×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Blizzard Says Battle.Net Has Been Hacked

samzenpus posted about a year and a half ago | from the all-your-password-are-belong-to-us dept.

Security 340

An anonymous reader writes "Blizzard announced today that its Battle.net service was compromised. The company is urging users to change their login information immediately. Blizzard is stressing that payment information was not compromised. 'The unauthorized access included email addresses associated with Battle.net accounts in all regions, outside of China. Additional information from accounts associated with the North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) was also accessed, including cryptographically scrambled versions of passwords (not actual passwords), the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators. It's important to note that at this time, Blizzard does not believe this information alone is enough to gain access to Battle.net accounts.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

340 comments

Thanks! (5, Funny)

Anonymous Coward | about a year and a half ago | (#40939819)

Thanks for your always-online requirement for Diablo 3! So very useful if I want to play alone.

Re:Thanks! (2, Informative)

Sir_Sri (199544) | about a year and a half ago | (#40940253)

Diablo 3 is a multiplayer game with a where you can choose to not directly interact with other players, but without the auction house the whole itemization would need to be completely different.

That was one of the things they realized with D2, the reason it stuck around was the multiplayer, they just got the idea that the whole thing should be multiplayer. starcraft has less of an excuse because there's no meta economy in starcraft.

Re:Thanks! (5, Insightful)

ganjadude (952775) | about a year and a half ago | (#40940303)

really??? thats your argument? From my point of view as a D player since D1, STILL play d2, and gave up on d3, i am sick of the people who claim that "d3 is a multiplayer game" maybe by marketing, but not by gameplay. it is NO DIFFERENT than d2, in gameplay that it should require me to check in with them if i want to play by myself. and on top of that, they wouldnt even work with me on a refund, when I had issues 3 weeks after launch because I pre ordered it, and therefore it was more than 30 days out of date, eventhough i only had the game for aweek less than 30 days.

Re:Thanks! (5, Informative)

Sir_Sri (199544) | about a year and a half ago | (#40940467)

It's not an argument. It is. The game is a multiplayer game. Just because that's a stupid idea doesn't mean it isn't the one they went with.

I'm sorry that your point of view is just wrong. But it is. The whole game was balanced around you being able to buy and sell from the auction house. That was a deliberate choice on blizzards part, and without the AH the game becomes prohibitively hard because you just can't get the right itemized gear and you need an astronomical amount of farming to get through the content. Again, I'm not saying that's a *good* design, but that is the design. If anything the game suffers because you almost never loot anything you actually want, I think I looted one inferno difficulty item I actually used, all of the rest I had to buy.

They certainly could have designed the itemization differently or had a full on single player mode with different itemization. But they didn't.

The 'core activity' of diablo is 'click'. I'll grant you that activity is mostly unchanged form previous versions. But most games are more than just one core activity.

they wouldnt even work with me on a refund, when I had issues 3 weeks after launch because I pre ordered it, and therefore it was more than 30 days out of date, eventhough i only had the game for aweek less than 30 days.

yes well, that's a whole other topic. But once they have your money they don't want to give it back.

Re:Thanks! (5, Interesting)

ganjadude (952775) | about a year and a half ago | (#40940623)

I understand your argument, I really do. however I dont understand any good reason to disable to single player mode from d2 (which the char was not able to play on battlenet, and therefore not able to access the "real money" market activision set up (in convinced this is an activision move, and not something blizzard would have done prior to being bought up) I simply disagree with the way the game was handled. Hell I pre ordered, pre downloaded, and still couldnt play for 2 days after it was "released" all because of server issues. If that the the route all games are going to go.. i guess I am not a gamer any longer. Thats just me, but I will not deal with that, Ill keep playing super mario world and D2 and be happy.

Re:Thanks! (1)

Rewind (138843) | about a year and a half ago | (#40940747)

I understand your argument, I really do. however I dont understand any good reason to disable to single player mode from d2 (which the char was not able to play on battlenet, and therefore not able to access the "real money" market activision set up (in convinced this is an activision move, and not something blizzard would have done prior to being bought up) I simply disagree with the way the game was handled. Hell I pre ordered, pre downloaded, and still couldnt play for 2 days after it was "released" all because of server issues. If that the the route all games are going to go.. i guess I am not a gamer any longer. Thats just me, but I will not deal with that, Ill keep playing super mario world and D2 and be happy.

I am not the other guy, but maybe I can clarify: It is an online game. That is a fact. You may not like that, you may not have played previous Diablo games online ever, but Diablo III is sever side. It is an online game. That is not an argument, it is a statement of fact.

You are free to not like that and not buy the game and mention how much you dislike the fact, but it is still fact, not an argument. I agreed with their decision here, but I hope they (like me) look at it in retrospec and say "yeah that didn't really work out as well as we had hoped". I mean I only ever really played D1 and D2 online and I was very happy about very realistic changes to drastically reduce cheating and hacking. I was also excited about the (much less realistic) idea that maybe gold & item spam would be reduced by the RMAH. That said, in the end it wasn't worth it and it didn't improve either enough to justify doing it again. Overall I got enough hours out of D3 that I can't really hate on it too hard, but it just wasn't that good of a game. An ok game if you will, and I agree that I hope they drop online in the future.

Basically, I agree with 99% of what you are saying, but its not just 'add on offline and lan'. The game was server side, that was the way they wanted to go.

Re:Thanks! (0)

Anonymous Coward | about a year and a half ago | (#40940461)

as opposed to a single player game where you can choose to play with other players???? facepalm...

Re:Thanks! (0)

Anonymous Coward | about a year and a half ago | (#40940599)

as opposed to a single player game where you can choose to play with other players????

There are quite a few of those.

Re:Thanks! (1)

h0dg3s (1225512) | about a year and a half ago | (#40940491)

That was one of the things they realized with D2, the reason it stuck around was the multiplayer, they just got the idea that the whole thing should be multiplayer. starcraft has less of an excuse because there's no meta economy in starcraft.

And then they gimped the multiplayer to 4 player instead of 8 and made the game entirely too linear. I stopped playing after 2-3 weeks. I doubt they care though, they already suckered me out of my money.

Re:Thanks! (1)

PPalmgren (1009823) | about a year and a half ago | (#40940705)

While true, it points to the major problem. The entire reason single player must be played "online" is because its a real money auction house. This single design decision drove all of the "features" that everyone detests. Their greed is the problem here.

Re:Thanks! (1)

Sir_Sri (199544) | about a year and a half ago | (#40940879)

No, not just the real money auction house. The regular one too. The RM AH is so blizzard can get a cut of the real money changing hands.

Re:Thanks! (0)

Anonymous Coward | about a year and a half ago | (#40940893)

They could have just as easily made single player accounts ineligible for the auction house, like the open/closed characters in Diablo 2. It seems more like they chose to go this route to enforce DRM and inconvenience players.

Re:Thanks! (0)

Anonymous Coward | about a year and a half ago | (#40940511)

including cryptographically scrambled

At least they did use the word "cryptographically".

Otherwise, "scrambled" in reference to "encrypted" is one of those key words that reveals a pattern of thought. The pattern is "our audience is far too stupid to either know what encryption is or to take 10 seconds to Google it".

It's like the way the news (radio, TV, and newspapers) is deliberately written to target a sixth-grade reading level. I mean, heaven forbid if any ignorant person realized that they are ignorant and learned something new! That would be so terrible!

It's a real departure from the early days of the USA, when the news was intended for a college-level audience. This had the effect of elevating the level of discussion. A more in-depth, nuanced understanding of the issues of the day was the result. Those who voted and otherwise participated in public life were more informed. Anyone who was willing to learn new things and educate themselves could join them. Those who couldn't be bothered were filtered out. Coincidentally, they enjoyed more freedom than we now know.

Re:Thanks! (1)

antifoidulus (807088) | about a year and a half ago | (#40940649)

Otherwise, "scrambled" in reference to "encrypted"

Ironically you go on this rant about how "uneducated" the American public is while fucking up the basic details of what you claim to know so much about. The term "cryptographically scrambled" is much more accurate than saying "encrypted", because guess what, the passwords ARENT encrypted, they are hashed. "Scrambled" and "Hashed" in reference to passwords are sort of similar, though scrambled in reference to words usually implies some sort of random re-ordering of the letters, for example
password
becomes
wasspdor

In essence, if you are going to criticize the way someone tries to inform the public about a technical issue, please don't substitute "dumbed-down" for "wrong", because "dumbed-down" is always better than "wrong"

Re:Thanks! (0)

Anonymous Coward | about a year and a half ago | (#40940819)

Man some people are just far too easy to troll. Thank you for playing!

Yah (5, Insightful)

the_Bionic_lemming (446569) | about a year and a half ago | (#40939825)

Can I please have my single player offline games back?

Re:Yah (0)

Anonymous Coward | about a year and a half ago | (#40940185)

No.

Next question.

Re:Yah (5, Insightful)

Teckla (630646) | about a year and a half ago | (#40940273)

Can I please have my single player offline games back?

Speaking just for myself, I'm skipping both StarCraft 2 and Diablo 3, because of the onerous DRM and always-online requirements Blizzard now uses.

I wonder if the DRM and always-online requirements are preventing enough piracy that results in sales, to overcome the loss of buyers like me.

Re:Yah (4, Insightful)

DoofusOfDeath (636671) | about a year and a half ago | (#40940297)

My guess is that what they're losing in sales to people like you (and me), they're more than recouping in the buy-things-for-real-world-money shenanigans they've instituted.

Sucks, but I guess that's how the cookie crumbles.

Re:Yah (1)

Teckla (630646) | about a year and a half ago | (#40940407)

Ah well, I'm still glad people like us are doing what we can, and voting with our wallets.

(Piracy is not an option in my house.)

Re:Yah (1)

the_Bionic_lemming (446569) | about a year and a half ago | (#40940505)

I said no to star craft two and diablo 3 as well.

totally sucks as I really put a ton of hours in the previous versions.

I'm a bit nostalgic to play Warcraft 1, anyone know if that'll load and play on XP?

Re:Yah (1)

Rewind (138843) | about a year and a half ago | (#40940853)

Best not to bother with trying to run it on XP. It, like most anything with a DOS version, tends to run under DOSbox better/easier than any other way.

Prepare to get super annoyed with the control scheme though. I really feel RTS controls were all rubbish until StarCraft 1, but stuff like Dune RTS and WC1... I honestly don't know how I played it. Then again I guess I didn't try to play it like I do now with RTS games were I like to try and pretend like I have great micro/macro.

Re:Yah (1)

DoofusOfDeath (636671) | about a year and a half ago | (#40940909)

Ah well, I'm still glad people like us are doing what we can, and voting with our wallets.

(Piracy is not an option in my house.)

Honestly, I don't expect voting with my wallet to have any real impact. However, Torchlight 2 should provide roughly the kind of fund I'd been hoping for from D3. So even if Activision doesn't care that I go for T2 vs. D3, at least I can still have my fun.

Re:Yah (1)

VortexCortex (1117377) | about a year and a half ago | (#40940609)

My guess is that what they're losing in sales to people like you (and me), they're more than recouping in the buy-things-for-real-world-money shenanigans they've instituted.

-- Or --
They blame the lost sales on piracy and use the figures to justify even more draconian nonsense.

Re:Yah (0)

Anonymous Coward | about a year and a half ago | (#40940725)

Considering there is probably a very whiny total of 10 of you, yeah they probably won that round.

Re:Yah (1)

Rewind (138843) | about a year and a half ago | (#40940793)

Can I please have my single player offline games back?

Speaking just for myself, I'm skipping both StarCraft 2 and Diablo 3, because of the onerous DRM and always-online requirements Blizzard now uses.

I wonder if the DRM and always-online requirements are preventing enough piracy that results in sales, to overcome the loss of buyers like me.

You didn't miss anything with Diablo 3 really. It was ok, but nothing great. A step back for Blizzard if you ask me. With StarCraft 2 it was your own loss if you liked multiplayer. Also it had an offline mode that thanks to internet issues I got to make several uses of.

Re:Yah (0)

Anonymous Coward | about a year and a half ago | (#40940849)

They recently announced that Diablo 3 has sold over 10 million copies since launch (3.5 months).

Diablo 2 sold about 4 million copies in the first 18 months.

I'd guess that Blizzard are pretty happy with sales. It may end up selling as much as 5-10 times more than Diablo 2, despite the DRM hate, always online hate and criticism that the end-game and itemization need further work.

Re:Yah (0)

Anonymous Coward | about a year and a half ago | (#40940903)

I am staying away from all blizzard games until they change their TOS. I want to actually have some rights to level I make in Starcraft 2, and some control over my data on b.net. As it is blizzard practically owns your computer the second you click "I accept".

I actually wondering why no one else has commented on this, and comments of this nature seem to disappear. I have to wonder if blizzard has some bot or virus that is intercepting these comments and is getting rid of them somehow.

This is not news (-1, Flamebait)

Billly Gates (198444) | about a year and a half ago | (#40939843)

Funny how everyone single wow player I know had their account hacked. Even from those who ran it from a mac or used wine to run it on linux. All had keyloggers my ass! It is an inside job and it is well known in wow circles as I do not know anyone who has a level 85 character without a keyring.

Re:This is not news (2)

DRAGONWEEZEL (125809) | about a year and a half ago | (#40939923)

meet me.

I have a maxed out Mage on Rexar that hasn't yet been hacked, BUT I do agree w/ you. Everyone 'else' I know has had their accounts just trashed.

Naked Gnomes everywhere...

Re:This is not news (1)

SomeJoel (1061138) | about a year and a half ago | (#40939941)

When my account got hacked, it was the final straw that led me to quit WoW. All signs pointed to it being an inside job. I had a dedicated (hard) password for the site, I had not visited any questionable websites, and I hadn't installed any addons in months.

Whoever hacked it had a seriously weird sense of priorities too. They had sold the starting gear off my level 1 bank alt types and mailed off the money (at a loss!) but hadn't bothered to strip my midrange characters. They used my level 85 main character with bot-aided speedruns through Karazhan. Ironically, when I regained control of my character, I had a ton of gold from their most recent run. I donated it all to my guild and quit the next day. Since I was an officer, they'd looted that too - but since it was a casual guild the gold they got me easily replaced any items in there we'd cared about.

Re:This is not news (3, Interesting)

Sir_Sri (199544) | about a year and a half ago | (#40940365)

That's actually pretty common when people do get hacked. If you have gold they immediately mail it off and sell it, and then try and bot farm whatever the best gold/hour is. That might be tradeskilling, that might be cash runs through bosses, sort of depended.

My lingering suspicions is that WoW was vulnerable to a session spoof attack at some point, or the usual exploit of a flash vulnerability to get your password, but their systems became overall pretty robust with authenticators added in.

In your case I'd guess a flash vulnerability, possibly a 0 day one, those are much less of a problem today than they were 2 or 3 years ago when browsers weren't well sandboxed etc. etc. But those sorts of things always got a few people.

Re:This is not news (5, Interesting)

Anonymous Coward | about a year and a half ago | (#40939995)

My account keeps being hacked*, despite the fact I don't login, have no real interest in playing the games, change it to random passwords even I don't remember, run linux day to day, and have it associated to a gmail account which hasn't had any suspicious activity. I've tried to reason with them, but they refuse to listen. I've come to the conlusion that Blizzard are incompetant in this area.

* I've never seen any proof of my account being hacked besides their e-mails telling me and locking my account. I managed to get them unlocked the first few times, my characters still has all items and gold I remember. Now they want me to fax a passport or some 'real identification'. I honestly don't want the games that bad, I'm just annoyed they're taking them off me.

Re:This is not news (1)

spire3661 (1038968) | about a year and a half ago | (#40940231)

Same WoW password since 2004, never been hacked once. I might not even change it after this because , frankly, i dont care.

Re:This is not news (2)

Sir_Sri (199544) | about a year and a half ago | (#40940291)

Of the 56 unique players in my guild when we quit, only 2 had ever been hacked. We've certainly had people who were hacked off and on over time, (and most of them left the guild) but once they brought in authenticators it was pretty rare for people to get hacked. Even before that, you usually had to do something stupid to get your account hacked.

The most common culprits for it were from re-using passwords (especially on WoW fansites, because duh...) and people buying gold. Then there was the usual keyloggers and so on.

Re:This is not news (1)

Sir_Sri (199544) | about a year and a half ago | (#40940493)

As I mentioned below, because i'd forgotten about them, when I typed this flash exploits as well (which of course had keyloggers of various sorts). Strategy videos and all that.

Re:This is not news (1)

Macgrrl (762836) | about a year and a half ago | (#40940337)

I got hacked back in Vanilla when I was running on a Windows machine. It was a result of a key logger I picked up from the Curse addons site after they were compromised. Since moving back to a Mac for my primary WoW machine I haven't been compromised since. I also avoid using Curse as my primary source of Mods, preferring WoW Interface.

Cryptographically Scrambled Passwords (4, Interesting)

PhrostyMcByte (589271) | about a year and a half ago | (#40939861)

I'm going to go out on a glass-half-empty limb here and say that means encrypted, not salted and hashed. "Cryptographically Scrambled" is too obviously ambiguous. I hope I'm wrong!

Re:Cryptographically Scrambled Passwords (4, Funny)

GerardAtJob (1245980) | about a year and a half ago | (#40939883)

It smell like XOR... ;)

Re:Cryptographically Scrambled Passwords (3, Informative)

VortexCortex (1117377) | about a year and a half ago | (#40940645)

Which is still very secure if they used a one time pad with the XOR.

The only thing stronger than XORing with a one time pad, is XORing the input with itself.

Re:Cryptographically Scrambled Passwords (0)

Anonymous Coward | about a year and a half ago | (#40939903)

Even if they are salted and hashed, accounts of high value can still be brute forced.

Re:Cryptographically Scrambled Passwords (1)

ericloewe (2129490) | about a year and a half ago | (#40939985)

Yeah, but the salted hashes aren't of much value then...

Re:Cryptographically Scrambled Passwords (1)

JesseMcDonald (536341) | about a year and a half ago | (#40940557)

On the contrary, it is much easier to brute-force the password matching a known salt and hash on your own workstation, cluster, or botnet than it would be to brute-force it through repeated logins to a remote server, particularly if basic security precautions are implemented, such as rate-limiting login attempts and locking the account after several failures.

Salted and (repeatedly, as with bcrypt) hashed passwords are much better than merely hashed passwords, which are in turn somewhat better than plain-text passwords, but you really don't want any of the three out in the open. Actually reversing the hash is unlikely, but if a user with a valuable enough account picks an insecure password, not even salting will prevent it from being brute-forced from the password side.

If you really need all your accounts to be secure in the face of server data leaks, you're looking for public-key cryptography and challenge-response authentication. Server-side password checking against a hash isn't sufficient. However, if you must use passwords, at least generate them randomly on the server rather than letting users pick their own. Humans are really bad at randomness and pick passwords subject to trivial dictionary attacks far too often.

Re:Cryptographically Scrambled Passwords (1)

ericloewe (2129490) | about a year and a half ago | (#40940769)

I'd agree with you, if there were a real very high value to the accounts, which is doubtful. The computing power needed to brute force the salted, hashed passwords is probably more expensive than the reward is valuable. It's not worth the hassle.

Re:Cryptographically Scrambled Passwords (4, Informative)

safetyinnumbers (1770570) | about a year and a half ago | (#40940039)

The 'additional info' link in the announcement says they use SRP, which I'd not heard of but seems to be a hash-based system. http://srp.stanford.edu/ [stanford.edu]

the server carries a verifier for each user, which allows it to authenticate the client but which, if compromised, would not allow the attacker to impersonate the client

Re:Cryptographically Scrambled Passwords (1)

Mashiki (184564) | about a year and a half ago | (#40940157)

SRP is augmented by PAKE, I've heard people call it the latter before which is wrong. Some info here [wikipedia.org] for those that have never heard of it. But it's not new, but it's very useful.

Re:Cryptographically Scrambled Passwords (0)

Anonymous Coward | about a year and a half ago | (#40940069)

I'm going to go out on a glass-half-empty limb here and say that means encrypted, not salted and hashed. "Cryptographically Scrambled" is too obviously ambiguous. I hope I'm wrong!

From Blizzard's FAQ on the breach [battle.net]

What can you tell us about the scrambled passwords that were accessed?
Cryptographically scrambled versions of passwords for North American players were accessed, protected by Secure Remote Password (SRP) protocol. This information alone doesn't give unauthorized users the actual passwords -- each password would need to be deciphered individually. The added layer of protection from SRP makes that process computationally very difficult and expensive.

Re:Cryptographically Scrambled Passwords (0)

Anonymous Coward | about a year and a half ago | (#40940571)

Given that this is the same company that thinks case sensitivity isn't important in passwords, I'm not too hopeful either.

Seriously, give it a shot. Try logging in with your capslock on.

Using scrambling rather than cryptography (3, Informative)

tlambert (566799) | about a year and a half ago | (#40940703)

Using scrambling rather than cryptography gets around cryptographic export and import restrictions. This is why it was possible to decypt a lot of Windows and Microsoft Word scrambled content, and why Windows NT password recovery tools existed.

Unless you want to lock yourself out of most Asian countries where videogaming comes close to a religion, and is therefore worth gobs of money, you will not build something which violates their import restrictions. See also:

http://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography#Status_by_country [wikipedia.org]

Nuclear (0)

Anonymous Coward | about a year and a half ago | (#40939879)

So the hashed passwords were or we're not salted?

Well now. (5, Funny)

Frosty Piss (770223) | about a year and a half ago | (#40939897)

Since I''m over 25 and work for a living, this does not effect me.

Re:Well now. (1)

Razed By TV (730353) | about a year and a half ago | (#40940057)

Since I'm over 25 and work for a living,
and since I got into Diablo and Starcraft when I was under 25,
this does effect me.

Re:Well now. (4, Funny)

Svippy (876087) | about a year and a half ago | (#40940127)

Since I am 25 and do nothing for a living, your incorrect spelling of 'affect' affects me.

Re:Well now. (0)

Anonymous Coward | about a year and a half ago | (#40940287)

Since I am 25 and do nothing for a living, your incorrect spelling of 'affect' affects me.

he spelled it correctly, he just wasn't smart enough to know the difference between a noun and a verb

Re:Well now. (0)

Anonymous Coward | about a year and a half ago | (#40940477)

Since I am 25 and do nothing for a living, your incorrect spelling of 'affect' affects me.

he spelled it correctly, he just wasn't smart enough to know the difference between a noun and a verb

"Effect" can be a verb, too, but it doesn't make sense in the way the OP used it.

Re:Well now. (1)

Anonymous Coward | about a year and a half ago | (#40940159)

Because the only people that play games are young and don't work? As if playing games for entertainment is somehow immature, as opposed to camping out on a couch and watching ESPN?

Nonsense.

Re:Well now. (3, Informative)

Sir_Sri (199544) | about a year and a half ago | (#40940213)

Since I''m over 25 and work for a living

making you the target market for games, and modern MMO's. Especially so if you're male. Because you know, the people who actually work at blizzard want to play their own game, and they're mostly over 25 and have jobs. So if you're one of the 40 million or so people who ever created a battle.net account for starcraft or diablo or WoW then yes, this effects you. Because what was your security question, have you ever reused it, and was it publicly available information?

Re:Well now. (2)

Mashiki (184564) | about a year and a half ago | (#40940335)

Since I''m over 25 and work for a living, this does not effect me.

Well this will surprise you then. The prime market for MMO's and gaming in general is...

Male, 25-41, working, with an average yearly income of $38,000

So, looks like I'm cancelling that e-mail address. (1, Insightful)

DRAGONWEEZEL (125809) | about a year and a half ago | (#40939899)

and removing my CC (oh, wait, I already did that).

This is going to be bigger than the Sony breach

Re:So, looks like I'm cancelling that e-mail addre (0)

Anonymous Coward | about a year and a half ago | (#40940851)

Only if Blizz takes down Battle.net for a month....

honestly (1)

ganjadude (952775) | about a year and a half ago | (#40939907)

If they got my passwords now, I dont care. After the hassles i have had with D3 from day 1 I dont even care anymore,

Re:honestly (1)

failedlogic (627314) | about a year and a half ago | (#40940095)

I bought D3 about 1 week after launch. Was very disappointed. Asked for a refund - four times. Blizzard refunded me.

Re:honestly (1)

ganjadude (952775) | about a year and a half ago | (#40940241)

I pre ordered the game. I know I dont have 24/7 access so my results may be different than others however. I have been able to play no more than 35% of the times I have attempted to.. I have had to redownload the.... almost 8 gig file 8 different times because it does not seem to understand the "forced update" every other day they push. I simply want to play by myself, which I cannot do without "checking in with mommy" and that is when it lets me connect. I assume (hope) I am in the minority here, but either way, I asked for a refund about 3 weeks after the game was released... however because I pre-ordered, I was unable to get a refund because i "bought the game more than 30 days aggo" even though it was unplayable until 20 days ago in my case. I was one of the biggest supporters of the blizz, and I had a feeling things would go bad with activision buying the place out (which I got a feeling from the 10 or so techs I talked to trying to fix my problem is the feeling in the office..off the record of course..) but I dont think I can buy another blizz game after the way I feel i have been screwed here. Time to find a new dungeon crawler.

Re:honestly (1)

lgw (121541) | about a year and a half ago | (#40940481)

I pre ordered the game.

Why would anyone do that in this day and age? A game is something you download, so paying for it more than a day or so before it comes out seems pointless. Waiting until there are some reviews seems better still.

Having D3 at the launch did you little good - the servers were so overloaded that playtime was quite limited the first week.

Re:honestly (0)

Anonymous Coward | about a year and a half ago | (#40940611)

I assume (hope) I am in the minority here, but either way, I asked for a refund about 3 weeks after the game was released... however because I pre-ordered, I was unable to get a refund because i "bought the game more than 30 days aggo" even though it was unplayable until 20 days ago in my case.

The solution to that is to call up your credit card company and issue a chargeback.

It probably won't even go as far as arbitration. If it does go to arbitration, these tend to be in the customer's (your) favor.

Chargebacks cause hassle for the merchant. In this case it will be well earned. But for fuck's sake, don't just lie down and take it. It sends entirely the wrong message.

Re:honestly (2)

exomondo (1725132) | about a year and a half ago | (#40940447)

If they got my passwords now, I dont care. After the hassles i have had with D3 from day 1 I dont even care anymore,

Yeah i gave up on it too, the having to wait to play because the servers were full, the lag, the crashes...there's no reason it couldn't have just been an offline game like its predecessors. Very disappointed with it.

Anyone have real information? (2, Informative)

Kenja (541830) | about a year and a half ago | (#40939915)

Nothing on battle.net, blizzard.com or any other location but marketwatch. Link in the article goes to a non-existant page on blizzard.com. Not saying shenanigans just yet, but some real information would be nice.

Re:Anyone have real information? (0)

Anonymous Coward | about a year and a half ago | (#40939981)

http://eu.blizzard.com/en-gb/securityupdate.html

i hate blizzard (-1)

Anonymous Coward | about a year and a half ago | (#40939939)

why the fuck did i need one of those peice of shit accounts to play diablo 3, A SINGLE PLAYER GAME, in the fucking first place. fuck blizzard.

The Responsible Thing To Do (5, Funny)

TranquilVoid (2444228) | about a year and a half ago | (#40940013)

Technically I'm working from home today, but I guess good security dictates I log into WoW to change my password and check for any foul play.

Who cares? (1)

PhilistineGuillotine (2633149) | about a year and a half ago | (#40940017)

They didn't get billing information and can easily revert any accounts that get messed up.

Re:Who cares? (0)

Anonymous Coward | about a year and a half ago | (#40940455)

But they can't revert the fact that email addresses were compromised. I started using my domain because I thought Blizzard would treat it kindly. I used it with dropbox too when they got hacked. I hope I don't start getting a ton of spam now :\

Re:Who cares? (2)

wiredlogic (135348) | about a year and a half ago | (#40940731)

Many people use the same password for all accounts including their e-mail. You can also assume that the same login and/or e-mail username is used in other places by many people and attempt to access other outside accounts. This creates a huge security threat for those affected.

FYI, "secret" questions can not be changed. (5, Interesting)

Kenja (541830) | about a year and a half ago | (#40940023)

Once a Battle.net account is created, the first name, last name and security question can not be changed. Since these questions are now compromised, everyone is SOL.

Re:FYI, "secret" questions can not be changed. (3, Informative)

dgatwood (11270) | about a year and a half ago | (#40940143)

That hasn't been true for over a year [epicnpc.com] .

Also, they're going to en masse make everyone change their security question/answer real soon now.

Re:FYI, "secret" questions can not be changed. (4, Informative)

Kenja (541830) | about a year and a half ago | (#40940215)

The link you provided says that only Blizzard can change them, so it sounds like its still true for now unless you want to argue with them on the phone and provided a photo id.

Re:FYI, "secret" questions can not be changed. (1)

Sir_Sri (199544) | about a year and a half ago | (#40940173)

They said they're working on a change to the security question.

But yes, in general this is bad. Although that's sort of the idea behind salting and hashing passwords, that even if someone gets the passwords they still can't recover them.

Re:FYI, "secret" questions can not be changed. (1)

Anonymous Coward | about a year and a half ago | (#40940693)

The real problem here is not that you can't change it, it's that, unlike a password that probably has (or at least should have) no relevance to your actual life, the security question is likely to be something that is a constant, such as "last 4 of SSN" or "City of Birth" and are also likely to have been used elsewhere.

This is great news. (0)

Anonymous Coward | about a year and a half ago | (#40940087)

Blizzard is now going to give us free stuff so we don't fret about this.

Please let it be mount swag. That'll be awesome. I guess I'd better buy a subscription card tomorrow.

Word choice? Dwarfed!

That's a sign I tell you!

"Were hacked" or still pwned? (0)

Anonymous Coward | about a year and a half ago | (#40940263)

Have the fully removed any backdoor? hopefully they've taken huge steps to ensure that now password changes cannot be intercepted before the encryption process :)

Hacked, and hacked for a long time. (0)

Anonymous Coward | about a year and a half ago | (#40940299)

I've suspected that the battle.net network has been compromised for a long time. I've known way too many people that have had their account compromised for no discernible reason. No, not Trojan or key logged or phished or anything stupid like that. Just straight up compromised. Often, it's someone who's not touched a blizzard game in months or years.. And then out of the blue they get random emails from blizzard indicating some sort of acct activity has occurred, or they've been banned for something.

I wager there's a hole somewhere in the network that allows bad parties to get a hold of enough details to compromise certain accounts. .. Actually, I bet it's an inside job. Given the lucrative nature of blizzard accounts (Well, maybe not so recently but at one time hacking for wow gold was considered way more profitable than outright CC fraud) I would not be surprised if someone was taking money in exchange for account DB dumps.

Ironic. . . (3, Insightful)

Limburgher (523006) | about a year and a half ago | (#40940341)

I seem to recall reading in the Security Question comments how Battle.net's system was excellent. That portion of it may have been, and they seem to be responding well to this, but the timing is interesting.

Re:Ironic. . . (1)

mapsjanhere (1130359) | about a year and a half ago | (#40940395)

If anyone gets an email for the hackers - I forgot my battlenet account info years ago, maybe they can send it to me?

Asherah poles (0)

Maluminati (2633107) | about a year and a half ago | (#40940409)

"Instead, you must break down their pagan altars, smash their sacred pillars, and cut down their Asherah poles." cut down / hack. Same thing. Good job, Mr Bond ;)

Re:Asherah poles (0)

Anonymous Coward | about a year and a half ago | (#40940543)

https://mobile.twitter.com/AsherahResearch
prolly not

Secret questions are a weak auth mechanism (1)

hackertarget (1265522) | about a year and a half ago | (#40940533)

So were the passwords salted or only encrypted? Do we have yet more passwords in the wild?

The use of secret questions are a weak form of password retrieval. Finding someones home town or mothers maiden name is not exactly difficult.

Rainbow tables (2)

Coolhand2120 (1001761) | about a year and a half ago | (#40940541)

Oh the passwords are cryptographically scrambled? Do they mean hashed or encrypted? I imagine anyone with enough skill to steal all of those accounts knows how to operate a rainbow table [wikipedia.org] . Why not just come clean an tell everyone their passwords are compromised too. Why leave everyone with a nebulous message like "cryptographically scrambled". Are they encrypted? Or did you just hash+salt them? I for one would really like to know!

Re:Rainbow tables (1)

VortexCortex (1117377) | about a year and a half ago | (#40940719)

scrambled? Do they mean hashed or ... Or did you just hash+salt them? I for one would really like to know!

I think what's best is unsalted, over easy, and hash browns on the side.

Customer service amateurs (-1)

Coolhand2120 (1001761) | about a year and a half ago | (#40940569)

Last week my friend has his D3 account hacked, and they treated him as if it was his fault! What a bunch of assholes. Get your shit together Blizzard!

Re:Customer service amateurs (1)

VortexCortex (1117377) | about a year and a half ago | (#40940739)

Last week my friend has his D3 account hacked, and they treated him as if it was his fault! What a bunch of assholes. Get your shit together Blizzard!

Their shit IS your shit, and being all together is actually the problem; Both in terms of security and bandwidth bottlenecks...

Hmmm (0)

Lando (9348) | about a year and a half ago | (#40940661)

How does this affect my bnetd server? Oh, that's right Blizzard sued it out of existence and I haven't purchased a blizzard product since then. No worries then, doesn't effect me.

Who cares.. (2, Interesting)

SD-Arcadia (1146999) | about a year and a half ago | (#40940699)

Diablo 3 was DOA. It is a hamster-wheel farming game revolving around the auction house with no depth nor creativity.
Summary: It's fun but too easy going through normal, nightmare and hell if you gather a party. Then you hit the inferno act 2 brick wall, and your only hope for punching through that is either the RMAH or something like 100+ hrs into cheese-farming spots like dank cellar (gold) or the ancient path goblin (rares).
I found myself wishing someone else would "play" for a while because the game part peeled away and it was revealed to be a stupid repetitive virtual item farming-trading game. I bought the game mid-May, and haven't touched it past June and don't plan to either. Gonna keep it around for a couple more weeks and then give my login info to the first friend who shows interest when I go back to school for TA'ing in september.

Battle.net status: (-1)

Anonymous Coward | about a year and a half ago | (#40940827)

RAPED.

Been a while (1)

Xtifr (1323) | about a year and a half ago | (#40940895)

Oh man, I think I created an account for Starcraft I. Do you suppose it's still active? I doubt I can remember what password I used all those years ago, or what email address I might have had at the time.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...