Tag: Hack

Blizzard Investigating Account Theft, Denied Authenticator Hacking


I know what you’re thinking: Sure, denial is exactly what someone would do when they have something to hide. Well take a moment to remember that denial is also something a person will do when they are truly innocent of the charges, so let’s not get ahead of ourselves. Coming off of the release of Diablo III was the well-expected surge in accounts being stolen and stripped clean. Some of those people also happen to have authenticators, raising suspicion as to whether or not the security method has been successfully cracked. I have good news:

Blizzard wants you to know that you are a liar, if you claim to have been hacked with an authenticator already on the account. According to Blizzard, not a single case has been filed where an authenticator was already on the account.

While the authenticator isn’t a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.

On the other hand, you can rest assured that the Blizzard servers have not been breached. And once again to the paranoid conspiracy theorists who think Blizzard compromises/sells accounts to scam/scare users into buying authenticators, you are still wrong.

(Source: Blizzard Forums)

SOE Hacked: Important Information


So the chickens have come home to roost, or however that saying goes. Earlier today, I talked about how Sony Online Entertainment had shut down its entire service following an investigation that may have changed their stance on SOE’s database being safe from the hack that took down the Playstation Network last month and resulted in everyone’s information spewed all over the net. Sony has issued a press release, and the news is not good:

 Stolen information includes, to the extent you provided it to us, the following: name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password.

Customers outside the United States should be advised that we further discovered evidence that information from an outdated database from 2007 containing approximately 12,700 non-US customer credit or debit card numbers and expiration dates (but not credit card security codes) and about 10,700 direct debit records listing bank account numbers of certain customers in Germany, Austria, Netherlands and Spain may have also been obtained – we will be notifying each of those customers promptly.

Sony originally believed that SOE was not compromised as part of the PSN hack, but investigations that concluded yesterday revealed that the system was indeed broken into by an unauthorized party. It is important to note that the main credit card database was not hacked, at least according to Sony. It may not be a bad idea to get a new card, however.

We apologize for the inconvenience caused by the attack and as a result, we have:

1)         Temporarily turned off all SOE game services;

2)         Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3)         Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.

If it makes you feel more comfortable, I suggest going to your bank/credit card issuer, and requesting a new card. You’ll have to live without the card for a week or so, but that’s a small price to pay if Sony’s database was stolen and they are able to get through the encryption. I’m not trying to cause undue fear with these articles, but any information regarding identity theft should be taken very seriously.

If you use your Sony password on other websites, I highly suggest you get a new regular password. SOE’s services remain offline.

Rift: Aion Clone? Major Security Hole Patched.


The coin-lock system in Rift is, as I mentioned, a substandard method of stopping account theft because it doesn’t impact what Trion has referred to as the cause of 80% of all hacked accounts: Keyloggers. With what Trion has referred to as a nonstop attack on the account databases and servers, it was only a matter of time before one of the parasites made it through, as shown just this past week when a player managed to log into another player’s account with their details.

If this were, say, Runes of Magic, the person who found the vulnerability might put thousands of accounts as hostage until the company fulfills a list of demands that could only come from a frothing-mouthed disenfranchised fanboy, but rather than setting himself up for a bunkmate, Mr. ManWitDaPlan alerted Trion to the exploit, and the team has managed to fix it.

The vulnerability existed deep in the server code, dealing with the error checking of the login validations. If this is Greek to you, just feel safe that it’s been fixed.

An important lesson to be taken from this is a reminder that bugs will always occur, and sometimes they have a much larger implication than others. In this case, I have to hand it to Trion for their fast response and willingness to work with the guy who discovered the exploit. As Trion put it:

We do block them as they are detected, but the fact that they are using distributed botnets (compromised computers from across the globe) means that this will remain something that we will continue keeping an eye on, forever.

So score one for Rift, and for Trion’s ability to recover from a setback.