Here we go again … more food comparisons to security

Isn’t it great that the business of gaming is so safe and protected? The people working for the business don’t have to worry about getting hacked and the gamers themselves not have to worry. Everyone can just relax and do what they love with gaming and not have to worry… If only that was how it worked but sadly that’s not at all how it is.

                About a little more than a month ago a business named blizzard was breached and user information was stolen. The information that stolen from the breach was Battle.net e-mail addresses, cryptographically hashed passwords, answers to personal security questions, and information about mobile and dial-in two-factor authentication. On the plus side, not every bit of information was stolen. The billing information (credit card numbers, addresses, and real names) have been kept safe. The users that were affected by this attack were in the North American servers. The countries that are in that server are North America, Latin America, Southeast Asia, New Zealand, and Australia.

                Another plus side is that the passwords that were obtained in the breach were protected by the Secure Remote Password protocol (SRP).  The passwords were “salted” which means that they had a long string of random characters in them to make them more protected. This made it so that the attackers had to decipher the passwords individually which was painfully slow.

                Even though it is very slow and time consuming for the attackers to decipher the passwords, Blizzard is still recommending its users to change their passwords and also other passwords on different accounts that were similar. Also, Blizzard is prompting their users to update their security questions and mobile authenticator software.

                Blizzard said that it learned of the breach on August 4th and has been working very hard to find the attackers. “Our first priority was to re-secure out network, and from there we worked simultaneously on the investigation and on informing out global played base,” Blizzard President Morhaime wrote. He wants to have speed and accuracy in their reporting and work diligently.

 

                Sources:

                http://arstechnica.com/gaming/2012/08/hackers-collect-significant-account-details-from-blizzard-servers/

                http://docs.moodle.org/23/en/Password_salting

Advertisements

5 thoughts on “Here we go again … more food comparisons to security

  1. While reading your article I thought to myself, well at least they didn’t steal credit card information or anything. Then my CSD brain kicked in and I thought about how much information they could gather from what they stole. They could potentially use the information as a launching point to eventually steal your identity. Have there been abnormally large amounts of compromised accounts recently? Did Mr. Morhaime say anything about the strength of encryption?

    • The only talk of encryption were the “salted” passwords and the article didn’t say anything about further attacks on the people who got their information stolen. I know there were articles you could go to that were linked in this article, but in this article itself there weren’t any more attacks discussed.

  2. I think that Blizzard probably did the best they could with how to handle the breach. They informed their users to change their passwords and i don’t know if you talked about this but they did make it so that users could change their recovery question and answer for a a limited time after the breach. The only thing that they could have done a little different is maybe get the information out a little earlier to their users. I have read the article that they posted on their site and the breach was on the 4th and they posted a message on their front page on the 9th. That is 5 days that the hacker could have gotten access to accounts, but this could have been because Blizzard was still figuring out what exactly happened and wanted their message to have all the information about the hack in one post instead of multiple ones.

    • I agree with that. I think it would have been good if when Blizzard first found out they would have gave their users a little heads up on what just happened and that they were still trying to figure out what happened and that they would explain it in a few days in more detail.

  3. This is why you need to use different passwords and if you could use separate email addresses that would help keep you secure. Blizzard did the right thing, that most companies do, of informing the community of the breach. But they might not have done the right thing in the first place to secure people’s information. And why would they encrypt the passwords but not the security question answers.

Comments are closed.