Normally I'd chalk getting hacked up to user error, but this is absolutely ridiculous. Take a look at the support forum some time and see for yourself. Something foul is afoot.
Out of a few million subscribers how many of those do you think know anything about computer security aside from what Norton tells them?
Normally I'd chalk getting hacked up to user error, but this is absolutely ridiculous. Take a look at the support forum some time and see for yourself. Something foul is afoot.
edit: And FFS, learn to stop pyramid quoting, people.
Yes, the fact that my 12 year old sister is playing WoW.
Nowadays the phising sites are 100% identical to the real thing. How many of the ~11 million WoW subscribers do you think are ever aware that these sites exist?
I agree on the edit
---------------- We don't need a king of MMOs, we need a group of Titans so that everyone can play what suits them best. -Ascension08
to clear it up the iphone authenticator is actually free
Unfortunately I don't have an iphone, fortunately I do not have a blizzard account any longer.
So it really doesn't matter to me, but if the rest of the people want companies like Blizzard and facebook, sharing your information and credit card numbers to the world or whoever is willing to pay for them. Then that is your business.
I think a company should not work like that, and it is a shame that is where some of these companies are heading. Exploiting their customers. That isn't capitalism, that is exploitation, and it should not be tolerated. You can be a capitalist company and do things the responsible way that feels good to your customers.
Okay this is utter BS. Blizzard did not share your username, password or credit card information with ANY other company. Stop spreading unfounded lies please...
YOU shared that information with hackers. It is your own fault... pure and simple. I know the truth hurts.
I never had my blizzard account hacked. I neve had any account hacked. I have a personal grudge against blizzard and their regime. Trying to impliment the systems like that of china. Trying to sell your private information to the highest bidder. It's not just blizzard that I have a problem with, they have just become the face of the companies that get away with tthis sort of thing. This really isn't an axe to be grinded with blizzard rather than all the companies that decide it is alright to invade your privacy and that your information is theirs to be sold.
Only reason I am here on these forums talking about it, is because most other companies do not have a platform for me to work off of. This board gives me a platform to stir up my privacy matters agenda.
Really, blizzard is just the new face of all the companies that think it is alright to sell your private information to the world, and then you have people calling you or spamming your email with their crappy ads you don't want. Or when you go to apply for a job or an apt, you have to pay 10-20 dollars for some company that has no business having all your personal information to begin with, to mail your potential employer a background check.;
Ok case confirmed, you have a personal agenda against blizz, none of my business. I hardly know who you are.
You line of logic is flawed.
You knowledge is total nonsense, you know nothng about china, just a personal agenda I guess. Show us a link of blizz to china. If it is your personal agenda again, ok understood.
Show us evidence that Blizz is auctioning our private information to the highest bidder, and well what valuable information have you given to blizzard anyway? If I want information, I would not bother come to a game forum or a game provider for them, client list of banks, or private cell phones, are way more valuable,.
Well, until you have better logic and more accurate information to base your arguements, feel free to rant your personal agendas. It is something very important to you.
That's fine, if you want to continue to subscribe to a game where the company does not respect you or your privacy, that is your business.
I must say that there are plenty of other games and companies out there where they do respect thier customers, you should give them a try. WoW has been around for years it is old news now.
I quit WoW for this very reason I personally know of three people who had there accounts hacked. Bliz made the worst mistake by making everyone use there email address as there log in. Then when you get hacked they shut the account down the hacker who used his credit card to play on your account denys charges to WoW and your left owing them a month of service that some idiot used to farm on. Security is too lax so after many years of playing the game I have thrown it in the garbage and there it will stay.
I love when this hapens people point fingers at blizzard. It isn't Blizzard's fault you got your account stolen. 99% of the time it is our own fault. Blizzard doesn't have to help you get it back, they do it out of customer service sake. Speaking of, the OP did it wrong. When I got my account stolen.. twice, I emailed them and both times had it resolved in a day. I never even attempted to call them because I know how large companies operate. They almost always have large hold time. The only way they would not have hold time is if they had 30,000 call center agents. That is not realistic. Most large companies have, at most, 5,000-10,000 worldwide. That is for the largest companies, like Dell. I expect WoW has 1,000-3,000 at most. Maybe less.
I was hacked twice before they made the change with the email. The way the keyloggers do it.. it makes no difference if you use your email address or not. NO difference. They have the same difficulty either way, so don't even try to blame the email addresses. Just the act of logging into the game gives them the info they need. They would have the info they need from that even if the email addresses were not used to log in.
The iPhone authenticator is free, if you don't have that and you DO have a cell you could still probably get a mobile authenticator for 99 cents.
If it is compatible you can get the authenticator by going to http://mobile.blizzard.com on your cell phone and clicking the authenticator link in the middle
If you cell is not compatible, then you will need to get the physical one. Before you say anything, no, blizzard is not forcing you to buy it. They offer it as a courtesy and make no direct money off if it. Any cost for the authenticator is to cover the cost of creating or distributing that one unit. They make NO profit from it.
The people who are trying to make a profit are the ones who try to buy out the blizzard store and sell them all on ebay for $40 each.
Originally posted by Zookz Originally posted by uohaloran Normally I'd chalk getting hacked up to user error, but this is absolutely ridiculous. Take a look at the support forum some time and see for yourself. Something foul is afoot.
Out of a few million subscribers how many of those do you think know anything about computer security aside from what Norton tells them?
Regardless, something so rampant should be handled by Blizzard. Isn't it sort of funny that what was supposed to be the solution to preemptive hacking will actually restrict some users from playing?
Mandatory authenticators would have fixed this. They're not taking a hard stance against hacking at all and pretty much turning a blind eye to it. Blizzard has the power to fix it, so why don't they?
Regardless, something so rampant should be handled by Blizzard. Isn't it sort of funny that what was supposed to be the solution to preemptive hacking will actually restrict some users from playing?
Mandatory authenticators would have fixed this. They're not taking a hard stance against hacking at all and pretty much turning a blind eye to it. Blizzard has the power to fix it, so why don't they?
It's impossible to fix stupidity. They have authenticators for sale. If people are concerned or aren't comfortable with computer security the option exists to buy one.
Ultimately the security of your account within the confines of your PC is your duty, not the game companies out there. They've long since realized the things I've pointed out here, especially with regards to virus scanners, malware checkers, etc. No program is going to find everything that can potentially compromise your account, and they realize that. All they can hope to do is set a policy in place, and urge their customers to be safe and use safe computing habits.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
It's impossible to fix stupidity. They have authenticators for sale. If people are concerned or aren't comfortable with computer security the option exists to buy one.
I agree that you cannot fix stupidity, but you can protect people from themselves.
The car works perfectly without locks, so you don't really need them; don't get carjacked! /s
to clear it up the iphone authenticator is actually free
Unfortunately I don't have an iphone, fortunately I do not have a blizzard account any longer.
So it really doesn't matter to me, but if the rest of the people want companies like Blizzard and facebook, sharing your information and credit card numbers to the world or whoever is willing to pay for them. Then that is your business.
I think a company should not work like that, and it is a shame that is where some of these companies are heading. Exploiting their customers. That isn't capitalism, that is exploitation, and it should not be tolerated. You can be a capitalist company and do things the responsible way that feels good to your customers.
Okay this is utter BS. Blizzard did not share your username, password or credit card information with ANY other company. Stop spreading unfounded lies please...
YOU shared that information with hackers. It is your own fault... pure and simple. I know the truth hurts.
I never had my blizzard account hacked. I neve had any account hacked. I have a personal grudge against blizzard and their regime. Trying to impliment the systems like that of china. Trying to sell your private information to the highest bidder. It's not just blizzard that I have a problem with, they have just become the face of the companies that get away with tthis sort of thing. This really isn't an axe to be grinded with blizzard rather than all the companies that decide it is alright to invade your privacy and that your information is theirs to be sold.
Only reason I am here on these forums talking about it, is because most other companies do not have a platform for me to work off of. This board gives me a platform to stir up my privacy matters agenda.
Really, blizzard is just the new face of all the companies that think it is alright to sell your private information to the world, and then you have people calling you or spamming your email with their crappy ads you don't want. Or when you go to apply for a job or an apt, you have to pay 10-20 dollars for some company that has no business having all your personal information to begin with, to mail your potential employer a background check.;
Ok case confirmed, you have a personal agenda against blizz, none of my business. I hardly know who you are.
You line of logic is flawed.
You knowledge is total nonsense, you know nothng about china, just a personal agenda I guess. Show us a link of blizz to china. If it is your personal agenda again, ok understood.
Show us evidence that Blizz is auctioning our private information to the highest bidder, and well what valuable information have you given to blizzard anyway? If I want information, I would not bother come to a game forum or a game provider for them, client list of banks, or private cell phones, are way more valuable,.
Well, until you have better logic and more accurate information to base your arguements, feel free to rant your personal agendas. It is something very important to you.
That's fine, if you want to continue to subscribe to a game where the company does not respect you or your privacy, that is your business.
I must say that there are plenty of other games and companies out there where they do respect thier customers, you should give them a try. WoW has been around for years it is old news now.
Oh great, do I ever tell you that I play WoW? How do you know I have an active sub.
Like I said, I pay sub to a game for the purpose of gaming, I provide very primitive information about me, a shortened name, vague information, sometimes the hotel I am living in during the transit. AND I am supposed to be very worried because someone found out that I am John Smith, who once lived in room 214 of grand hotel.
And you know as a fact that I do not play other games, only WoW? Now that english as a language is 2000 years old (joke) it must be old news now.
Last time I recall, chess is very very old, so is card games. We should all stop playing it. Eating is old too.
Do you need to lecture on us what games to play, and bring these personal views and personal agenda, plus all those personal assumptions to this discussion. You hardly know who I am, my sex, my race, my age, my health, my gaming habits or anythig, yet you draw such conclusions and offer such advice. As if you know enough about me to make sense.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It's impossible to fix stupidity. They have authenticators for sale. If people are concerned or aren't comfortable with computer security the option exists to buy one.
I agree that you cannot fix stupidity, but you can protect people from themselves.
The car works perfectly without locks, so you don't really need them; don't get carjacked! /s
True. I have a bit of a Darwinian outlook on life, so I say let the dumb perish.
to clear it up the iphone authenticator is actually free
Unfortunately I don't have an iphone, fortunately I do not have a blizzard account any longer.
So it really doesn't matter to me, but if the rest of the people want companies like Blizzard and facebook, sharing your information and credit card numbers to the world or whoever is willing to pay for them. Then that is your business.
I think a company should not work like that, and it is a shame that is where some of these companies are heading. Exploiting their customers. That isn't capitalism, that is exploitation, and it should not be tolerated. You can be a capitalist company and do things the responsible way that feels good to your customers.
Okay this is utter BS. Blizzard did not share your username, password or credit card information with ANY other company. Stop spreading unfounded lies please...
YOU shared that information with hackers. It is your own fault... pure and simple. I know the truth hurts.
I never had my blizzard account hacked. I neve had any account hacked. I have a personal grudge against blizzard and their regime. Trying to impliment the systems like that of china. Trying to sell your private information to the highest bidder. It's not just blizzard that I have a problem with, they have just become the face of the companies that get away with tthis sort of thing. This really isn't an axe to be grinded with blizzard rather than all the companies that decide it is alright to invade your privacy and that your information is theirs to be sold.
Only reason I am here on these forums talking about it, is because most other companies do not have a platform for me to work off of. This board gives me a platform to stir up my privacy matters agenda.
Really, blizzard is just the new face of all the companies that think it is alright to sell your private information to the world, and then you have people calling you or spamming your email with their crappy ads you don't want. Or when you go to apply for a job or an apt, you have to pay 10-20 dollars for some company that has no business having all your personal information to begin with, to mail your potential employer a background check.;
Ok case confirmed, you have a personal agenda against blizz, none of my business. I hardly know who you are.
You line of logic is flawed.
You knowledge is total nonsense, you know nothng about china, just a personal agenda I guess. Show us a link of blizz to china. If it is your personal agenda again, ok understood.
Show us evidence that Blizz is auctioning our private information to the highest bidder, and well what valuable information have you given to blizzard anyway? If I want information, I would not bother come to a game forum or a game provider for them, client list of banks, or private cell phones, are way more valuable,.
Well, until you have better logic and more accurate information to base your arguements, feel free to rant your personal agendas. It is something very important to you.
That's fine, if you want to continue to subscribe to a game where the company does not respect you or your privacy, that is your business.
I must say that there are plenty of other games and companies out there where they do respect thier customers, you should give them a try. WoW has been around for years it is old news now.
Oh great, do I ever tell you that I play WoW? How do you know I have an active sub.
Like I said, I pay sub to a game for the purpose of gaming, I provide very primitive information about me, a shortened name, vague information, sometimes the hotel I am living in during the transit. AND I am supposed to be very worried because someone found out that I am John Smith, who once lived in room 214 of grand hotel.
And you know as a fact that I do not play other games, only WoW? Now that english as a language is 2000 years old (joke) it must be old news now.
Last time I recall, chess is very very old, so is card games. We should all stop playing it. Eating is old too.
Do you need to lecture on us what games to play, and bring these personal views and personal agenda, plus all those personal assumptions to this discussion. You hardly know who I am, my sex, my race, my age, my health, my gaming habits or anythig, yet you draw such conclusions and offer such advice. As if you know enough about me to make sense.
I could probably guess half those things just from our short conversation on these boards, bu I won't do that.
Ultimately the security of your account within the confines of your PC is your duty, not the game companies out there. They've long since realized the things I've pointed out here, especially with regards to virus scanners, malware checkers, etc. No program is going to find everything that can potentially compromise your account, and they realize that. All they can hope to do is set a policy in place, and urge their customers to be safe and use safe computing habits.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
While there is no solid theory to suggest that using email accounts as log in makes a game account vulnerable, I do have my personal hesitation when bnet conversion was announced. Tell you what. Guildwars also use email accounts as log in names. This method of login identification is not new.
As a gamer, if you care about your account and are reasonable alert, you should know the risks when converting to bnet. Making a separate email account, protecting it from day to day exposure and so on are reasonable acts of safety precaution. If you do not lock you car properly and park it in dangerous zones, you are raising the odds that you will come back to find your car missing.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Im not going to read the 17 pages to see if you ever got help and if you did this, I was hacked 2 days ago due to not updating Adobe Flash Player I had to uninstall it and reinstall it for the update to work. I posted on the WoW.forums Tech support and did NOT bump my post once I got my account back in less then 8 hours. The authicator is like what 10 bucks? even if I quit wow forever Im getting one as I dont want any jerk gold farmer to ever benefit from my work again.
"EDIT" this only works if you can still access your account, they added an authenticator to my account but could not change the password etc. so i was able to change the password and login to post on my account on the WoW forums tech forums. Too bad it was done late at night before they had stripped my toons and took my gold. This is the ONLY mmo Ive played where accounts get stolen so much and so often even people with authenticators have been hacked its insane.
Oh great, do I ever tell you that I play WoW? How do you know I have an active sub.
Like I said, I pay sub to a game for the purpose of gaming, I provide very primitive information about me, a shortened name, vague information, sometimes the hotel I am living in during the transit. AND I am supposed to be very worried because someone found out that I am John Smith, who once lived in room 214 of grand hotel.
And you know as a fact that I do not play other games, only WoW? Now that english as a language is 2000 years old (joke) it must be old news now.
Last time I recall, chess is very very old, so is card games. We should all stop playing it. Eating is old too.
Do you need to lecture on us what games to play, and bring these personal views and personal agenda, plus all those personal assumptions to this discussion. You hardly know who I am, my sex, my race, my age, my health, my gaming habits or anythig, yet you draw such conclusions and offer such advice. As if you know enough about me to make sense.
I could probably guess half those things just from our short conversation on these boards, bu I won't do that.
Oh you make a guess, that is your evidence. Every evidence of yours are wise guesses, but that makes your conclusions strong and your accusations just.
So can you guess when the next earthquake is going to hit, and where, so I get out in time.
Oh great, do I ever tell you that I play WoW? How do you know I have an active sub.
Like I said, I pay sub to a game for the purpose of gaming, I provide very primitive information about me, a shortened name, vague information, sometimes the hotel I am living in during the transit. AND I am supposed to be very worried because someone found out that I am John Smith, who once lived in room 214 of grand hotel.
And you know as a fact that I do not play other games, only WoW? Now that english as a language is 2000 years old (joke) it must be old news now.
Last time I recall, chess is very very old, so is card games. We should all stop playing it. Eating is old too.
Do you need to lecture on us what games to play, and bring these personal views and personal agenda, plus all those personal assumptions to this discussion. You hardly know who I am, my sex, my race, my age, my health, my gaming habits or anythig, yet you draw such conclusions and offer such advice. As if you know enough about me to make sense.
I could probably guess half those things just from our short conversation on these boards, bu I won't do that.
Oh you make a guess, that is your evidence. Every evidence of yours are wise guesses, but that makes your conclusions strong and your accusations just.
So can you guess when the next earthquake is going to hit, and where, so I get out in time.
A major one will probably hit an island off the coast of japan within the next 10 days.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Blizzard cannot log into a user's machine to make sure it is clear of keyloggers. Blizzard cannot tell the difference between a user entering the correct log in information and a "hacker" entering the same information. The only possibility blizzard can make it better is to make authenticators mandatory, which will then lead to it getting even worse.
Once authenticators become mandatory or enough that hackers have to worry about it, it will get bad. They will start creating viruses to put on the user's system to intercept the login data so the authenticator code never gets to blizzard. It will instead get sent to the hacker who can then use it to log in. A virus like this already exists, though extremely rare. Once authenticators become the norm that virus will spread with the same rate as the current keyloggers. Then there is no stopping it outside of a biometric reader.
Ultimately the security of your account within the confines of your PC is your duty, not the game companies out there. They've long since realized the things I've pointed out here, especially with regards to virus scanners, malware checkers, etc. No program is going to find everything that can potentially compromise your account, and they realize that. All they can hope to do is set a policy in place, and urge their customers to be safe and use safe computing habits.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
While there is no solid theory to suggest that using email accounts as log in makes a game account vulnerable, I do have my personal hesitation when bnet conversion was announced. Tell you what. Guildwars also use email accounts as log in names. This method of login identification is not new.
As a gamer, if you care about your account and are reasonable alert, you should know the risks when converting to bnet. Making a separate email account, protecting it from day to day exposure and so on are reasonable acts of safety precaution. If you do not lock you car properly and park it in dangerous zones, you are raising the odds that you will come back to find your car missing.
WoW fan sites are being hacked, their member information (including email addresses and passwords) are stolen. If the passwords are hashed or encrypted, the hackers try to crack it. The hackers then take this information and try to login to the WoW account, failing that they try to breach the user's email using the same information to get another shot at compromising the WoW account. This method does work against those unfortunate enough to use the same email and/or password as their WoW account as they do with WoW related sites, and was less viable prior to the B.net conversion... hence the spike in hackings since the B.net conversion.
I've been following this happening. WoW related fan or guild sites get breached, and then a wave of users have their accounts breached shortly thereafter. Sure it's easy to blame the users for using the same email, and/or password, but this simply wouldn't be happening on the same scale if the B.net conversion didn't force usernames to be the email.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
QFT.
I tried to explain most of the same points, but it seems clear many do not want to listen...
And the sad thing is they are only hurting themselves. Without demonstrating a level of common sense, caution and self control, they will just have their user information or other sensitive information stolen again.
But sure people... don't listen to those of us who actually know what we are talking about...
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
Using user email as the username is not best practices. Best practices of IT security is that username is kept as private as the password is. By using an email address as a username, you are exposing half of the login information. You can say "so what?" Well, just look at the spike of hackings since the B.net conversion and you have your "what".
Best practices for IT security also emphasizes the fact that users are very likely going to do something stupid, or not do everything they need to. That's why you have to design a system with this in mind, and make it as simple as possible for the user to behave in a secure manner. Which again, forcing the B.net username to be the email definately goes against this methodology.
Ultimately the security of your account within the confines of your PC is your duty, not the game companies out there. They've long since realized the things I've pointed out here, especially with regards to virus scanners, malware checkers, etc. No program is going to find everything that can potentially compromise your account, and they realize that. All they can hope to do is set a policy in place, and urge their customers to be safe and use safe computing habits.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
While there is no solid theory to suggest that using email accounts as log in makes a game account vulnerable, I do have my personal hesitation when bnet conversion was announced. Tell you what. Guildwars also use email accounts as log in names. This method of login identification is not new.
As a gamer, if you care about your account and are reasonable alert, you should know the risks when converting to bnet. Making a separate email account, protecting it from day to day exposure and so on are reasonable acts of safety precaution. If you do not lock you car properly and park it in dangerous zones, you are raising the odds that you will come back to find your car missing.
WoW fan sites are being hacked, their member information (including email addresses and passwords) are stolen. If the passwords are hashed or encrypted, the hackers try to crack it. The hackers then take this information and try to login to the WoW account, failing that they try to breach the user's email using the same information to get another shot at compromising the WoW account. This method does work against those unfortunate enough to use the same email and/or password as their WoW account as they do with WoW related sites, and was less viable prior to the B.net conversion... hence the spike in hackings since the B.net conversion.
I've been following this happening. WoW related fan or guild sites get breached, and then a wave of users have their accounts breached shortly thereafter. Sure it's easy to blame the users for using the same email, and/or password, but this simply wouldn't be happening if the B.net conversion didn't force usernames to be the email.
So people stupid enough to use the same email address and password in registering guild forums are wise enough not to use same username and passwords. Hmm funny logic.
I agree, using email address makes me uncomfortable, not because of your reasoning. I am uncomfortable b/c my login name is at the wimp of a third party, say gmail yahoo or whatever (obviously I am not using those, that is why I quote them here). I can hide my username for a game by neverr using it outsie a game, but an email account, it is slightly possible that the privacy is compromised from events outside my control. Frankly I am pretty sure blizz spend more effort protecting the login name password to wow,. than yahoo spend in protecting the email address (not password) list.
Comments
Out of a few million subscribers how many of those do you think know anything about computer security aside from what Norton tells them?
Yes, the fact that my 12 year old sister is playing WoW.
Nowadays the phising sites are 100% identical to the real thing. How many of the ~11 million WoW subscribers do you think are ever aware that these sites exist?
I agree on the edit
----------------
We don't need a king of MMOs, we need a group of Titans so that everyone can play what suits them best.
-Ascension08
That's fine, if you want to continue to subscribe to a game where the company does not respect you or your privacy, that is your business.
I must say that there are plenty of other games and companies out there where they do respect thier customers, you should give them a try. WoW has been around for years it is old news now.
I quit WoW for this very reason I personally know of three people who had there accounts hacked. Bliz made the worst mistake by making everyone use there email address as there log in. Then when you get hacked they shut the account down the hacker who used his credit card to play on your account denys charges to WoW and your left owing them a month of service that some idiot used to farm on. Security is too lax so after many years of playing the game I have thrown it in the garbage and there it will stay.
Dealk
I love when this hapens people point fingers at blizzard. It isn't Blizzard's fault you got your account stolen. 99% of the time it is our own fault. Blizzard doesn't have to help you get it back, they do it out of customer service sake. Speaking of, the OP did it wrong. When I got my account stolen.. twice, I emailed them and both times had it resolved in a day. I never even attempted to call them because I know how large companies operate. They almost always have large hold time. The only way they would not have hold time is if they had 30,000 call center agents. That is not realistic. Most large companies have, at most, 5,000-10,000 worldwide. That is for the largest companies, like Dell. I expect WoW has 1,000-3,000 at most. Maybe less.
I was hacked twice before they made the change with the email. The way the keyloggers do it.. it makes no difference if you use your email address or not. NO difference. They have the same difficulty either way, so don't even try to blame the email addresses. Just the act of logging into the game gives them the info they need. They would have the info they need from that even if the email addresses were not used to log in.
The iPhone authenticator is free, if you don't have that and you DO have a cell you could still probably get a mobile authenticator for 99 cents.
Go here if you have a cell to find out if yours is compatible. http://mobile.blizzard.com/us-en/support-compat.html
If it is compatible you can get the authenticator by going to http://mobile.blizzard.com on your cell phone and clicking the authenticator link in the middle
If you cell is not compatible, then you will need to get the physical one. Before you say anything, no, blizzard is not forcing you to buy it. They offer it as a courtesy and make no direct money off if it. Any cost for the authenticator is to cover the cost of creating or distributing that one unit. They make NO profit from it.
The people who are trying to make a profit are the ones who try to buy out the blizzard store and sell them all on ebay for $40 each.
Out of a few million subscribers how many of those do you think know anything about computer security aside from what Norton tells them?
Regardless, something so rampant should be handled by Blizzard. Isn't it sort of funny that what was supposed to be the solution to preemptive hacking will actually restrict some users from playing?
Mandatory authenticators would have fixed this. They're not taking a hard stance against hacking at all and pretty much turning a blind eye to it. Blizzard has the power to fix it, so why don't they?
It's impossible to fix stupidity. They have authenticators for sale. If people are concerned or aren't comfortable with computer security the option exists to buy one.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
I agree that you cannot fix stupidity, but you can protect people from themselves.
The car works perfectly without locks, so you don't really need them; don't get carjacked! /s
Oh great, do I ever tell you that I play WoW? How do you know I have an active sub.
Like I said, I pay sub to a game for the purpose of gaming, I provide very primitive information about me, a shortened name, vague information, sometimes the hotel I am living in during the transit. AND I am supposed to be very worried because someone found out that I am John Smith, who once lived in room 214 of grand hotel.
And you know as a fact that I do not play other games, only WoW? Now that english as a language is 2000 years old (joke) it must be old news now.
Last time I recall, chess is very very old, so is card games. We should all stop playing it. Eating is old too.
Do you need to lecture on us what games to play, and bring these personal views and personal agenda, plus all those personal assumptions to this discussion. You hardly know who I am, my sex, my race, my age, my health, my gaming habits or anythig, yet you draw such conclusions and offer such advice. As if you know enough about me to make sense.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
True. I have a bit of a Darwinian outlook on life, so I say let the dumb perish.
Most people wouldn't buy the car without locks.
Touch
I could probably guess half those things just from our short conversation on these boards, bu I won't do that.
While there is no solid theory to suggest that using email accounts as log in makes a game account vulnerable, I do have my personal hesitation when bnet conversion was announced. Tell you what. Guildwars also use email accounts as log in names. This method of login identification is not new.
As a gamer, if you care about your account and are reasonable alert, you should know the risks when converting to bnet. Making a separate email account, protecting it from day to day exposure and so on are reasonable acts of safety precaution. If you do not lock you car properly and park it in dangerous zones, you are raising the odds that you will come back to find your car missing.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Im not going to read the 17 pages to see if you ever got help and if you did this, I was hacked 2 days ago due to not updating Adobe Flash Player I had to uninstall it and reinstall it for the update to work. I posted on the WoW.forums Tech support and did NOT bump my post once I got my account back in less then 8 hours. The authicator is like what 10 bucks? even if I quit wow forever Im getting one as I dont want any jerk gold farmer to ever benefit from my work again.
"EDIT" this only works if you can still access your account, they added an authenticator to my account but could not change the password etc. so i was able to change the password and login to post on my account on the WoW forums tech forums. Too bad it was done late at night before they had stripped my toons and took my gold. This is the ONLY mmo Ive played where accounts get stolen so much and so often even people with authenticators have been hacked its insane.
Oh you make a guess, that is your evidence. Every evidence of yours are wise guesses, but that makes your conclusions strong and your accusations just.
So can you guess when the next earthquake is going to hit, and where, so I get out in time.
A major one will probably hit an island off the coast of japan within the next 10 days.
Blizzard cannot log into a user's machine to make sure it is clear of keyloggers. Blizzard cannot tell the difference between a user entering the correct log in information and a "hacker" entering the same information. The only possibility blizzard can make it better is to make authenticators mandatory, which will then lead to it getting even worse.
Once authenticators become mandatory or enough that hackers have to worry about it, it will get bad. They will start creating viruses to put on the user's system to intercept the login data so the authenticator code never gets to blizzard. It will instead get sent to the hacker who can then use it to log in. A virus like this already exists, though extremely rare. Once authenticators become the norm that virus will spread with the same rate as the current keyloggers. Then there is no stopping it outside of a biometric reader.
WoW fan sites are being hacked, their member information (including email addresses and passwords) are stolen. If the passwords are hashed or encrypted, the hackers try to crack it. The hackers then take this information and try to login to the WoW account, failing that they try to breach the user's email using the same information to get another shot at compromising the WoW account. This method does work against those unfortunate enough to use the same email and/or password as their WoW account as they do with WoW related sites, and was less viable prior to the B.net conversion... hence the spike in hackings since the B.net conversion.
I've been following this happening. WoW related fan or guild sites get breached, and then a wave of users have their accounts breached shortly thereafter. Sure it's easy to blame the users for using the same email, and/or password, but this simply wouldn't be happening on the same scale if the B.net conversion didn't force usernames to be the email.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
QFT.
I tried to explain most of the same points, but it seems clear many do not want to listen...
And the sad thing is they are only hurting themselves. Without demonstrating a level of common sense, caution and self control, they will just have their user information or other sensitive information stolen again.
But sure people... don't listen to those of us who actually know what we are talking about...
<sarcasm>
Clearly Blizzard is at fault for everything.
</sarcasm>
Using user email as the username is not best practices. Best practices of IT security is that username is kept as private as the password is. By using an email address as a username, you are exposing half of the login information. You can say "so what?" Well, just look at the spike of hackings since the B.net conversion and you have your "what".
Best practices for IT security also emphasizes the fact that users are very likely going to do something stupid, or not do everything they need to. That's why you have to design a system with this in mind, and make it as simple as possible for the user to behave in a secure manner. Which again, forcing the B.net username to be the email definately goes against this methodology.
So people stupid enough to use the same email address and password in registering guild forums are wise enough not to use same username and passwords. Hmm funny logic.
I agree, using email address makes me uncomfortable, not because of your reasoning. I am uncomfortable b/c my login name is at the wimp of a third party, say gmail yahoo or whatever (obviously I am not using those, that is why I quote them here). I can hide my username for a game by neverr using it outsie a game, but an email account, it is slightly possible that the privacy is compromised from events outside my control. Frankly I am pretty sure blizz spend more effort protecting the login name password to wow,. than yahoo spend in protecting the email address (not password) list.