Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Blizzard Data Integrity rgrd recent Hacks

Forum Avatar
Skadias
#0 - May 6, 2010, 7:32 p.m.
Blizzard Post
I have a rather direct question that I wish an answer from blizzard. I am not going to dance around this because I am frankly fed up with it.

Blizzard,

Has your data servers with account information been hacked or compromised?

Do you do regular testing to ensure that the data has not been accessed on a mass scale?

Do you do regular testing on all levels of employees with access to this information to safeguard our accounts?

Do you cross reference these tests with compromised accounts to see if there is a pattern?

What information do you have to provide the public with the recent rash of hackings which all have the same MO. of people finding no keylogger or signing into no sites yet still being hacked?


I have a computer which is behind 2 firewalls and a router. The computer does not visit websites beyond 2 (Battle.net and Wow forums).

I have two seperate accounts with two seperate emails and passwords, these email accounts are specific to wow use and are not given out by other means. This is to prevent anyone from guessing that the email is used as a wow account name.

I recently had my GM account hacked but NOT my second account. IN addition to this I have scanned my computer with 4 seperate security programs which have found 0 spyware/malware/virus/keyloggers for all 4 programs.

It is because of this that i know for a fact that My information was not obtained via keylogger. Which means that beyond the highly unlikely situation that my computer was hacked specifically looking for wow on random computers on the internet and then magically somehow gained my information without leaving a trace of anything behind it brings only 2 possibilities to the front.

1) Your servers have been hacked

2) employees are selling/giving account information away.


I think I am entitled to answers after playing for over 5 years since beta with many accounts.

Forum Avatar
Malkorix
#51 - May 6, 2010, 9:34 p.m.
Blizzard Post
As Eilethalua quoted, no - to date, Blizzard Entertainment has not been compromised. Additionally, an 'inside job' would not be nearly so easy to perpetrate as you seem to think. We take the integrity of our staff very, very seriously, and in addition to oversight, there are substantial and multi-layered safeguards in place. Nevermind the fact that Blizzard Employees do not know your password, and have no means of acquiring it. Nor will a Blizzard Employee ever ask for your password.

As I've said many times - if the source of the security breach you've experienced is to be appropriately addressed, it is crucial to recognize that this breach occurred somewhere within your domain.

There are numerous ways and means this could have occurred that have little or nothing whatsoever to do with the security on your system. For example, you may have mis-typed an important website and accidentally entered account information into a phishing site (I always double check the URL before I put information into any login screen for anything, personally). The account information might have been shared, and the security of the account breached in that fashion. In a moment of inattention, the account might have logged in from an un-secured system.

Q u o t e:
You're right the bruteforce thing wasn't clear..

The scenario could have been that the email in question and the blizz account had the same password and they figured out the email's password and lucked out..

Who knows.. whatever way they got the password, they got it.

The point is it was TARGETED.

No way could it have just been Random, the timing is just too perfect..

You explain to me how they could Target a specific Character to hack..


Actually, to be fair, currently you are assuming that it was targeted.

Those who compromise accounts have been known to 'scout' accounts and target specific ones, yes. That's not the only possibility though. The information from your Guild Master account may have been the only information that they gleaned - this is especially likely if the source of your compromise is account sharing, phishing or an isolated log in on an unsecured system.

Q u o t e:
All I'm expecting is for people to at least open their minds to the possibility..

Just apply logic and explore the facts, you can't rule it out, no matter what they say, think about it for a second.


When logic is applied, I'm afraid that it is your presumptions that are ruled out =/.

Q u o t e:

How can they guarantee there are NO Issues.. Every single employee is 100% Ethical, Every system is 100% fool proof. If you believe this, you're just comfortable believing a lie..


Of course no system is perfect - but that's why there are multiple layers of protections. Redundancy is the key to shoring up the inconsistencies in any system - when the life blood of your entire organization rests on things as important as security and employee integrity, then it rather makes sense to ensure that all is as it should be, does it not?

Regardless, while I'm not in a position to determine the precise origin of your compromise, I might be able to shed a little more light on the situation if you can furnish me with the name and realm of a character on the compromised account.
Forum Avatar
Malkorix
#55 - May 6, 2010, 9:43 p.m.
Blizzard Post
Q u o t e:



so all i have to do to get my account fixed is to make a post that is assuming that a breach in blizzards security system happened since i havent been asked anything or heard anything from any gm or even an email and my account got compromised four days ago.....


No. I said I might be able to provide insight, but unfortunately we are not in a position to field investigation requests via this forum. If a full investigation and recovery is to take place, then the appropriate avenues must be pursued:

Account Hacked? Security Issue? Look Here!
http://forums.worldofwarcraft.com/thread.html?topicId=24702231244&sid=1
Forum Avatar
Malkorix
#64 - May 7, 2010, 12:14 a.m.
Blizzard Post
Q u o t e:
thoes methods are useless, you cannot get though on the phone which makes everything pointless


and my ticket in game was ignored... it was never answered i never recived an e-mail about it and not it is gone

so you are saying i need to put in another ticket just to wait 2 days for some other inept person on your staff just to ignore it


They are most assuredly not useless, and telephone contact is not the only method to address a compromise =/. If you've reported an account compromise via an in-game petition then our staff did not ignore the situation. They will investigate and help deal with the situation as soon as possible.

The threads posted in the article I linked explain this process in greater detail, and it would be a good idea to read them.