Skip to Content
7-25-2008 @ 5:40PM
I recently had a friend that re-enabled his account. After logging in for the first time in many months he found that all his gear on all 9 characters (some on different servers) was gone. He discussed thiswith Blizzard and they returned it saying that it must have been removed based on the account being de-activated for nearly a year.About two weeks later he recieved a second email stating that an additional charge had been placed on his credit card due to a charge back that happened in March when the account was re-activated. The problem with this is he had not activated the account in March. the last time it was activated was last August and not re- opened till the begining of July. After a couple emails back and forth Blizzard had explained that someone activated his account back in March with false Credit card info. They apoligized for any inconvienance and returned the money from the charge back.Both my friend and I are IT Security and Networking professionals, and we have come to some startleing conclusions based on the evidence.Blizzards Login servers have been hacked and are continueing to be hacked on a regular basis. My friend and I both play on a Mac, so we can absolutely rule out Virus/Spyware/other methods of attacking theclient via either Hardware, OS, Software. Given also that he de-activated the account almost a year ago (six months before being hacked) and therefore there would have been no data stream for a "man in the middle" hack back in March to glean the password. Based on the evidence of his situation, and given the shear amount of hacked accounts in recent months it is clear that Blizzard is the party that has been hacked, not the Tens/Hundreds of thousands of accounts holders that have been hacked already.My guild is one of of the largest on the Durotan server and in the last 2 months we have had 12-15 accounts hacked, so many in fact that we have been in contact with Blizzard to get re-assurances that we were not being targeted somehow. Given that there are over 10 million accounts and out of the sample of 300 or so accounts in my guild I would base that aproximately 5-6% of the accounts have already been hacked. A number that Im sure Blizzard will not want gettingarround.Now with the above SecurID dongles being proven to be able to be worked arround, Im sure that many, like myself, will be switching from Monthly credit card withdrawls to purchaceable game cards so to minimize the posibility of loss.Put another way, the biggest loss of personal and credit card informantion that I know of to date was somewhere near the 1 million mark(TJX corp). If what some suspect is true, and Blizzard does not come clean and tell us exactly what happened/is happening, Blizzards suspected loss of personal and credit information could be 10 times the TJX loss.
7-25-2008 @ 7:01PM
"My friend and I both play on a Mac, so we can absolutely rule out Virus/Spyware/other methods of attacking theclient via either Hardware, OS, Software."just because you play on a Mac does not make you invulnerable to hackers. you would think that an "IT Security and Networking professional" would know that any system is not 100% secure no matter what the OS manufacturer says otherwise.
7-26-2008 @ 11:09AM
Got something for your viewing enjoyment:http://www.ctrlaltdel-online.com/comic.php?d=20060513
7-28-2008 @ 9:46AM
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.