Blizzard internal network hacked, some BNet account details compromised

[CeeKay]

just a heads up:

Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here.

probably no biggie, but better safe than sorry.

[Clanwolfer]

Well, that would explain why my Gmail account got logged into from Mexico City the other night.

PASSWORD REUSE IS BAD, kids. And don't trust encryption.

[Blackjack]

Also, "1234" and "password" are not good passwords.   I kid, but I've had co-workers who used passwords like that.

My columnist co-worker had her Gmail account hacked, and some clown was sending out solicitations for money (claiming that she was "sick", on travel, had lost her credit cards and wallet, and needed money). She got dozens of responses from colleagues offering to help her. We had to run a note in the next issue explaining things.

I still don't understand how it's 2012 and we're still not using something more sophisticated for password protection than a bunch of letters, numbers, symbols and punctuation. I don't pretend to have the answers because maybe everything -- including finger prints, finger print heat signatures, retina scans, voice "signatures" etc. -- can be hacked one way or another, but one would like to think there's a way.

I use an app that will randomly generate messy (in a good way) passwords. Although I want to believe it makes me more secure, when seemingly no company is capable of safeguarding the actual data, it just makes me wonder.

[gellar]

PASSWORD REUSE IS BAD, kids.

Yes.

And don't trust encryption.

No.  Don't trust some encryption.  But many forms of encryption today are considered 'unhackable.'

I still don't understand how it's 2012 and we're still not using something more sophisticated for password protection than a bunch of letters, numbers, symbols and punctuation. I don't pretend to have the answers because maybe everything -- including finger prints, finger print heat signatures, retina scans, voice "signatures" etc. -- can be hacked one way or another, but one would like to think there's a way.

There is.  Just about any account worth a damn (gmail, battle.net, your bank accounts) uses some form of Two Factor Authentication technology in addition to some sort of fraud detection.  The issue is that a very small population of users of Gmail use 2FA. Blizzard is actually one of the few companies that pushed their 2FA tokens very hard over the past few years.

[Harpua3]

PASSWORD REUSE IS BAD, kids.

Yes.

And don't trust encryption.

No.  Don't trust some encryption.  But many forms of encryption today are considered 'unhackable.'

I still don't understand how it's 2012 and we're still not using something more sophisticated for password protection than a bunch of letters, numbers, symbols and punctuation. I don't pretend to have the answers because maybe everything -- including finger prints, finger print heat signatures, retina scans, voice "signatures" etc. -- can be hacked one way or another, but one would like to think there's a way.

There is.  Just about any account worth a damn (gmail, battle.net, your bank accounts) uses some form of Two Factor Authentication technology in addition to some sort of fraud detection.  The issue is that a very small population of users of Gmail use 2FA. Blizzard is actually one of the few companies that pushed their 2FA tokens very hard over the past few years.

I use mobile authenticator, easy and hopefully effective.