Patch 5.4 patch notes
Virtual Realms feature revealed
The Proving Grounds are coming
The latest patch 5.4 newsBotters, how do they work?
by Matthew Rossi 
Oct 26th 2012 at 4:00PM
What I really found interesting, however, was Takralus' takedown of a very old argument by players about Blizzard's stance on botting.
Posts with tag account-security
What I really found interesting, however, was Takralus' takedown of a very old argument by players about Blizzard's stance on botting.
GuildOx introduces Alt Detection
by Olivia Grace Sep 18th 2012 at 8:00PM
WoW database site GuildOx, which ranks guilds, players and loot from World of Warcraft by reading data via the official WoW API, has introduced a sparkly new service for would-be recruiters.
Thanks to the introduction of account-wide achievements, GuildOx, along with any other site that is smart enough to extract this information from the API, can use the cross-account information to tell you exactly who that new player's alts are that's applying to your guild. So, if someone claims to have amazing gear, and anything else that isn't a linkable achievement on an alt, you can now check it out on GuildOx.
The functionality could allow a guild leader to see if the new person they're picking up is actually the worst trade chat troll on the server, for example. As GuildOx says, this can provide extra insight into applicants when recruiting new guild members. If you think you'd benefit from this, then you can check it out on GuildOx's new service by viewing one of the site creator's characters, and all their alts.
There is, of course, a down side.
Thanks to the introduction of account-wide achievements, GuildOx, along with any other site that is smart enough to extract this information from the API, can use the cross-account information to tell you exactly who that new player's alts are that's applying to your guild. So, if someone claims to have amazing gear, and anything else that isn't a linkable achievement on an alt, you can now check it out on GuildOx.
The functionality could allow a guild leader to see if the new person they're picking up is actually the worst trade chat troll on the server, for example. As GuildOx says, this can provide extra insight into applicants when recruiting new guild members. If you think you'd benefit from this, then you can check it out on GuildOx's new service by viewing one of the site creator's characters, and all their alts.
There is, of course, a down side.
Filed under: Mists of Pandaria
North American players may now update their security questions
by Anne Stickney Aug 15th 2012 at 9:00PM
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators.
In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.
Nethaera
In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.
Nethaera
As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one.
Filed under: News items, Account Security
Blizzard security breach, no evidence that financial data was compromised
by Chase Hasbrouck Aug 9th 2012 at 6:40PM
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here.
The full post is below.
Mike Morhaime
The full post is below.
Mike Morhaime
Players and Friends,
Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.
At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.
Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.
We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.
In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.
We take the security of your personal information very seriously, and we are truly sorry that this has happened.
Sincerely,
Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.
At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.
Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.
We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.
In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.
We take the security of your personal information very seriously, and we are truly sorry that this has happened.
Sincerely,
Mike Morhaime
Filed under: News items, Account Security
Blizzard issues account security alert after Riot Games breach
by Matthew Rossi Jun 14th 2012 at 6:30PM
Blizzard issues its security alert because many players who play various Blizzard games like WoW and Diablo III or StarCraft II also play League of Legends; therefore, if they use the same email address for Battle.net as League of Legends or the same passwords, those Battle.net accounts may also be at risk.
This is not an announcement that Blizzard itself has been hacked, mind you. It's simply a precaution based on the habits of players of many games to use the same passwords and login information for multiple accounts. If you're not a League of Legends player in the affected EU regions, there's no way for this to affect you.
The full announcement is after the break.
Filed under: Blizzard, News items, Account Security
You cannot get hacked by playing public games in Diablo 3
by Michael Sacco Jun 1st 2012 at 12:00PM
Just like WoW accounts, Diablo III accounts are worth real money. Blizzard has had experience dealing with compromised accounts for years. This is why it introduced the Battle.net Authenticator, a second level of security that makes it very, very difficult to get your account compromised. Authenticators don't make it impossible to get your account compromised, but they do make compromising your account much more trouble than it's worth in the face of mass keylogging, which is how accounts are normally stolen.
Some people who haven't had a WoW account before but bought Diablo III were undoubtedly surprised when their accounts were compromised, which is understandable. An editor at Eurogamer had his account hacked and responded with an article suggesting that players were getting their sessions hijacked by joining public games and that people were getting compromised with this method even with authenticators attached to their account. Unfortunately, sites all over the internet picked up the story and also reported the session hijacks and bypassed authenticators as fact.
The problem is that neither of those things were correct. In fact, Blizzard says it's actually impossible to do with Diablo III due to the way the infrastructure is set up.
Filed under: Blizzard, Account Security, Diablo 3
Opt-out option incoming for recent authenticator security change
by Michael Sacco Jul 26th 2011 at 8:00PM
The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature.
Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced.
The full announcement post and followups are after the break.
Filed under: News items, Account Security
Battle.net Mobile Authenticator now available for Windows 7 Phones
by Michael Sacco Jul 7th 2011 at 8:00PM
At this point, there's pretty much no reason not to have an authenticator -- they're 6 bucks and free to ship for a physical device and no cost at all for a software version available for every major mobile platform. Just get it!
Battle.net Mobile Authenticator for Windows® Phone 7 Devices
The Battle.net Mobile Authenticator, an application for mobile phones that provides an extra layer of account security, is now available as a free download for Windows® Phone 7 devices on the Windows Phone Marketplace. The Battle.net Mobile Authenticator provides a one-time password that you use in addition to your regular account name and password when you log in to a Battle.net account to play World of Warcraft or StarCraft II.
Versions for other mobile devices are also available for download here, or you can purchase a physical Battle.net Authenticator from the online Blizzard Store. Visit the Battle.net Mobile Authenticator FAQ for more information, or head to the setup page to get started after you've downloaded the application.
For additional account security advice, check out our Account Security page.
Battle.net authenticator process updated with smarter log-in detection
by Mathew McCurley Jun 16th 2011 at 7:00PM
Blizzard wants make the authentication process less intrusive and this is a first step towards that goal. Right now, having to input a code each and every log in is a pain, sure, but it also makes me feel secure. I'm never going to say no to more security, however, and if the system is something that can accurately figure out where I am and let me on, that's great.
This doesn't take into consideration the circumstance where you use an authenticator to prevent access to WoW, even from the home PC. I know some parents who use a simple password that their kids can remember but use the authenticator as the gate to prevent unwanted play. Maybe there will be an opt-out feature of some kind to always ask for the code.
You can check out the Battle.net account security page or check out the Blizzard mobile site for application information. For more information on this specific change to the authenticator system, follow me after the break.
Filed under: Blizzard, Account Security
The Lawbringer: Account management and you
by Mathew McCurley May 20th 2011 at 9:00AM
Writing The Lawbringer has taught me a lesson in trends. Over the past few months, specific questions are sent to me in topical batches. Sometimes it is a few emails about selling accounts. Other times, I get four to five emails about account security or compromise. May's email topic of choice was transferring accounts to family members.
Blizzard is very restrictive about what you can and cannot change regarding your account information. On the one hand, it is your account, right? Shouldn't you have ultimate control over the information you provide for the facilitation of a service you pay for? On the other hand, there is a certain degree of problem mitigation that comes with restrictive change. If Blizzard can control certain aspects of what you do with your account and the information it is all filed under, problems can get mitigated before they appear. Today's topic is really all about damage mitigation.
Filed under: The Lawbringer
First Core Hound Pup adoption campaign winners announced
by Mathew McCurley Apr 21st 2011 at 7:00PM
Filed under: Contests, Account Security, Cataclysm
RSA security hack not affecting Blizzard authenticators
by Mathew McCurley Mar 18th 2011 at 3:30PM
RSA Hack and Blizzard Authenticators
Pokzin,
The Blizzard Authenticators are based off modified Vasco tokens. I'm sorry to hear about RSA's troubles, but it will not affect the Blizzard Authenticator.
The Blizzard Authenticators are based off modified Vasco tokens. I'm sorry to hear about RSA's troubles, but it will not affect the Blizzard Authenticator.
It doesn't look like Blizzard will be harmed by this at all. As a reminder, please keep your account safe by not clicking links in emails that don't appear to be from Blizzard, always check your email headers for incoming email addresses, and if you have any questions about whether an email is legitimate, contact Blizzard first. And do please get an authenticator for your account. Check out some of our own security articles here.
Filed under: Blizzard, Account Security
Blizzard posts new account security guide
by Michael Sacco Feb 16th 2011 at 7:00PM
To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.
Filed under: News items, Account Security
Breakfast Topic: What made you decide to get an authenticator?
by Aiden James Kosciesza Feb 8th 2011 at 8:00AM
Once again, Blizzard is encouraging its players to use authenticators to protect their Battle.net accounts. In addition to the incentive of a lovable Core Hound Pup pet provided to all World of Warcraft characters on an account that has an authenticator attached, there is now a contest going on to win an iPad for your best Core Hound Pup screenshot, and we've even received reports that free authenticators are being offered to owners of accounts that have previously been compromised. Still, incentives alone aren't enough for some players. Sometimes it takes an incident to drive the point home.
For me, it was a hacking scare involving my girlfriend's account. We had just resubbed to WoW in preparation for Cataclysm and were having a blast when she got a notification from Blizzard that her account had been locked due to an unauthorized break-in. Nothing was gone, no items destroyed, no gibberish-named level 1s created, but she did have to change her password and verify to Blizzard that she was still herself. She was playing on a Mac, used Adblock and had disabled Flash on her browser, and she only visited a handful of websites on a daily basis, all very innocuous places like Gmail and WoW Insider. We figured it was an isolated incident, but just to make sure, she wiped her hard drive and reinstalled WoW. Then, a week later, it happened again. I couldn't believe it, and I still don't know how or why she was targeted, but I ordered our authenticators the very next day. We haven't had a problem since.
What convinced you to get an authenticator? Was it a contest, a promotion by Blizzard, or a hacking scare? If you don't have an authenticator yet, what's holding you back?
The Lawbringer: Account security and you
by Mathew McCurley Dec 3rd 2010 at 11:00AM
New players will soon be streaming into World of Warcraft come Cataclysm time, as well as old friends and enemies returning from prolonged sojourns. With these new or old accounts becoming active again, as well as a demand for grey market services increasing with a growing player base, account security is going to be on the tip of everyone's tongue again. For good reason, too. World of Warcraft has had one of the most daunting burdens of any MMO to date in dealing with account security, account hacking and a legal nightmare overseas.
Filed under: The Lawbringer
