Octopus Overlords

[Lorini]

http://us.blizzard.com/en-us/securityupdate.html

Bad news. Change your password ASAP.

[stessier]

Changed. Luckily I never reuse passwords for sites like that.

[GreenGoo]

Turned authenticator on for every login, changed password to something more robust, but I don't see any easy way to alter my hint question (although the blizzard note said they will be prompting to change this in the near future) and it is not convenient for me to change my account name.

We'll see what happens next. There're millions of us, so probability alone suggests I'm good for a long time.

[Smoove_B]

Glad this was posted. I'm using the old-school key chain authenticator -- apparently there should be way easier targets than me. I wanted to believe it couldn't happen, but given the amount of real money involved, I guess the motivation to figure something out was through the roof.

Insane.

[dbt1949]

I'm probably going to be hard pressed to remember my new password.

I didn't have any financial information that I know of tho. I bought a hard copy.

[LawBeefaroni]

Yet I can't do RMAH to paypal because they don't like my phone. Looks like they need less reliance on third-party security checks and more security on their own internal network.

[Blackhawk]

At this point, having been hacked is pretty much standard in the online entertainment biz. I'm not sure 'unhackable' exists anymore. It sounds, though, like they've actually got decent encryption and did a decent job of giving full disclosure - which isn't standard, unfortunately.

[Daehawk]

Are they blaming us again?

[Baroquen]

I think they said security enhancements would be coming "Soon"TM.

[McBa1n]

At this point, having been hacked is pretty much standard in the online entertainment biz. I'm not sure 'unhackable' exists anymore. It sounds, though, like they've actually got decent encryption and did a decent job of giving full disclosure - which isn't standard, unfortunately.

True enough. Glad I caught the report this morning. My WoW account is already hacked and not in service and my D3 account is not being used. What am I using this stupid authenticator for anyway? Le sigh.
It would be better if I got an email from them and didn't have to read it on web rags.

[LawBeefaroni]

Well timed press release today from Activision:

SANTA MONICA, Calif., Aug. 10, 2012 /PRNewswire via COMTEX/ -- Rogue spies have breached MI6 and uncovered information on pre-order exclusives for this year's upcoming 007(TM) Legends video game. Fans that reserve an early copy of 007 Legends in North America - planned to launch October 16th from Activision Publishing, Inc., a wholly owned subsidiary of Activision Blizzard, Inc. (ATVI) - will gain access to the Nemesis Pack from Amazon.com and the 007 Pack from GameStop. The content of each of these exciting pre-order packs are as follows.

[Lorini]

At this point, having been hacked is pretty much standard in the online entertainment biz. I'm not sure 'unhackable' exists anymore. It sounds, though, like they've actually got decent encryption and did a decent job of giving full disclosure - which isn't standard, unfortunately.

True enough. Glad I caught the report this morning. My WoW account is already hacked and not in service and my D3 account is not being used. What am I using this stupid authenticator for anyway? Le sigh.
It would be better if I got an email from them and didn't have to read it on web rags.

There's so many damned phishing emails claiming to be from Blizzard though. That said, I think we'll eventually also get an email.

[Toe]

My authenticator is at home, so not much I can do from my end until after work.

I wonder if there will soon be a job opening in network security at Blizzard.

[Lorini]

There has been speculation that social engineering (ie phishing or some other breakdown involving an employee) was involved. That's how RSA got hacked, one of their security employees fell for a phished wedding invitation which allowed malware to be installed on their computer.

[Zarathud]

Glad I have nothing of any value. Not that would stop anyone from stripping my toons anyway.

[Sepiche]

Just to reiterate... if what Blizzard is saying is true and all the hackers got was encrypted password data, then the likely hood of them cracking them is pretty remote. I'm surprised they apparently didn't encrypt some of the authenticator data, but it's nice to know our database team isn't the only one around that occasionally has monumental lapses in judgement.