passwords if one has list of them?
What can you tell us about the scrambled passwords that were accessed?
Cryptographically scrambled versions of passwords for North American players were accessed, protected by Secure Remote Password (SRP) protocol. This information alone doesn't give unauthorized users the actual passwords -- each password would need to be deciphered individually. The added layer of protection from SRP makes that process computationally very difficult and expensive.
First time for blizzard during time I have played wow, like three years. Dont know about earlier. Hmm I am EU, but wonder if beta account passwords were stored in US servers.
Last edited by sahtila; August 10 2012 at 01:04:10 AM.
People are all like "seriously battle.net gets hacked again" but I this is the first time I remember blizzard actually making a statement that data has been compromised.
But eh, by the time the passwords have been decyphered everyone with half a brain will have changed their password anyway. And no creditcard info or w/e was stolen so I wouldn't lose any sleep over this
I don't even give a fuck, if they want to reactivate my Wow account for free than good for them. Last time that happened I got a free month of playtime and 40 stacks of saronite bars in the middle of WOTLK.
ok lol. will just change pw and switch from keychain auth to phone auth.
Appearently someone has stolen my D3 TRIAL account now aswell. I wonder what the heck they need that for?
Almost as weird as when someone appearently hacked my dusty old WoW account some 3 years after I had quit playing.
A friend told me she'd seen me online but I didn't respond to chat.
An account that hadn't been paid for or uppdated with a propper batle.net account or anything. Someone saw fit to hack THAT and appearently sink money into it to... iduno... sell off my dragonstalker armour or something?
What do the hackers do sith these accounts anyway? Have some asian guy powerlevel characters to 80 and ebay them?
Marder II, IS, PzKpfw III, AMX 40, PzKpfw III/IV, IS-3
It's mostly 12 year old with their mom's credit card who buy WoW characters.
In practice, if the attacker has server's verifiers, he can do standard dictionary/brute force attacks against passwords. So better change yours, especially if it's a weak one.
Last edited by omeg; August 10 2012 at 12:07:57 PM.
Vulnerant omnes, ultima necat.
Now I am completely out of password formats that I have any hope of remembering so today is also the day I start storing my passwords on a bit of paper in my top drawer. Fuck I hate passwords.
this may assist you
No. A Rhinoceros is not a fat Unicorn.