• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 12:21
CEST 18:21
KST 01:21
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Serral wins Maestros of the Game 223ByuL, and the Limitations of Standard Play3Team Liquid Map Contest #22: Results and Winners7Code S Season 2 (2026): RO4 and Finals Preview12TL.net Map Contest #22 - Voting & Ladder Map Selection7
Community News
MC vs IdrA, Boxer vs Nal_rA to be Legacy Matches @ BlizzCon315.0.16 Hotfix (June 30) - Balance + Bug Fixes38Weekly Cups (June 22-28): Zergs thrive in new patch5[TLMC] Summer 2026 Ladder Map Rotation05.0.16 patch for SC2 goes live (8 worker start)99
StarCraft 2
General
ZOWIE DIVINA preview Serral wins Maestros of the Game 2 Server Blocker StarCraft Mass Recall: SC1 campaigns on SC2 thread 5.0.16 Hotfix (June 30) - Balance + Bug Fixes
Tourneys
HomeStory Cup 29 Vespene Cup #1 — $300+ USD, July 10 Douyu Cup 2026: $20,000 Legends Event (June 26-28) Crank Gathers Season 4: BW vs SC2 Team League RSL Revival: Season 6 - Qualifiers and Main Event
Strategy
[G] Having the right mentality to improve
Custom Maps
New Map Maker - Looking for Advice - Love or Hate Work In Progress Melee Maps [D]RTS in all its shapes and glory <3
External Content
The PondCast: SC2 News & Results Mutation # 532 Nuclear Family Mutation # 531 Experimental Artillery Mutation # 530 One For All
Brood War
General
BW General Discussion BGH Auto Balance -> http://bghmmr.eu/ ASL 22 Proposed Map Pool Snow On New ASL S22 Map, Zerg Nerf Farewell Beloved Starcraft (Youtube Videos)
Tourneys
CSLAN 4 is Coming! Escore Tournament StarCraft Season 2 The Casual Games of the Week Thread [Megathread] Daily Proleagues
Strategy
Simple Questions, Simple Answers Creating a full chart of Zerg builds Relatively freeroll strategies Why doesn't anyone use restoration?
Other Games
General Games
Stormgate/Frost Giant Megathread Summer Games Done Quick 2026! Nintendo Switch Thread Dawn of War IV ZeroSpace at Steam NextFest - Last free demo
Dota 2
Looking for a Dota Mentor Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Deck construction bug
TL Mafia
Five o'clock TL Mafia NeO.D_StephenKing vs This Guy From 1 Million Dance TL Mafia Community Thread TL Mafia Power Rank Vanilla Mini Mafia
Community
General
US Politics Mega-thread Russo-Ukrainian War Thread YouTube Thread Canadian Politics Mega-thread The Games Industry And ATVI
Fan Clubs
The HerO Fan Club! The herO Fan Club!
Media & Entertainment
Movie Discussion! Series you have seen recently... [Req][Books] Good Fantasy/SciFi books [TV/BOOK] *SPOILERS* Game of Thrones Discussion
Sports
2024 - 2026 Football Thread Formula 1 Discussion McBoner: A hockey love story TeamLiquid Health and Fitness Initiative For 2023 Cricket [SPORT]
World Cup 2022
Tech Support
How to clean a TTe Thermaltake keyboard? Computer Build, Upgrade & Buying Resource Thread
TL Community
The Automated Ban List
Blogs
Major Shifts in the Gaming I…
TrAiDoS
An Exploration of th…
waywardstrategy
I'm an arrogant trash talke…
FlaShFTW
Gauntlet SC2: A Retrospectiv…
Ctone23
ramps on octagon
StaticNine
Funny Nicknames
LUCKY_NOOB
Customize Sidebar...

Website Feedback

Closed Threads



Active: 4072 users

Blizzard Security Breach - Page 5

Forum Index > SC2 General
442 CommentsPost a Reply
Prev 1 2 3 4 5 6 7 21 22 23 Next All
netherh
Profile Blog Joined November 2011
United Kingdom333 Posts
August 09 2012 23:30 GMT
#81
It's lucky they don't do anything stupid like make all the passwords case insensitive... Oh wait.
-RusH
Profile Joined June 2012
United States240 Posts
August 09 2012 23:31 GMT
#82
I can't seem to find how to edit the secret question/answer. Anyone know where?
Life..
Eufouria
Profile Blog Joined March 2011
United Kingdom4425 Posts
Last Edited: 2012-08-09 23:32:10
August 09 2012 23:31 GMT
#83
On August 10 2012 08:26 R1CH wrote:
Show nested quote +
On August 10 2012 08:22 BadgerBadger8264 wrote:
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")


Not saying you shouldn't change your password just to be completely sure, but if you'd know anything about the hashes used to encrypt passwords and how long it takes to decipher even a single password you would know that it's practically impossible for the people that have stolen the hash to obtain even a single password from that information within a month (and even that is stretching it as they'd need a cluster of powerful machines brute forcing the hash constantly for the duration), let alone retrieving a decent amount of stolen passwords. It's honestly not even close to being worth the power/rental costs of doing so to obtain an account worth maybe 100$. This is obviously assuming Blizzard doesn't use horribly outdated encryption, though.

I don't think you're aware of how password hashing works. Do you not think there are millions of people with "password123" or equally terrible passwords in those stolen hashes? Why would you need a month to break that?

Its so bad nobody would ever use it, so hackers won't even try it. Metagame.

So can we all expect to be added to a bunch more spam email lists because of this?
BadgerBadger8264
Profile Joined March 2011
Netherlands409 Posts
Last Edited: 2012-08-09 23:35:57
August 09 2012 23:32 GMT
#84
On August 10 2012 08:26 R1CH wrote:
Show nested quote +
On August 10 2012 08:22 BadgerBadger8264 wrote:
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")


Not saying you shouldn't change your password just to be completely sure, but if you'd know anything about the hashes used to encrypt passwords and how long it takes to decipher even a single password you would know that it's practically impossible for the people that have stolen the hash to obtain even a single password from that information within a month (and even that is stretching it as they'd need a cluster of powerful machines brute forcing the hash constantly for the duration), let alone retrieving a decent amount of stolen passwords. It's honestly not even close to being worth the power/rental costs of doing so to obtain an account worth maybe 100$. This is obviously assuming Blizzard doesn't use horribly outdated encryption, though.

I don't think you're aware of how password hashing works. Do you not think there are millions of people with "password123" or equally terrible passwords in those stolen hashes? Why would you need a month to break that?


Typically passwords are hashed in combination with a username and other information. You can't simply hash "password123" and have thousands of results turn up. You'd have to know the hashing algorithm used by Blizzard, then for every individual user, hash "password123" and compare it to the stored hash. That still obviously wouldn't take a month to do with a single password, so you're right that it is probably feasible to do that for very common passwords and obtain a good amount of accounts. Still, if your password is even remotely unique, they will never realistically obtain it.
sour_eraser
Profile Joined March 2011
Canada932 Posts
Last Edited: 2012-08-09 23:34:21
August 09 2012 23:32 GMT
#85
Ehh. Doesnt really affect me much considering I have diff passwords for all my email and other games. lol
But I want to know if we need to know Previous Answer to Secret Question when they force us change it into new one. I forgot mine :/
"What's the f*cking point of censoring a letter if everyone and their mother knows what it stands for.... F*cking morons"
VPVanek
Profile Joined August 2010
Canada238 Posts
August 09 2012 23:33 GMT
#86
Well I guess I am changing my password now ahahah
FoXer
Crying
Profile Joined February 2011
Bulgaria778 Posts
August 09 2012 23:33 GMT
#87
On August 10 2012 08:31 -RusH wrote:
I can't seem to find how to edit the secret question/answer. Anyone know where?

i think the security question is not changeable.
Determination~ Hard Work Surpass NATURAL GENIUS!
thatsundowner
Profile Joined July 2011
Canada312 Posts
August 09 2012 23:33 GMT
#88
On August 10 2012 08:30 netherh wrote:
It's lucky they don't do anything stupid like make all the passwords case insensitive... Oh wait.


if somebody gets the password case sensitivity is irrelevant and brute forcing is not how the vast majority of stolen b.net accounts are taken. it's kind of an irrelevant thing, and not a big deal at all that they don't do it
"you're gonna fail" in latin
entropius
Profile Joined June 2010
United States1046 Posts
August 09 2012 23:37 GMT
#89
On August 10 2012 08:26 R1CH wrote:
Show nested quote +
On August 10 2012 08:22 BadgerBadger8264 wrote:
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")


Not saying you shouldn't change your password just to be completely sure, but if you'd know anything about the hashes used to encrypt passwords and how long it takes to decipher even a single password you would know that it's practically impossible for the people that have stolen the hash to obtain even a single password from that information within a month (and even that is stretching it as they'd need a cluster of powerful machines brute forcing the hash constantly for the duration), let alone retrieving a decent amount of stolen passwords. It's honestly not even close to being worth the power/rental costs of doing so to obtain an account worth maybe 100$. This is obviously assuming Blizzard doesn't use horribly outdated encryption, though.

I don't think you're aware of how password hashing works. Do you not think there are millions of people with "password123" or equally terrible passwords in those stolen hashes? Why would you need a month to break that?


Wouldn't salting the hashes make this sort of thing impossible? I have in mind the sort of attack where the attacker computes the hash of "password123" and compares it to all the hashes to see if it matches any of them (which is only O(log N)), which would be foiled by salts -- in that case they've got to do the hash algorithm N times instead of just once to check N hashes against each dictionary word. Of course, if the passwords are suitably weak then you can probably afford this -- just check the simplest ones against all of them.

It's been a while since I studied this stuff, of course, so I could be wrong.
IM_Junior
Profile Joined April 2012
Mexico29 Posts
August 09 2012 23:38 GMT
#90
Thx in advance, password changed just to be safe for the moment !!!!
Zerg for life !!! --- DRG / Stephano / Leenock / Life and Nesteaaaaaa
Silidons
Profile Blog Joined September 2010
United States2813 Posts
August 09 2012 23:39 GMT
#91
I noticed that in the past 2 days or so, I went from getting ~5 spam mail a day on my bnet email to 20. I have an Auth and use different PW's for different things, but now I gotta change it >_<
"God fights on the side with the best artillery." - Napoleon Bonaparte
Maluk
Profile Joined August 2011
France987 Posts
Last Edited: 2012-08-09 23:43:52
August 09 2012 23:39 GMT
#92
Does anyone know if my credit card number is somewhere in Blizzard's datas if I used it only to buy StarCraft 2, and not for any monthly payment ?
Edit : Yes, my question probably sounds pretty noob but I am clueless concerning hacks t.t
ROOTIllusion
Profile Blog Joined August 2010
United States1060 Posts
August 09 2012 23:40 GMT
#93
Didnt something like this happen a year or so ago? damn hackers
www.twitter.com/rootillusion & www.facebook.com/illusionsc2
jnkw
Profile Joined November 2010
Canada347 Posts
August 09 2012 23:42 GMT
#94
On August 10 2012 08:37 entropius wrote:
Show nested quote +
On August 10 2012 08:26 R1CH wrote:
On August 10 2012 08:22 BadgerBadger8264 wrote:
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")


Not saying you shouldn't change your password just to be completely sure, but if you'd know anything about the hashes used to encrypt passwords and how long it takes to decipher even a single password you would know that it's practically impossible for the people that have stolen the hash to obtain even a single password from that information within a month (and even that is stretching it as they'd need a cluster of powerful machines brute forcing the hash constantly for the duration), let alone retrieving a decent amount of stolen passwords. It's honestly not even close to being worth the power/rental costs of doing so to obtain an account worth maybe 100$. This is obviously assuming Blizzard doesn't use horribly outdated encryption, though.

I don't think you're aware of how password hashing works. Do you not think there are millions of people with "password123" or equally terrible passwords in those stolen hashes? Why would you need a month to break that?


Wouldn't salting the hashes make this sort of thing impossible? I have in mind the sort of attack where the attacker computes the hash of "password123" and compares it to all the hashes to see if it matches any of them (which is only O(log N)), which would be foiled by salts -- in that case they've got to do the hash algorithm N times instead of just once to check N hashes against each dictionary word. Of course, if the passwords are suitably weak then you can probably afford this -- just check the simplest ones against all of them.

It's been a while since I studied this stuff, of course, so I could be wrong.


Given that there exist many extremely common passwords like 'password', it is not unreasonable to assume that rainbow tables might exist for a large number of possible salts per common password.
EleanorRIgby
Profile Joined March 2008
Canada3923 Posts
August 09 2012 23:43 GMT
#95
damn this sucks but i think hackers usually go for wow/d3 accounts, sc2 accounts are probably the least profitable
savior did nothing wrong
Kambing
Profile Joined May 2010
United States1176 Posts
August 09 2012 23:43 GMT
#96
On August 10 2012 08:37 entropius wrote:
Show nested quote +
On August 10 2012 08:26 R1CH wrote:
On August 10 2012 08:22 BadgerBadger8264 wrote:
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")


Not saying you shouldn't change your password just to be completely sure, but if you'd know anything about the hashes used to encrypt passwords and how long it takes to decipher even a single password you would know that it's practically impossible for the people that have stolen the hash to obtain even a single password from that information within a month (and even that is stretching it as they'd need a cluster of powerful machines brute forcing the hash constantly for the duration), let alone retrieving a decent amount of stolen passwords. It's honestly not even close to being worth the power/rental costs of doing so to obtain an account worth maybe 100$. This is obviously assuming Blizzard doesn't use horribly outdated encryption, though.

I don't think you're aware of how password hashing works. Do you not think there are millions of people with "password123" or equally terrible passwords in those stolen hashes? Why would you need a month to break that?


Wouldn't salting the hashes make this sort of thing impossible? I have in mind the sort of attack where the attacker computes the hash of "password123" and compares it to all the hashes to see if it matches any of them (which is only O(log N)), which would be foiled by salts -- in that case they've got to do the hash algorithm N times instead of just once to check N hashes against each dictionary word. Of course, if the passwords are suitably weak then you can probably afford this -- just check the simplest ones against all of them.

It's been a while since I studied this stuff, of course, so I could be wrong.


Not necessarily, e.g., http://www.openwall.com/john/.

Passwords in practice are frequently suitably weak and amendable to cracking (e.g., via a dictionary attack). Knowing how the passwords were salted --- or at least narrowing it down to a small set of salting schemes --- makes things more tractable as well.

So theoretically intractable. Practically hard to do, but not impossible.
Pufftrees
Profile Joined March 2009
2449 Posts
August 09 2012 23:43 GMT
#97

This is just... unacceptable. What the flux.

+ Show Spoiler +
Blizzard is such a joke
Chance favors the prepared mind.
RoyGBiv_13
Profile Blog Joined August 2010
United States1275 Posts
August 09 2012 23:45 GMT
#98
I went to a talk at DEFCON about fuzzing d3, where they showed just how secure blizzard's password system is. I would not be worried about them breaking you password hash (a properly salted and hashed password is a difficult thing to unravel). The security questions are a real risk though.
Any sufficiently advanced technology is indistinguishable from magic
Dingobloo
Profile Blog Joined September 2010
Australia1903 Posts
Last Edited: 2012-08-09 23:46:54
August 09 2012 23:45 GMT
#99
On August 10 2012 08:37 entropius wrote:
Show nested quote +
On August 10 2012 08:26 R1CH wrote:
On August 10 2012 08:22 BadgerBadger8264 wrote:
On August 10 2012 07:38 Probe1 wrote:
So change your passwords. Got it.

(Before anyone says "Oh no Probe u sux at reading", cryptographically scrambled versions.. do you trust your account and information on that? Do you?")


Not saying you shouldn't change your password just to be completely sure, but if you'd know anything about the hashes used to encrypt passwords and how long it takes to decipher even a single password you would know that it's practically impossible for the people that have stolen the hash to obtain even a single password from that information within a month (and even that is stretching it as they'd need a cluster of powerful machines brute forcing the hash constantly for the duration), let alone retrieving a decent amount of stolen passwords. It's honestly not even close to being worth the power/rental costs of doing so to obtain an account worth maybe 100$. This is obviously assuming Blizzard doesn't use horribly outdated encryption, though.

I don't think you're aware of how password hashing works. Do you not think there are millions of people with "password123" or equally terrible passwords in those stolen hashes? Why would you need a month to break that?


Wouldn't salting the hashes make this sort of thing impossible? I have in mind the sort of attack where the attacker computes the hash of "password123" and compares it to all the hashes to see if it matches any of them (which is only O(log N)), which would be foiled by salts -- in that case they've got to do the hash algorithm N times instead of just once to check N hashes against each dictionary word. Of course, if the passwords are suitably weak then you can probably afford this -- just check the simplest ones against all of them.

It's been a while since I studied this stuff, of course, so I could be wrong.


They actually tell us the method by which they encrypt the passwords in the faq:

http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

It includes the username, password, salt and an unspecified hash function, so dictionary attacks aren't likely to be a problem.

Again, no guarantee's but they seem to have done due diligence with regards to making getting the actual password very difficult given just the hash.
Kambing
Profile Joined May 2010
United States1176 Posts
August 09 2012 23:45 GMT
#100
On August 10 2012 08:43 EleanorRIgby wrote:
damn this sucks but i think hackers usually go for wow/d3 accounts, sc2 accounts are probably the least profitable


Likely that they can't differentiate without cracking the account. And besides, your email address and secret answers can be enough to do damage. For example, some (badly designed) sites will let your reset a password immediately after you successfully answer a secret question without sending email to your account first.
Prev 1 2 3 4 5 6 7 21 22 23 Next All
Please log in or register to reply.
Live Events Refresh
OSC
13:00
OSC Elite SC2 Cup #15
Liquipedia
HomeStory Cup
11:30
XXIX - Playoffs Final Day
Serral vs Lambo
Clem vs Reynor
TaKeTV5701
ComeBackTV 1753
TaKeSeN 588
IndyStarCraft 375
Rex153
3DClanTV 148
Liquipedia
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
IndyStarCraft 375
Rex 153
BRAT_OK 46
StarCraft: Brood War
Britney 29492
Calm 3492
Shuttle 1417
Jaedong 988
Soulkey 623
Mong 405
actioN 223
Rush 196
Light 148
910 141
[ Show more ]
ZZZero.O 120
Zeus 83
Hyun 62
Dewaltoss 52
Sharp 41
Free 40
Movie 36
HiyA 35
soO 34
Rock 25
Sacsri 22
GoRush 17
ajuk12(nOOB) 17
zelot 13
Dota 2
qojqva3403
Counter-Strike
byalli446
kRYSTAL_50
Heroes of the Storm
Khaldor510
Liquid`Hasu149
Other Games
singsing2978
B2W.Neo1193
Hui .181
KnowMe163
ArmadaUGS140
QueenE51
amsayoshi26
Organizations
Dota 2
PGL Dota 2 - Main Stream146
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
[ Show 13 non-featured ]
StarCraft 2
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• Airneanach14
• Pr0nogo 7
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Other Games
• Shiphtur195
Upcoming Events
WardiTV Weekly
1d 18h
The PondCast
2 days
Replay Cast
3 days
CrankTV Team League
3 days
Replay Cast
4 days
CrankTV Team League
4 days
Replay Cast
5 days
RSL Revival
5 days
CranKy Ducklings
5 days
Afreeca Starleague
5 days
Snow vs Jaedong
YSC vs hero
[ Show More ]
RSL Revival
6 days
Sparkling Tuna Cup
6 days
Liquipedia Results

Completed

Escore Tournament S3: W1
Douyu Cup 2026
Murky Cup 2026

Ongoing

IPSL Spring 2026
Acropolis #4
CSL Season 21: Qualifier 2
SCTL 2026 Spring
HSC XXIX
Eternal Conflict S2 E1
XSE Pro League 2026
IEM Cologne Major 2026
Stake Ranked Episode 2
CS Asia Championships 2026
Asian Champions League 2026
IEM Atlanta 2026
PGL Astana 2026
BLAST Rivals Spring 2026

Upcoming

CSL 2026 Summer (S21)
Escore Tournament S3: W2
ASL Season 22:Wild Card Qualifier
CSLAN 4
Blizzard Classic Cup 2026
SC4ALL II: StarCraft II
Kung Fu Cup 2026 Grand Finals
RSL Revival: Season 6
CranK Gathers Season 4: BW vs SC2 Team League
Light Tournament 2026
Eternal Conflict S2 Finale
Eternal Conflict S2 E3
Eternal Conflict S2 E2
Heroes Pulsing #3
Logitech G Connect 2026
StarSeries Fall 2026
FISSURE Playground #5
BLAST Open Fall 2026
Esports World Cup 2026
BLAST Bounty Summer 2026
BLAST Bounty Summer Qual
Stake Ranked Episode 3
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2026 TLnet. All Rights Reserved.