• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 02:23
CEST 08:23
KST 15:23
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins HomeStory Cup 296Serral wins Maestros of the Game 243ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12
Community News
BSL Season 22 Full Overview & Conclusion7BSL Season 22 Full Overview & Conclusion7Weekly Cups (June 29-July 5): Solar Doubles0MC vs IdrA, Boxer vs Nal_rA to be Legacy Matches @ BlizzCon445.0.16 Hotfix (June 30) - Balance + Bug Fixes40
StarCraft 2
General
Serral wins HomeStory Cup 29 Serral wins Maestros of the Game 2 Reynor: GSL Loss Wasn't About Preparation Format 5.0.16 patch for SC2 goes live (8 worker start) What is your PC setup in 2026 for SCBW/SC2 ?
Tourneys
GSL CK #5 Race War WardiTV Summer Cup 2026 RSL Revival: Season 6 - Qualifiers and Main Event HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 534 Burning Evacuation Mutation # 533 Die Together Mutation # 532 Nuclear Family
Brood War
General
ASL22 General Discussion Pros Debate: Zerg Unfairly Nerfed? (ASL S22 map) BSL Season 22 Full Overview & Conclusion BGH Auto Balance -> http://bghmmr.eu/ BW General Discussion
Tourneys
[ASL22] Wildcard Qualifier IPSL Spring 2026 Top 4! [Megathread] Daily Proleagues CSLAN 4 is Coming!
Strategy
Fighting Spirit mining rates Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies
Other Games
General Games
Stormgate/Frost Giant Megathread General RTS Discussion Thread Path of Exile Summer Games Done Quick 2026! Nintendo Switch Thread
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread TL Mafia Power Rank Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread UK Politics Mega-thread YouTube Thread Canadian Politics Mega-thread
Fan Clubs
The IdrA Fan Club The HerO Fan Club!
Media & Entertainment
Movie Discussion! Anime Discussion Thread Series you have seen recently...
Sports
2024 - 2026 Football Thread McBoner: A hockey love story Tennis[sport] Formula 1 Discussion TeamLiquid Health and Fitness Initiative For 2023
World Cup 2022
Tech Support
Simple Questions Simple Answers FPS when play League Of Legend on laptop How to clean a TTe Thermaltake keyboard?
TL Community
The Automated Ban List
Blogs
Major Shifts in the Gaming I…
TrAiDoS
An Exploration of th…
waywardstrategy
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Evil Gacha Games and the…
ffswowsucks
StarCraft improvement
iopq
Customize Sidebar...

Website Feedback

Closed Threads



Active: 4088 users

Blizzard Security Breach - Page 14

Forum Index > SC2 General
442 CommentsPost a Reply
Prev 1 12 13 14 15 16 23 Next All
Trasko
Profile Blog Joined July 2010
Sweden983 Posts
August 10 2012 07:48 GMT
#261
On August 10 2012 07:42 mataxp wrote:
As a PSN user, dejá vu



loooool. Same here.... /fml
Jaedong <3
Deleted User 101379
Profile Blog Joined August 2010
4849 Posts
August 10 2012 07:48 GMT
#262
Every month another company loses customer data, when will this trend stop?

I use unique email adresses for everything i register to and it's funny to see new spam popping up all the time. The worst offenders are my sc2replayed@, buffed@ and startrekonline@ adresses, it got so annoying that i started blocking those completely since i stopped using those month before i started getting spam. I guess my blizzard[1-3]@ adresses will be next for the spam flood. I hope i'll never see the day where i have to block teamliquid@... but well, this site is protected by a wizard so it's unlikely to happen.

Well, at least on the other hand it shows me that some other companies are as bad as the one i work for.
Aterons_toss
Profile Joined February 2011
Romania1275 Posts
August 10 2012 07:56 GMT
#263
Well, at least i live in EU and i have a unique pas for blizzard.
But yeah, they are to incompetent to build an anti hack for there game and now they can't even protect customer info...
Are there no good gaming companies left out there ? When you start failing at game design that's one, when you fail at protecting customer info and not fixing bug that's another thing.
Oh well, CD projekt red for new blizzard ?
A good strategy means leaving your opponent room to make mistakes
imJealous
Profile Joined July 2010
United States1382 Posts
August 10 2012 08:01 GMT
#264
On August 10 2012 16:48 Morfildur wrote:
Every month another company loses customer data, when will this trend stop?

I use unique email adresses for everything i register to and it's funny to see new spam popping up all the time. The worst offenders are my sc2replayed@, buffed@ and startrekonline@ adresses, it got so annoying that i started blocking those completely since i stopped using those month before i started getting spam. I guess my blizzard[1-3]@ adresses will be next for the spam flood. I hope i'll never see the day where i have to block teamliquid@... but well, this site is protected by a wizard so it's unlikely to happen.

Well, at least on the other hand it shows me that some other companies are as bad as the one i work for.

+ trick for the win

I don't think you can call it a trend though, hackers finding a way in is like a fact of life.
... In life very little goes right. "Right" meaning the way one expected and the way one wanted it. One has no right to want or expect anything.
windzor
Profile Joined October 2010
Denmark1013 Posts
August 10 2012 08:02 GMT
#265
On August 10 2012 16:43 RoberP wrote:
If the passwords they stole are encrypted, the chances of breaking the cypher on an 8 letter password are about zero. They'd be better off just trying to guess your password ^^. Still worth changing the secret question though.


Actually wrong. It depends on what kind of hashed passwords they got. Seeing as they mention SRP i guess the hacker was eavesdropping the login information in that protocol, or else it makes no sense for blizzard to mention the protocol.

If it was the actual database of the passwords, which might be because they got hold of other account information, the standard way of hashing passwords was considered broken by the author 2 months ago. Then blizzard should have be scared.

But my money is still on the eavesdropping of the SRP which means blizzards security office isn't fired this time around.
Yeah
malaan
Profile Joined September 2010
365 Posts
August 10 2012 08:02 GMT
#266
wonderful... this comes 1 week after I just got all my money back from a card cloning...
Rannasha
Profile Blog Joined August 2010
Netherlands2398 Posts
August 10 2012 08:04 GMT
#267
On August 10 2012 17:02 windzor wrote:
Show nested quote +
On August 10 2012 16:43 RoberP wrote:
If the passwords they stole are encrypted, the chances of breaking the cypher on an 8 letter password are about zero. They'd be better off just trying to guess your password ^^. Still worth changing the secret question though.


If it was the actual database of the passwords, which might be because they got hold of other account information, the standard way of hashing passwords was considered broken by the author 2 months ago. Then blizzard should have be scared.


MD5 hasn't been the "standard way of hashing passwords" for years now. Some websites with terrible security may still use it, but anyone who knows anything about securing a system will have moved away from MD5 a long time ago.
Such flammable little insects!
multiversed
Profile Joined December 2010
United States233 Posts
August 10 2012 08:04 GMT
#268
this entirely defeats the intent and purpose of an authenticator. the only reason to ever use one of these was the fact that it was completely secure and sold as an absolute level security. i am beyond annoyed by this and blizzard should kill themselves. teehee.
Team Liquid is the used the tampon of the starcraft community.
Eisregen
Profile Joined September 2011
Germany967 Posts
August 10 2012 08:07 GMT
#269
glad I never ever enter real information bout me or any finanial infos =)
They can spam my email if they want to, will bore me ^^
Photo-Noob@ http://www.flickr.com/photos/eisregen1983/
MaV_gGSC
Profile Blog Joined November 2010
Canada1345 Posts
August 10 2012 08:10 GMT
#270
better change my password asap. This reminds me of the PSN incident
Life's good :D
Ragnarork
Profile Blog Joined June 2011
France9034 Posts
Last Edited: 2012-08-10 08:14:45
August 10 2012 08:12 GMT
#271
On August 10 2012 16:48 Morfildur wrote:
Every month another company loses customer data, when will this trend stop?

I use unique email adresses for everything i register to and it's funny to see new spam popping up all the time. The worst offenders are my sc2replayed@, buffed@ and startrekonline@ adresses, it got so annoying that i started blocking those completely since i stopped using those month before i started getting spam. I guess my blizzard[1-3]@ adresses will be next for the spam flood. I hope i'll never see the day where i have to block teamliquid@... but well, this site is protected by a wizard so it's unlikely to happen.

Well, at least on the other hand it shows me that some other companies are as bad as the one i work for.


It won't...

I see one main reason for that (though I'm sure that there are more than one, I'm not sure which...)

The fact that companies sometimes overlook security to gain efficiency is playing a role. I think you know what happened with LinkedIn and the leaked hashed password, they were hashed with SHA1 without what we call a "salt" (a random sequence of numbers/letters attached to the hash of the password in order to make this hash unique, even for 2 identical passwords).

SHA1 is a hashing algorithm that we know since 2005 that it has security flaws ( for those interested in the details : http://en.wikipedia.org/wiki/SHA-1).
Not adding a salt to the hashs also makes the security very weak.
This weak security can be seen (personal opinion there) as either linkedIn wanting a fast encryption method, or plain stupidity.
Moreover, those password were stolen thanks to an SQL injection, a common security flaw that is now known for a long time.

Since we still have in 2012 companies that overlook security to gain efficiency, or just by plain stupidity, it won't help stopping this trend. I don't know if you remember Lulzsec, but they weren't "that" good as hackers. They just found very simple security breaches in companies that were quite carefree BEFORE being targeted by hackers. Today, any website that isn't secured against SQL injection is vulnerable to very simple (and easy to find) intrusive methods...

Then, I don't think Blizzard was quite lazy, but a thing they say in the FAQ is that being a huge company on the internet makes you a target tested and tested again on security, either by Black hats or (unofficial) white hats (that first crack, and then contact the company to reveal the flaw).
LiquipediaWanderer
Jinsho
Profile Joined March 2011
United Kingdom3101 Posts
August 10 2012 08:19 GMT
#272
Considering that the only personal data actually lost were email adresses, this is way harmless. Could have potentially been much worse.
klo8
Profile Joined August 2010
Austria1960 Posts
Last Edited: 2012-08-10 08:22:56
August 10 2012 08:22 GMT
#273
On August 10 2012 17:02 windzor wrote:
Show nested quote +
On August 10 2012 16:43 RoberP wrote:
If the passwords they stole are encrypted, the chances of breaking the cypher on an 8 letter password are about zero. They'd be better off just trying to guess your password ^^. Still worth changing the secret question though.


Actually wrong. It depends on what kind of hashed passwords they got. Seeing as they mention SRP i guess the hacker was eavesdropping the login information in that protocol, or else it makes no sense for blizzard to mention the protocol.

If it was the actual database of the passwords, which might be because they got hold of other account information, the standard way of hashing passwords was considered broken by the author 2 months ago. Then blizzard should have be scared.

But my money is still on the eavesdropping of the SRP which means blizzards security office isn't fired this time around.

MD5 has been considered unsafe for a long while now. Already in 1996, a researcher wrote:
"The presented attack does not yet threaten practical applications of MD5, but it comes rather close ... in the future MD5 should no longer be implemented...where a collision-resistant hash function is required."

And in 2005:
Later that year, MD5's designer Ron Rivest wrote, "md5 and sha1 are both clearly broken (in terms of collision-resistance)."


I guess, the point is: Don't use MD5 (or SHA1, or any hash function that you can evaluate very quickly) for hashing passwords, not even a salt value will help you out because MD5 is broken. Use Bcrypt or something similar instead.
This post is clearly not a hurr, as you can see from the graph, the durr never intersects with the derp.
teamamerica
Profile Blog Joined July 2010
United States958 Posts
Last Edited: 2012-08-10 09:00:00
August 10 2012 08:25 GMT
#274
Edit: Whoops I'm dumb. md5 != md5crypt.
RIP GOMTV. RIP PROLEAGUE.
XiWi
Profile Joined August 2012
11 Posts
August 10 2012 08:27 GMT
#275
I'm worried about what information exactly was stolen, and some hacker now social engineering to dig more information.
ChemBroTron
Profile Joined January 2011
Germany194 Posts
Last Edited: 2012-08-10 08:35:56
August 10 2012 08:34 GMT
#276
On August 10 2012 16:48 Morfildur wrote:
Every month another company loses customer data, when will this trend stop?


This will never end and it is not a trend, it is a criminal act. The question is: how save were for example the passwords stored. Save (like Blizzard says for itself, but better change the password for more safety) or unsave (like Sony/PSN).
seiferoth10
Profile Joined May 2010
3362 Posts
August 10 2012 08:40 GMT
#277
I'm honestly surprised it took this long. With 8 years of paying customers' info from WoW, I would imagine they have been a prime target for a long time.
Ragnarork
Profile Blog Joined June 2011
France9034 Posts
August 10 2012 08:41 GMT
#278
By the way I'm a bit confused. How can they say that, with the hackers possessing E-Mails AND security questions' answers, the accounts are safe... ? (Well, even before changing the answer...)
LiquipediaWanderer
GabrielB
Profile Joined February 2003
Brazil594 Posts
August 10 2012 08:48 GMT
#279
On August 10 2012 17:41 Ragnarork wrote:
By the way I'm a bit confused. How can they say that, with the hackers possessing E-Mails AND security questions' answers, the accounts are safe... ? (Well, even before changing the answer...)

I'm not sure how it works on Blizzard, but some sites ask for your email and the answer for your security question. If you provide them correctly, they send you an email with a link to reset your password. So the hacker would still need access to your email.
multiversed
Profile Joined December 2010
United States233 Posts
August 10 2012 08:54 GMT
#280
so i am looking for a way to change my security question and am not finding it online. does this require a phone call for all of my accounts? that is further disappointing if the case... i don't even remember the questions atm, let alone the answers.
Team Liquid is the used the tampon of the starcraft community.
Prev 1 12 13 14 15 16 23 Next All
Please log in or register to reply.
Live Events Refresh
Next event in 4h 37m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
WinterStarcraft715
oGsTOP 205
StarCraft: Brood War
Rain 5793
GuemChi 2629
Tasteless 285
ZergMaN 30
NaDa 29
Bale 16
Noble 11
Icarus 9
IntoTheRainbow 8
League of Legends
JimRising 662
Counter-Strike
summit1g7929
Other Games
C9.Mang0304
NeuroSwarm114
Nina38
Organizations
Other Games
gamesdonequick2277
BasetradeTV228
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 13 non-featured ]
StarCraft 2
• Berry_CruncH340
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
League of Legends
• Rush1334
• Stunt576
Upcoming Events
WardiTV Weekly
4h 37m
The PondCast
1d 3h
Replay Cast
2 days
CrankTV Team League
2 days
Replay Cast
3 days
CrankTV Team League
3 days
Replay Cast
3 days
RSL Revival
4 days
Clem vs Lambo
Scarlett vs Cure
CranKy Ducklings
4 days
IPSL
4 days
Dragon vs Hawk
[ Show More ]
RSL Revival
5 days
Classic vs Trap
herO vs SHIN
Sparkling Tuna Cup
5 days
IPSL
5 days
Bonyth vs Ret
WardiTV Weekly
6 days
Monday Night Weeklies
6 days
Liquipedia Results

Completed

YSL S3
HSC XXIX
Eternal Conflict S2 E2

Ongoing

IPSL Spring 2026
Acropolis #4
CSL 2026 Summer (S21)
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
SCTL 2026 Spring
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

Escore Tournament S3: W3
ASL S22 SEASON OPEN Day 1
Escore Tournament S3: W4
ASL S22 SEASON OPEN Day 2
Escore Tournament S3: W5
CSLAN 4
Blizzard Classic Cup 2026
HSC XXX
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
Stake Ranked Episode 3
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.