• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 00:47
CEST 06:47
KST 13:47
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins HomeStory Cup 296Serral wins Maestros of the Game 243ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12
Community News
BSL Season 22 Full Overview & Conclusion7BSL Season 22 Full Overview & Conclusion7Weekly Cups (June 29-July 5): Solar Doubles0MC vs IdrA, Boxer vs Nal_rA to be Legacy Matches @ BlizzCon445.0.16 Hotfix (June 30) - Balance + Bug Fixes40
StarCraft 2
General
Serral wins HomeStory Cup 29 Serral wins Maestros of the Game 2 Reynor: GSL Loss Wasn't About Preparation Format 5.0.16 patch for SC2 goes live (8 worker start) What is your PC setup in 2026 for SCBW/SC2 ?
Tourneys
GSL CK #5 Race War WardiTV Summer Cup 2026 RSL Revival: Season 6 - Qualifiers and Main Event HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 534 Burning Evacuation Mutation # 533 Die Together Mutation # 532 Nuclear Family
Brood War
General
Pros Debate: Zerg Unfairly Nerfed? (ASL S22 map) BSL Season 22 Full Overview & Conclusion BGH Auto Balance -> http://bghmmr.eu/ BW General Discussion ASL22 General Discussion
Tourneys
[ASL22] Wildcard Qualifier IPSL Spring 2026 Top 4! [Megathread] Daily Proleagues CSLAN 4 is Coming!
Strategy
Fighting Spirit mining rates Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies
Other Games
General Games
Stormgate/Frost Giant Megathread General RTS Discussion Thread Path of Exile Summer Games Done Quick 2026! Nintendo Switch Thread
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread TL Mafia Power Rank Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread UK Politics Mega-thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The IdrA Fan Club The HerO Fan Club!
Media & Entertainment
Movie Discussion! Anime Discussion Thread Series you have seen recently...
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
Simple Questions Simple Answers FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard?
TL Community
The Automated Ban List
Blogs
Major Shifts in the Gaming I…
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
StarCraft improvement
iopq
Customize Sidebar...

Website Feedback

Closed Threads



Active: 6692 users

Blizzard Security Breach - Page 12

Forum Index > SC2 General
442 CommentsPost a Reply
Prev 1 10 11 12 13 14 23 Next All
zhurai
Profile Blog Joined September 2010
United States5660 Posts
August 10 2012 04:13 GMT
#221
On August 10 2012 13:07 Zato-1 wrote:
Show nested quote +
On August 10 2012 12:39 zhurai wrote:
On August 10 2012 10:16 Integra wrote:
On August 10 2012 09:11 Corrosive wrote:
Stuff like this happens often to companies like this. As long as blizzard didn't store everything in plaintext like Sony did, everything should be fine.

If you want to see how long it would take your password to be cracked check this out
http://howsecureismypassword.net/

according to this website it will take them 40 undecillion years or in numbers:40,464,702,078,891,060,000,000,000,000,000,000,000 years to crack my password... goodluck with that.

maybe if they try cracking it on one computer with a single core

Actually, if you're serious about cracking a large number of passwords then you don't care so much about your processor, you'll get a high-end graphics card to do the brunt of the work because they have orders of magnitude more computing power for this purpose. Also, in its estimate, that site makes the rather huge (and probably incorrect) assumption that the programs hackers use will be sequentially trying completely random sequences of characters, when there are substantially more efficient ways to crack more than enough bad passwords to make it worth your while.

I know. I'm just saying that site is unrealistic which probably is a simulating a computer that can only work on one thing at a time rather than e.g. multithreading cracking, using dictionary tables, etc.

(read: sarcasm)
Twitter: @zhurai | Site: http://zhurai.com
sudosu
Profile Joined October 2011
France120 Posts
August 10 2012 04:32 GMT
#222
On August 10 2012 13:13 zhurai wrote:
Show nested quote +
On August 10 2012 13:07 Zato-1 wrote:
On August 10 2012 12:39 zhurai wrote:
On August 10 2012 10:16 Integra wrote:
On August 10 2012 09:11 Corrosive wrote:
Stuff like this happens often to companies like this. As long as blizzard didn't store everything in plaintext like Sony did, everything should be fine.

If you want to see how long it would take your password to be cracked check this out
http://howsecureismypassword.net/

according to this website it will take them 40 undecillion years or in numbers:40,464,702,078,891,060,000,000,000,000,000,000,000 years to crack my password... goodluck with that.

maybe if they try cracking it on one computer with a single core

Actually, if you're serious about cracking a large number of passwords then you don't care so much about your processor, you'll get a high-end graphics card to do the brunt of the work because they have orders of magnitude more computing power for this purpose. Also, in its estimate, that site makes the rather huge (and probably incorrect) assumption that the programs hackers use will be sequentially trying completely random sequences of characters, when there are substantially more efficient ways to crack more than enough bad passwords to make it worth your while.

I know. I'm just saying that site is unrealistic which probably is a simulating a computer that can only work on one thing at a time rather than e.g. multithreading cracking, using dictionary tables, etc.

(read: sarcasm)



Actually the chinese with their supercalculator may be able to break his password in a few months xD (can't remember how many units of 16 cores they have).
Droom
Profile Joined May 2009
23 Posts
Last Edited: 2012-08-10 04:38:25
August 10 2012 04:37 GMT
#223
So now I know why " FedExe delivery failure" and "Penis Enlargment" got through my spam.

Edit: Changing password now
Clazziquai10
Profile Blog Joined August 2011
Singapore1949 Posts
August 10 2012 04:41 GMT
#224
And blizzard screws up again. How surprising.
Chargelot
Profile Blog Joined December 2010
2275 Posts
Last Edited: 2012-08-10 04:52:50
August 10 2012 04:52 GMT
#225
On August 10 2012 13:41 Clazziquai10 wrote:
And blizzard screws up again. How surprising.

No. You're wrong. When you're a multibillion dollar corporation which operates with user information online, there are people constantly targeting you.

Bank vaults can be opened.
Safes can be cracked.
Door knobs can be picked.
Email passwords can be stolen.

So long as locks continue to have the singular flaw of allowing authorized users to bypass their security nothing which is kept behind locked doors will ever be completely safe. Imagine the number of attempts they have halted. Imagine how many times people have tried to access this data. Considering the frequency of their success, I would say Blizzard is doing a damned good job.
if (post == "stupid") { document.getElementById('post').style.display = 'none'; }
Parcelleus
Profile Joined January 2011
Australia1662 Posts
August 10 2012 04:55 GMT
#226
Thanks for the speedy heads-up BliZZ.

Password changed.
*burp*
zhurai
Profile Blog Joined September 2010
United States5660 Posts
August 10 2012 04:58 GMT
#227
On August 10 2012 13:52 Chargelot wrote:
Show nested quote +
On August 10 2012 13:41 Clazziquai10 wrote:
And blizzard screws up again. How surprising.

No. You're wrong. When you're a multibillion dollar corporation which operates with user information online, there are people constantly targeting you.

Bank vaults can be opened.
Safes can be cracked.
Door knobs can be picked.
Email passwords can be stolen.

So long as locks continue to have the singular flaw of allowing authorized users to bypass their security nothing which is kept behind locked doors will ever be completely safe. Imagine the number of attempts they have halted. Imagine how many times people have tried to access this data. Considering the frequency of their success, I would say Blizzard is doing a damned good job.

regarding security. never assume you're 100% safe.
Twitter: @zhurai | Site: http://zhurai.com
bokchoi
Profile Blog Joined March 2010
Korea (South)9498 Posts
August 10 2012 05:02 GMT
#228
Good thing I never had any credit card information associated with my US battle.net account.
Greggle
Profile Joined June 2010
United States1131 Posts
August 10 2012 05:03 GMT
#229
On August 10 2012 13:41 Clazziquai10 wrote:
And blizzard screws up again. How surprising.

In the past few years this has happened to far bigger names and with far worse outcomes. Nobody is safe from this.
Life is too short to take it seriously.
SwiftSpear
Profile Joined February 2010
Canada355 Posts
August 10 2012 05:09 GMT
#230
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")

Cryptographically scrambled passwords aren't unbreakable, it just takes too much computational effort to unscramble the entire database. Cherry picked accounts can still easily be unscrambled.

It effectively means they have your password if they're willing to devote effort to acquiring it. If there are other places of significance where you use the same password and your identity is traceable through your account data, change those passwords as well.

So if you use your blizzard password as your bank password, and your email is basically your real name, change that shit.
fer
Profile Joined November 2010
Canada375 Posts
August 10 2012 05:11 GMT
#231
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")


Yes, trust math
WellPlayed.org <3
Shield
Profile Blog Joined August 2009
Bulgaria4824 Posts
August 10 2012 05:11 GMT
#232
Oh god... I know Blizzard are lazy, but now not secure enough...? -.-
Prophanity
Profile Joined January 2012
United States165 Posts
August 10 2012 05:27 GMT
#233
On August 10 2012 14:11 darkness wrote:
Oh god... I know Blizzard are lazy, but now not secure enough...? -.-


People can break into government agencies and you think it surprising that a videogame manufacturer isn't foolproof?

Welcome to the internet - nothing is ever truly safe.
Firenza
Profile Joined October 2011
United States51 Posts
August 10 2012 05:29 GMT
#234
This thread has been really insightful. Thanks to all the folks dropping some real security knowledge.

Good advice for sex and passwords: Don't fool around with ridiculous characters. Hash makes it better. Size matters.
Xapti
Profile Joined April 2010
Canada2473 Posts
August 10 2012 05:32 GMT
#235
I felt like Battle.net e-mails were leaked long before this. I kinda doubt it's a coincidence when I start getting blizzard-game-related spam mail a while after using the e-mail for a battle.net account.
"Then he told me to tell you that he wouldn't piss on you if you were on fire" — "Well, you tell him that I said that I wouldn't piss on him if he was on Jeopardy!"
EvanED
Profile Joined October 2009
United States111 Posts
Last Edited: 2012-08-10 05:39:03
August 10 2012 05:37 GMT
#236
On August 10 2012 13:12 sudosu wrote:
"cryptographically scrambled versions"
"each password would have to be deciphered individually"

Andwhy the hell are the passwords ciphered and not hashed ?

I'd guess that's what Blizzard actually does, and their webpage has simplified the description so that people who haven't gone through a CS undergrad know what it means. :-) (OK, that's an exgeration a bit, but I still think it's mostly true.)

Besides, the first quote is perfectly applicable to the hashing scenario anyway (and in fact the weird wording of the first quote just makes me more sure of my guess).

There is absolutely no reason to store ciphered passwords because there is even less reason to deciphered a password.

(The following isn't really meant to say you're wrong per se -- and definitely not in this scenario -- just to add some additional information that the above isn't some inviolable rule.)

So it's pretty inapplicable to the WWW scenario, but by my understanding there is actually one reason that storing passwords in encrypted (and not hashed) form is a fairly legitimate tactic: it allows mutual authentication without a trusted third-party.

Alice wants to talk to Bob, so Alice picks a random secret key to use in future messages (the "session key") and encrypts that key with her password, and forwards it off to Bob, along with "I'm Alice!" in plaintext. Bob looks up Alice's password (decrypting it if necessary), uses that to decrypt the session key. Now both Alice and Bob know the session key, and no one else can subject to the strength of Alice's password. They can then handshake to make sure they have the same session key -- if they do, then mutual authentication is successful. Mallory can't mimic Alice because he can't encrypt the session key without Alice's password, nor can he mimic Bob because he can't decrypt it for the same reason.

My understanding (though this is weak and stuff I learned quite a long time ago so I could be wrong) is this idea is behind Kerberos. Kerberos adds a bunch of additional layers (and protections against other attacks like replays), and calls the "password" the "password hash" -- but it's basically how it works. (What I mean by that password vs password hash comment is that everything you need to do to authenticate yourself in Kerberos -- if I'm right -- you can do with the password hash. The extra hash step bascially provides no protection except that an attacker would have a hard time reversing to the actual input from the user to try to apply to other sites.)

(SSL gets around this by having "trusted" third parties -- e.g. Verisign -- attest to the identity of one of the parties via its public key.)

(I'd appreciate any comments about how much of what I say here is correct. :-))
Droom
Profile Joined May 2009
23 Posts
August 10 2012 05:37 GMT
#237
Seeing this is my expertise, I can comment on this;

Bank vaults can be opened.
Safes can be cracked.
Door knobs can be picked.
Email passwords can be stolen

It's what you do with the info that matters!

I said that I received 3 emails that got through my filters, and that the FexEx asks for info (2009) ( my wife almost clicked).

I'm just trying to say that a lot of this stuff can be harmless but this 1 needs to be addressed


GoonFFS
Profile Joined April 2010
Denmark323 Posts
August 10 2012 05:38 GMT
#238
no probs
http://konvictgaming.com/ -> @KrugerFFS
Danglars
Profile Blog Joined August 2010
United States12133 Posts
August 10 2012 05:41 GMT
#239
I would never have expected Blizzard to be exploited in this way! Man, the site is such a rich hacking field, so many accounts reside on it. I'm like ... surely they've seen everything, are prepared against everything ... but wow, how meddlesome are the bugs that remain.

At least the passwords had cryptographic protection unlike controversies like Sony.
Great armies come from happy zealots, and happy zealots come from California!
TL+ Member
figq
Profile Blog Joined May 2010
12519 Posts
August 10 2012 05:56 GMT
#240
I just received recently a warning on my Battle.net email that someone unauthorized was trying to access it from North America. So these hackers are actively trying to break the emails, beware.

I was wondering how a hacker could even find this particular email, because I don't use it in any public forms, only for Battle.net.
If you stand next to my head, you can hear the ocean. - Day[9]
Prev 1 10 11 12 13 14 23 Next All
Please log in or register to reply.
Live Events Refresh
Replay Cast
00:00
GSL CK #5 - Day 2
CranKy Ducklings144
EnkiAlexander 75
Liquipedia
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
WinterStarcraft711
NeuroSwarm 208
oGsTOP 177
StarCraft: Brood War
Rain 6788
GuemChi 2929
Tasteless 72
ZergMaN 26
Bale 18
Noble 12
Icarus 8
Dota 2
canceldota156
Counter-Strike
summit1g8532
m0e_tv444
Other Games
JimRising 602
C9.Mang0366
Maynarde150
Nina57
Organizations
Other Games
gamesdonequick2345
BasetradeTV235
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 15 non-featured ]
StarCraft 2
• Berry_CruncH281
• practicex 23
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• Azhi_Dahaki31
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
League of Legends
• Rush1117
• Stunt364
Upcoming Events
WardiTV Weekly
6h 13m
The PondCast
1d 5h
Replay Cast
2 days
CrankTV Team League
2 days
Replay Cast
3 days
CrankTV Team League
3 days
Replay Cast
3 days
RSL Revival
4 days
Clem vs Lambo
Scarlett vs Cure
CranKy Ducklings
4 days
IPSL
4 days
Dragon vs Hawk
[ Show More ]
RSL Revival
5 days
Classic vs Trap
herO vs SHIN
Sparkling Tuna Cup
5 days
IPSL
5 days
Bonyth vs Ret
WardiTV Weekly
6 days
Monday Night Weeklies
6 days
Liquipedia Results

Completed

YSL S3
HSC XXIX
Eternal Conflict S2 E2

Ongoing

IPSL Spring 2026
Acropolis #4
CSL 2026 Summer (S21)
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

Escore Tournament S3: W3
ASL S22 SEASON OPEN Day 1
Escore Tournament S3: W4
ASL S22 SEASON OPEN Day 2
Escore Tournament S3: W5
CSLAN 4
Blizzard Classic Cup 2026
HSC XXX
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
Stake Ranked Episode 3
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.