Blizzard has not done any of that, as it has not been made public, and Blizzard could be clueless to being hacked, or Blizzard are the ones behind their own customers accounts getting hacked to try and sell authenticators.
This has only come to light because SOE has spotted the intusion. If they did not, then we'dd all still be thinking they are as safe and secure as Blizzard
I am sorry and I hate to ask but I don't quite understand the response. I was saying that Blizzard had not incurred any of the issues that Sony has. The bullet points were listing what Sony went through that Blizzard hasn't.
And are you suggesting that the largest mmo company in the world would risk its vast fortune via subscriptions and rmt on the small pittance it would make on selling out its customer data to a 3rd party?
I don't mean to kick a man when he's down. But dear Lord in heaven, if the crap from DCUO didn't hurt SOE, this is going to practically annihilate them. It makes me wonder if they're going to file for Chapter 11. Also, my local news is now running the story about Sony being hacked.
Blizzard has not done any of that, as it has not been made public, and Blizzard could be clueless to being hacked, or Blizzard are the ones behind their own customers accounts getting hacked to try and sell authenticators.
This has only come to light because SOE has spotted the intusion. If they did not, then we'dd all still be thinking they are as safe and secure as Blizzard
I am sorry and I hate to ask but I don't quite understand the response. I was saying that Blizzard had not incurred any of the issues that Sony has. The bullet points were listing what Sony went through that Blizzard hasn't.
And are you suggesting that the largest mmo company in the world would risk its vast fortune via subscriptions and rmt on the small pittance it would make on selling out its customer data to a 3rd party?
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
WoW accounts are hacked the majority of time not from database theft from corporate resources. Rather, the hacking takes place on the user end. via 3rd party addons compiled with keyloggers or spyware or from phishing scams. Unless you are suggesting to me that Blizzard allows a hacker to come in, steal a single account at a time and then return to repeat the process. That of course would be ludacris.
Now as for your theory on why Sony was targetted. True, they did piss off the hacker world but you see there in fact lies an illusion. Data Theft is done by professionals who are usually in it for monetary profit. Anonymous attacked Sony in another fashion altogether. It was more of a public slap in the face. The perps who stole this data didn't slap Sony in the face because like you pointed out - Sony didn't even detect the breach until much later. So that would mean, logically, the hackers didn't want to be caught and thus eliminating the Anonymous aspect.
Now, a common industry misconception is that the largest and most powerful companies are attacked the most by hackers seeking data. Rather it is the opposite. You attack the weakest due to risk versus reward. Sony's issues on security have been known for a while. They have had plenty of warning. But when the hackers tested the fences - the holes were not repaired. So by thier own lack of effort - they were hacked.
I am not prohacker. My data was in BOTH of those DBs. I am really concerned and angry at both sides. But more so at the company that left an open DB of info (why was that?) and left passwords unencrypted. And waited 9 days to tell me.
You can try to make Blizzard the bigger risk here but I don't play Minority Report. Real events versus presumed. Fact. Sony had two branches hacked and is down. Our data is in the open. Fact: Blizzard is up and my data there from a long time ago is still safe.
Blizzard has not done any of that, as it has not been made public, and Blizzard could be clueless to being hacked, or Blizzard are the ones behind their own customers accounts getting hacked to try and sell authenticators.
This has only come to light because SOE has spotted the intusion. If they did not, then we'dd all still be thinking they are as safe and secure as Blizzard
I am sorry and I hate to ask but I don't quite understand the response. I was saying that Blizzard had not incurred any of the issues that Sony has. The bullet points were listing what Sony went through that Blizzard hasn't.
And are you suggesting that the largest mmo company in the world would risk its vast fortune via subscriptions and rmt on the small pittance it would make on selling out its customer data to a 3rd party?
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
First of all, you don't leave confedential information non-encrypted - that is just plain stupid - and extremely unprofessional.
Any big company by their right mind should have atleast a basic encryption on confidential information. I am indeed quite sure that Blizzard does indeed encrypt players information, I am by no means a blizzard fan, but seriously, any IT company or anyone working with people through the internet, and having their personal information on their servers seriously need the information encrypted. Sony did not have any of this encrypted, first of all this makes it SO much easier for the hacker to just pick up and then leave, where as having encrypted information is not just something you decrypt. - it is simply just not that easy.
Correct me if I am wrong, but I heard somewhere that Sony even handled all their costumer's data on the same server as PSN, and whatever servers they now might be running. <--- Thats another big mistake right there, first off its not encrypted, secondly its on the same server, so if they hack PSN... well then they certainly got access to all the data available there as well even.
To be honost, this should certainly be possible to take Sony to court, I mean identity theft is a serious buisness, I got both a SOE account and a PSN account, and I must admit I am indeed quite worried.
If someone gets hold of my personal information, and then use my identity to terror with, or any other type of major illigal activities, then I am going to be the one who's being hold responsible. And that is certainly not something I would like to habe on me.
This issue is seriously extremely serious - and extremely dangerous for all thos who have had their identity taken.
I don't care shit ass about if blizzard are currently being hacked or not, I am quite sure that any company worth their salt, would have their databases encrypted first and foremost, and secondly, if they have been well then noone knows about it anyway, which most likely means that it probably diddent happen.
Security on such matters has to be on alert at all times, such things is simply just not allowed to happen, because of reasons stated above.
Blizzard has not done any of that, as it has not been made public, and Blizzard could be clueless to being hacked, or Blizzard are the ones behind their own customers accounts getting hacked to try and sell authenticators.
This has only come to light because SOE has spotted the intusion. If they did not, then we'dd all still be thinking they are as safe and secure as Blizzard
I am sorry and I hate to ask but I don't quite understand the response. I was saying that Blizzard had not incurred any of the issues that Sony has. The bullet points were listing what Sony went through that Blizzard hasn't.
And are you suggesting that the largest mmo company in the world would risk its vast fortune via subscriptions and rmt on the small pittance it would make on selling out its customer data to a 3rd party?
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
the ignorant users are not doing a good job in preventing accounts being hacked.
stop blaming blizzard and get yourself a decent security software package, get rid of the porn and use common sense when opening emails and clicking on their links.
ive never had a blizzard account and receive several emails that go straight to my trash can containing information on "validating my password" and what not - supposedly from blizzard but clearly not.
WoW alone has 10 million subs then add to that star craft 2 etc. Blizzard has no time to baby sit people who cant safeguard their own passwords.
SOE, on the other hand, has put YOUR security at risk.
if you cant see the difference then perhaps that is why you are getting your account hacked in the first place.
stop blaming blizzard and get yourself a decent security software package, get rid of the porn and use common sense when opening emails and clicking on their links.
Great advice!
But I would start with decent security software and common sense...see if that eliminates it before making your computer worthless :P
I didn't say Blizzard hacked the SOE servers. I said I think Blizzard are behind peoples battle.net accounts getting hacked, to try and sell more authenticators. Probably not, but seems that way, as when trying to investigate further other than what they say may be the problem, they do not respond. Blizzard accounts gets hacked more than anything else, and they have detailed procedures on these things because it is so common. Something is not right somewhere
My mistake if I misread your post, sorry.
However, the damage being done from account hacking is costing blizzard big time. From lost customers to huge increases in customer service time to a very negative image. No way a company does this to sell a handful of 6.50 authenticators at the expense of that. Especially when blizzard is giving away authenticators for FREE. Can't make money off of free can you?
Blizzard accounts get hacked more than anything, because they represent like 70% of the subscription based mmo market. The same reason windows based PC gets all the hacker/virus love in the world.
12 million paying current players makes for a huge target don't you think? That is why hackers and gold farmers ignore soe games for the most part, because the market is tiny in comparison.
Blizzard has not done any of that, as it has not been made public, and Blizzard could be clueless to being hacked, or Blizzard are the ones behind their own customers accounts getting hacked to try and sell authenticators.
This has only come to light because SOE has spotted the intusion. If they did not, then we'dd all still be thinking they are as safe and secure as Blizzard
I am sorry and I hate to ask but I don't quite understand the response. I was saying that Blizzard had not incurred any of the issues that Sony has. The bullet points were listing what Sony went through that Blizzard hasn't.
And are you suggesting that the largest mmo company in the world would risk its vast fortune via subscriptions and rmt on the small pittance it would make on selling out its customer data to a 3rd party?
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
the ignorant users are not doing a good job in preventing accounts being hacked.
stop blaming blizzard and get yourself a decent security software package, get rid of the porn and use common sense when opening emails and clicking on their links.
ive never had a blizzard account and receive several emails that go straight to my trash can containing information on "validating my password" and what not - supposedly from blizzard but clearly not.
WoW alone has 10 million subs then add to that star craft 2 etc. Blizzard has no time to baby sit people who cant safeguard their own passwords.
SOE, on the other hand, has put YOUR security at risk.
if you cant see the difference then perhaps that is why you are getting your account hacked in the first place.
Maybe you sould read posts proprly. I do not have porn, do not touch it. I have high security software, and do not even play the game, nor clicked links in emails.
It got hacked because the username is our email address. Once that was made unique there has been no more problems
My details on Blizzard has been put at risk for definate, SOE on ther other hand has not been, it is only being said so as caution.
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
What is blizzard supposed to do about your hacked account after they restore it? Offer theorpy and counseling? They do their job and let the players get back to playing. It is an everyday occurance, because there are 12 million active players and who knows how many innacitve.
Also, soe didn't react to the event because they "detected" some intrustion. If that was the case the hackers would not have everyones information. Sony and SOE only detected this, because it was being openly discussed on hacking forums. Sony was several days late to detect anything. SOE was even worse, because they saw what happened to the playstation network and took their servers down to make sure they were safe and then put the servers back online.
Then SOE was still hacked after having advanced warning and preperation time that their company was being targetted. It was only AFTER the damage was done that they felt it was important enough to hire a security firm to evaluate their security and make other changes to their network.
This is just how SOE values their customers. SOE had a chance to fix their security problems when they took down the servers after the PSN was hacked. They could have hired the security team to evaluate their network then, but they didn't. Instead they looked at their servers and figured things would be ok and put them back online.
On top of that the company has lied about encrypting information like credit cards, bank numbers, passwords, etc. They tried very hard to pretend this was just random maintenance of the servers and several times tied to deny any sensitive information was taken. Sony just cannot be trusted in this matter right now. They are only admitting as little as they possibly can and leaving every comment as vague as possible, because they know they are going to get sued.
I just don't understand how you are looking at a company that had every chance possible to not become part of the biggest information security breach in human history and concluding that they are going to be trustworthy as a result of it.
You seem to be operating under the impression that SOE "detected" someone hacking their servers and then prevented something from happening. That is not the case. SOE took down their servers in REACTION to having already been hacked.
Why is SOE even bothering with trying to secure their network at this point. There is litterally nothing left for hackers to take from SOE. They already have everything there is to steal. SOE might as well display all of your real life information on the homepage, because it has already been stolen and given to criminals.
Okay, I am going to take a deep breath here first.
Okay done. Now I wish to know, who knows what got stolen? Do we have any link detailing this? Was it the 4 year old database that got stolen or the current one? If it was from 4 years ago, then I am personally lucky in the fact that I lived in Australia during that time and had a different credit card. If it was the current database, then I may be in for more trouble and I probably should change bank account numbers, perhaps ask for a new credit card even though today I got my new one, same number but different security number.
What is going on and what does everyone need to do? In any case, I didn't get an e-mail from SOE (yet).
Okay, I am going to take a deep breath here first.
Okay done. Now I wish to know, who knows what got stolen? Do we have any link detailing this? Was it the 4 year old database that got stolen or the current one? If it was from 4 years ago, then I am personally lucky in the fact that I lived in Australia during that time and had a different credit card. If it was the current database, then I may be in for more trouble and I probably should change bank account numbers, perhaps ask for a new credit card even though today I got my new one, same number but different security number.
What is going on and what does everyone need to do? In any case, I didn't get an e-mail from SOE (yet).
Be careful on that Nasja. I got an email from "SOE". But something doesn't look right about this email. The header seems wrong. If you do get the email, check the header (where it came from). If something seems hinky about it, call Sony Online and verify they actaully sent you the email.
I don't mean to kick a man when he's down. But dear Lord in heaven, if the crap from DCUO didn't hurt SOE, this is going to practically annihilate them. It makes me wonder if they're going to file for Chapter 11. Also, my local news is now running the story about Sony being hacked.
Doesn't seem far from it, with their recent mass layoffs and cancelation of the Agent (and probably Planetside: Next and maybe EQ: Next), shutting down all the servers for days on both PS3 and PC costs them money everyday.
I wouldn't know what to do if my identity has been compromised, I rarely use my CC or such info besides on SOE, steam and iTunes. My WoW account had fake info and I still got hounded by Blizzard when that account got hijacked (2 times) and that's not even my fault because the account was inactive for nearly 4 years when it got hacked.
Okay, I am going to take a deep breath here first.
Okay done. Now I wish to know, who knows what got stolen? Do we have any link detailing this? Was it the 4 year old database that got stolen or the current one? If it was from 4 years ago, then I am personally lucky in the fact that I lived in Australia during that time and had a different credit card. If it was the current database, then I may be in for more trouble and I probably should change bank account numbers, perhaps ask for a new credit card even though today I got my new one, same number but different security number.
What is going on and what does everyone need to do? In any case, I didn't get an e-mail from SOE (yet).
Specifially from SOE
26million user account info - worldwide this is everything in your profile username, password, address
13000 - European credit card details from 2007
10700 - Bank details from a direct debit db also from 2007
Most worrying to me personally is the DD details I had 14 accounts in 2007 and HAD to pay via DD as a card couldnt support that many SOE accounts without triggering fraud prevention. Short of outright closing my bank account a account that has good benefits and a 12 year relationship with the bank then WTF are we supposed to do aside just hope you wern't one of them.
I work in gaming I hate nothing more than seeing a game company go under or lay offs but SOE deserve to hang for this and I honestly hope they are sued to hell and back and fined by every govt in the world for breach of data protection laws.
If they got a database from 2007, then they "only" have my name and my birthdate. At that time I also had just 1 account open and the password on that account has changed. Hopefully I am lucky.
Okay, I am going to take a deep breath here first.
Okay done. Now I wish to know, who knows what got stolen? Do we have any link detailing this? Was it the 4 year old database that got stolen or the current one? If it was from 4 years ago, then I am personally lucky in the fact that I lived in Australia during that time and had a different credit card. If it was the current database, then I may be in for more trouble and I probably should change bank account numbers, perhaps ask for a new credit card even though today I got my new one, same number but different security number.
What is going on and what does everyone need to do? In any case, I didn't get an e-mail from SOE (yet).
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
name
address
e-mail address
birthdate
gender
phone number
login name
hashed password
From how "I" read that, it looks like BOTH were compromised.
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
What is blizzard supposed to do about your hacked account after they restore it? Offer theorpy and counseling? They do their job and let the players get back to playing. It is an everyday occurance, because there are 12 million active players and who knows how many innacitve.
Also, soe didn't react to the event because they "detected" some intrustion. If that was the case the hackers would not have everyones information. Sony and SOE only detected this, because it was being openly discussed on hacking forums. Sony was several days late to detect anything. SOE was even worse, because they saw what happened to the playstation network and took their servers down to make sure they were safe and then put the servers back online.
Then SOE was still hacked after having advanced warning and preperation time that their company was being targetted. It was only AFTER the damage was done that they felt it was important enough to hire a security firm to evaluate their security and make other changes to their network.
This is just how SOE values their customers. SOE had a chance to fix their security problems when they took down the servers after the PSN was hacked. They could have hired the security team to evaluate their network then, but they didn't. Instead they looked at their servers and figured things would be ok and put them back online.
On top of that the company has lied about encrypting information like credit cards, bank numbers, passwords, etc. They tried very hard to pretend this was just random maintenance of the servers and several times tied to deny any sensitive information was taken. Sony just cannot be trusted in this matter right now. They are only admitting as little as they possibly can and leaving every comment as vague as possible, because they know they are going to get sued.
I just don't understand how you are looking at a company that had every chance possible to not become part of the biggest information security breach in human history and concluding that they are going to be trustworthy as a result of it.
You seem to be operating under the impression that SOE "detected" someone hacking their servers and then prevented something from happening. That is not the case. SOE took down their servers in REACTION to having already been hacked.
Why is SOE even bothering with trying to secure their network at this point. There is litterally nothing left for hackers to take from SOE. They already have everything there is to steal. SOE might as well display all of your real life information on the homepage, because it has already been stolen and given to criminals.
Now you are being ridiculous.
SOE at least answer every single ticket you send them, even if it is just a "pass the buck" or "can not do" response. I did not expect counselling or whatever from Blizzard, but they just totally ignored me, and I sent multiple tickets in.
I have quite some good contacts in SOE, to get the job done, and some people even have Smedleys email address. Is any one that cosy with Blizzards president? I don't think so
None of the information has been stolen or rather proved 100% to be the case. All that is known is people managed to hack into SOEs databases and had the potential to see everyones info - whether they actually ripped the data only the hackers would know, and SOE is assuming they may have done to be safe. All this was done due to the unfair actions of Sony against Geohot, (who declared himself that stealing info is not cool) and if his "friends" did steal info then they are doing him and themselves a great injustice.
Hopefully no info got stolen from SOE, but has just shown SOE the holes in the system they can now fix and be stonger than anything, before true criminals got access to it.
Blizzard have gone after credit sellers and sued them, and gone to great lengths to sqush these people by going to court numerous times, and joined forces recently with paypal to put a further lockdown on things, but they still keep coming back for more. There is plenty of angry people with the potential to hack into Blizzards databases, like with what happened with SOE, and do it more quietly than the Geohot propaganda.
There is still holes in Blizzard systems, and hackers are getting info somehow. They may even be hacking their databases like hackers did to SOE, and doing it under Blizzards radars
Okay, I am going to take a deep breath here first.
Okay done. Now I wish to know, who knows what got stolen? Do we have any link detailing this? Was it the 4 year old database that got stolen or the current one? If it was from 4 years ago, then I am personally lucky in the fact that I lived in Australia during that time and had a different credit card. If it was the current database, then I may be in for more trouble and I probably should change bank account numbers, perhaps ask for a new credit card even though today I got my new one, same number but different security number.
What is going on and what does everyone need to do? In any case, I didn't get an e-mail from SOE (yet).
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
name
address
e-mail address
birthdate
gender
phone number
login name
hashed password
From how "I" read that, it looks like BOTH were compromised.
Also key words "may have been stolen" (NOT "was stolen")
Originally posted by Nasja If they got a database from 2007, then they "only" have my name and my birthdate. At that time I also had just 1 account open and the password on that account has changed. Hopefully I am lucky.
Storing an old database online is just bad business practice, it shouldn't happen. Also don't assume you're off the hook, there's your address, phone # and CC # (most numbers stay the same even when you get a renewal). I already contacted my bank about it and hopefully they'll send me a new card with a different number.
Originally posted by metalazo Now you are being ridiculous. SOE at least answer every single ticket you send them, even if it is just a "pass the buck" or "can not do" response. I did not expect counselling or whatever from Blizzard, but they just totally ignored me, and I sent multiple tickets in. I have quite some good contacts in SOE, to get the job done, and some people even have Smedleys email address. Is any one that cosy with Blizzards president? I don't think so None of the information has been stolen or rather proved 100% to be the case. All that is known is people managed to hack into SOEs databases and had the potential to see everyones info - whether they actually ripped the data only the hackers would know, and SOE is assuming they may have done to be safe. All this was done due to the unfair actions of Sony against Geohot, (who declared himself that stealing info is not cool) and if his "friends" did steal info then they are doing him and themselves a great injustice. Hopefully no info got stolen from SOE, but has just shown SOE the holes in the system they can now fix and be stonger than anything, before true criminals got access to it. Blizzard have gone after credit sellers and sued them, and gone to great lengths to sqush these people by going to court numerous times, and joined forces recently with paypal to put a further lockdown on things, but they still keep coming back for more. There is plenty of angry people with the potential to hack into Blizzards databases, like with what happened with SOE, and do it more quietly than the Geohot propaganda. There is still holes in Blizzard systems, and hackers are getting info somehow. They may even be hacking their databases like hackers did to SOE, and doing it under Blizzards radars
Quite the opposite for me, I've had to wait days and sometimes over a week for a response from a CSR/GM in SOE games, I only played WoW for 4 months back in 2004-05 and I have sent in tickets and got response within hours.
When the Kashyyyk planet first went live in SWG, I went down to the Ryatt trail and ended up miles above the planet and /unstick wouldn't work so I sent a ticket and logged out and it wasn't until 13 days later a CSR responded and finally moved my character- extremely frustrating time.
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
name
address
e-mail address
birthdate
gender
phone number
login name
hashed password
From how "I" read that, it looks like BOTH were compromised.
Hm, the "as well as" is making the trouble. Fortunately no strange e-mails yet however choosing a new password may come in handy.
SOE at least answer every single ticket you send them, even if it is just a "pass the buck" or "can not do" response. I did not expect counselling or whatever from Blizzard, but they just totally ignored me, and I sent multiple tickets in.
I have quite some good contacts in SOE, to get the job done, and some people even have Smedleys email address. Is any one that cosy with Blizzards president? I don't think so
None of the information has been stolen or rather proved 100% to be the case. All that is known is people managed to hack into SOEs databases and had the potential to see everyones info - whether they actually ripped the data only the hackers would know, and SOE is assuming they may have done to be safe. All this was done due to the unfair actions of Sony against Geohot, (who declared himself that stealing info is not cool) and if his "friends" did steal info then they are doing him and themselves a great injustice.
Hopefully no info got stolen from SOE, but has just shown SOE the holes in the system they can now fix and be stonger than anything, before true criminals got access to it.
Blizzard have gone after credit sellers and sued them, and gone to great lengths to sqush these people by going to court numerous times, and joined forces recently with paypal to put a further lockdown on things, but they still keep coming back for more. There is plenty of angry people with the potential to hack into Blizzards databases, like with what happened with SOE, and do it more quietly than the Geohot propaganda.
There is still holes in Blizzard systems, and hackers are getting info somehow. They may even be hacking their databases like hackers did to SOE, and doing it under Blizzards radars
Quite the opposite for me, I've had to wait days and sometimes over a week for a response from a CSR/GM in SOE games, I only played WoW for 4 months back in 2004-05 and I have sent in tickets and got response within hours.
When the Kashyyyk planet first went live in SWG, I went down to the Ryatt trail and ended up miles above the planet and /unstick wouldn't work so I sent a ticket and logged out and it wasn't until 13 days later a CSR responded and finally moved my character- extremely frustrating time.
I have had no issues with SOEs support speed since 2008 (never needed to befor then), and in game tickets get faster repsopnses than webpage tickets, although have needed to send in multiple tickets, which provikes them to respond, but had no luck with Blizzar with that! Maybe their staff is reduced too nowadays? Recession has hit almost everyone, in the last few years. Less staff + still loads more people + more problems = slower service
Comments
I am sorry and I hate to ask but I don't quite understand the response. I was saying that Blizzard had not incurred any of the issues that Sony has. The bullet points were listing what Sony went through that Blizzard hasn't.
And are you suggesting that the largest mmo company in the world would risk its vast fortune via subscriptions and rmt on the small pittance it would make on selling out its customer data to a 3rd party?
Some interesting reading from Business Week and other new sources:
http://www.businessweek.com/news/2011-04-28/sony-faces-lawsuit-regulators-probe-over-playstation-hack.html
http://ingame.msnbc.msn.com/_news/2011/04/27/6544610-sony-sued-could-bleed-billions-following-playstation-network-hack
I don't mean to kick a man when he's down. But dear Lord in heaven, if the crap from DCUO didn't hurt SOE, this is going to practically annihilate them. It makes me wonder if they're going to file for Chapter 11. Also, my local news is now running the story about Sony being hacked.
What I am saying is that they are not doing a good job of preventing accounts being hacked, and when they do, treat the situation as a normal everyday procedure, and don't seem to care that your account gets hacked. Especially considering they seem to use better systems
Your bullet points are only situations that Sony went through because Sony picked up on the intrusion. Blizzards databases may be getting hacked as we speak but Blizzard have not spotted the intrusions yet. Who knows what secrets they are hiding too.
Did you know that SOE still had databse records from 2007 before all this blew up this week?
WoW accounts are hacked the majority of time not from database theft from corporate resources. Rather, the hacking takes place on the user end. via 3rd party addons compiled with keyloggers or spyware or from phishing scams. Unless you are suggesting to me that Blizzard allows a hacker to come in, steal a single account at a time and then return to repeat the process. That of course would be ludacris.
Now as for your theory on why Sony was targetted. True, they did piss off the hacker world but you see there in fact lies an illusion. Data Theft is done by professionals who are usually in it for monetary profit. Anonymous attacked Sony in another fashion altogether. It was more of a public slap in the face. The perps who stole this data didn't slap Sony in the face because like you pointed out - Sony didn't even detect the breach until much later. So that would mean, logically, the hackers didn't want to be caught and thus eliminating the Anonymous aspect.
Now, a common industry misconception is that the largest and most powerful companies are attacked the most by hackers seeking data. Rather it is the opposite. You attack the weakest due to risk versus reward. Sony's issues on security have been known for a while. They have had plenty of warning. But when the hackers tested the fences - the holes were not repaired. So by thier own lack of effort - they were hacked.
I am not prohacker. My data was in BOTH of those DBs. I am really concerned and angry at both sides. But more so at the company that left an open DB of info (why was that?) and left passwords unencrypted. And waited 9 days to tell me.
You can try to make Blizzard the bigger risk here but I don't play Minority Report. Real events versus presumed. Fact. Sony had two branches hacked and is down. Our data is in the open. Fact: Blizzard is up and my data there from a long time ago is still safe.
First of all, you don't leave confedential information non-encrypted - that is just plain stupid - and extremely unprofessional.
Any big company by their right mind should have atleast a basic encryption on confidential information. I am indeed quite sure that Blizzard does indeed encrypt players information, I am by no means a blizzard fan, but seriously, any IT company or anyone working with people through the internet, and having their personal information on their servers seriously need the information encrypted. Sony did not have any of this encrypted, first of all this makes it SO much easier for the hacker to just pick up and then leave, where as having encrypted information is not just something you decrypt. - it is simply just not that easy.
Correct me if I am wrong, but I heard somewhere that Sony even handled all their costumer's data on the same server as PSN, and whatever servers they now might be running. <--- Thats another big mistake right there, first off its not encrypted, secondly its on the same server, so if they hack PSN... well then they certainly got access to all the data available there as well even.
To be honost, this should certainly be possible to take Sony to court, I mean identity theft is a serious buisness, I got both a SOE account and a PSN account, and I must admit I am indeed quite worried.
If someone gets hold of my personal information, and then use my identity to terror with, or any other type of major illigal activities, then I am going to be the one who's being hold responsible. And that is certainly not something I would like to habe on me.
This issue is seriously extremely serious - and extremely dangerous for all thos who have had their identity taken.
I don't care shit ass about if blizzard are currently being hacked or not, I am quite sure that any company worth their salt, would have their databases encrypted first and foremost, and secondly, if they have been well then noone knows about it anyway, which most likely means that it probably diddent happen.
Security on such matters has to be on alert at all times, such things is simply just not allowed to happen, because of reasons stated above.
the ignorant users are not doing a good job in preventing accounts being hacked.
stop blaming blizzard and get yourself a decent security software package, get rid of the porn and use common sense when opening emails and clicking on their links.
ive never had a blizzard account and receive several emails that go straight to my trash can containing information on "validating my password" and what not - supposedly from blizzard but clearly not.
WoW alone has 10 million subs then add to that star craft 2 etc. Blizzard has no time to baby sit people who cant safeguard their own passwords.
SOE, on the other hand, has put YOUR security at risk.
if you cant see the difference then perhaps that is why you are getting your account hacked in the first place.
Great advice!
But I would start with decent security software and common sense...see if that eliminates it before making your computer worthless :P
My mistake if I misread your post, sorry.
However, the damage being done from account hacking is costing blizzard big time. From lost customers to huge increases in customer service time to a very negative image. No way a company does this to sell a handful of 6.50 authenticators at the expense of that. Especially when blizzard is giving away authenticators for FREE. Can't make money off of free can you?
Blizzard accounts get hacked more than anything, because they represent like 70% of the subscription based mmo market. The same reason windows based PC gets all the hacker/virus love in the world.
12 million paying current players makes for a huge target don't you think? That is why hackers and gold farmers ignore soe games for the most part, because the market is tiny in comparison.
Maybe you sould read posts proprly. I do not have porn, do not touch it. I have high security software, and do not even play the game, nor clicked links in emails.
It got hacked because the username is our email address. Once that was made unique there has been no more problems
My details on Blizzard has been put at risk for definate, SOE on ther other hand has not been, it is only being said so as caution.
What is blizzard supposed to do about your hacked account after they restore it? Offer theorpy and counseling? They do their job and let the players get back to playing. It is an everyday occurance, because there are 12 million active players and who knows how many innacitve.
Also, soe didn't react to the event because they "detected" some intrustion. If that was the case the hackers would not have everyones information. Sony and SOE only detected this, because it was being openly discussed on hacking forums. Sony was several days late to detect anything. SOE was even worse, because they saw what happened to the playstation network and took their servers down to make sure they were safe and then put the servers back online.
Then SOE was still hacked after having advanced warning and preperation time that their company was being targetted. It was only AFTER the damage was done that they felt it was important enough to hire a security firm to evaluate their security and make other changes to their network.
This is just how SOE values their customers. SOE had a chance to fix their security problems when they took down the servers after the PSN was hacked. They could have hired the security team to evaluate their network then, but they didn't. Instead they looked at their servers and figured things would be ok and put them back online.
On top of that the company has lied about encrypting information like credit cards, bank numbers, passwords, etc. They tried very hard to pretend this was just random maintenance of the servers and several times tied to deny any sensitive information was taken. Sony just cannot be trusted in this matter right now. They are only admitting as little as they possibly can and leaving every comment as vague as possible, because they know they are going to get sued.
I just don't understand how you are looking at a company that had every chance possible to not become part of the biggest information security breach in human history and concluding that they are going to be trustworthy as a result of it.
You seem to be operating under the impression that SOE "detected" someone hacking their servers and then prevented something from happening. That is not the case. SOE took down their servers in REACTION to having already been hacked.
Why is SOE even bothering with trying to secure their network at this point. There is litterally nothing left for hackers to take from SOE. They already have everything there is to steal. SOE might as well display all of your real life information on the homepage, because it has already been stolen and given to criminals.
Okay, I am going to take a deep breath here first.
Okay done. Now I wish to know, who knows what got stolen? Do we have any link detailing this? Was it the 4 year old database that got stolen or the current one? If it was from 4 years ago, then I am personally lucky in the fact that I lived in Australia during that time and had a different credit card. If it was the current database, then I may be in for more trouble and I probably should change bank account numbers, perhaps ask for a new credit card even though today I got my new one, same number but different security number.
What is going on and what does everyone need to do? In any case, I didn't get an e-mail from SOE (yet).
Be careful on that Nasja. I got an email from "SOE". But something doesn't look right about this email. The header seems wrong. If you do get the email, check the header (where it came from). If something seems hinky about it, call Sony Online and verify they actaully sent you the email.
lol poor? Draak was as crappy as they can ever get.
I wouldn't know what to do if my identity has been compromised, I rarely use my CC or such info besides on SOE, steam and iTunes. My WoW account had fake info and I still got hounded by Blizzard when that account got hijacked (2 times) and that's not even my fault because the account was inactive for nearly 4 years when it got hacked.
Specifially from SOE
26million user account info - worldwide this is everything in your profile username, password, address
13000 - European credit card details from 2007
10700 - Bank details from a direct debit db also from 2007
Most worrying to me personally is the DD details I had 14 accounts in 2007 and HAD to pay via DD as a card couldnt support that many SOE accounts without triggering fraud prevention. Short of outright closing my bank account a account that has good benefits and a 12 year relationship with the bank then WTF are we supposed to do aside just hope you wern't one of them.
I work in gaming I hate nothing more than seeing a game company go under or lay offs but SOE deserve to hang for this and I honestly hope they are sued to hell and back and fined by every govt in the world for breach of data protection laws.
If anyone is from the UK I urge them to file a complaint with ICO http://www.ico.gov.uk/complaints/data_protection.aspx
If they got a database from 2007, then they "only" have my name and my birthdate. At that time I also had just 1 account open and the password on that account has changed. Hopefully I am lucky.
Here's the link Nas:
http://www.soe.com/securityupdate/pressrelease.vm
And here's what you need to know:
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
name
address
e-mail address
birthdate
gender
phone number
login name
hashed password
From how "I" read that, it looks like BOTH were compromised.
Now you are being ridiculous.
SOE at least answer every single ticket you send them, even if it is just a "pass the buck" or "can not do" response. I did not expect counselling or whatever from Blizzard, but they just totally ignored me, and I sent multiple tickets in.
I have quite some good contacts in SOE, to get the job done, and some people even have Smedleys email address. Is any one that cosy with Blizzards president? I don't think so
None of the information has been stolen or rather proved 100% to be the case. All that is known is people managed to hack into SOEs databases and had the potential to see everyones info - whether they actually ripped the data only the hackers would know, and SOE is assuming they may have done to be safe. All this was done due to the unfair actions of Sony against Geohot, (who declared himself that stealing info is not cool) and if his "friends" did steal info then they are doing him and themselves a great injustice.
Hopefully no info got stolen from SOE, but has just shown SOE the holes in the system they can now fix and be stonger than anything, before true criminals got access to it.
Blizzard have gone after credit sellers and sued them, and gone to great lengths to sqush these people by going to court numerous times, and joined forces recently with paypal to put a further lockdown on things, but they still keep coming back for more. There is plenty of angry people with the potential to hack into Blizzards databases, like with what happened with SOE, and do it more quietly than the Geohot propaganda.
There is still holes in Blizzard systems, and hackers are getting info somehow. They may even be hacking their databases like hackers did to SOE, and doing it under Blizzards radars
Also key words "may have been stolen" (NOT "was stolen")
I dunno... I think Tux did it... just sayin'.
I do love the fact that no only did SOE hose us with the game, they have now done it with out accounts.
When the Kashyyyk planet first went live in SWG, I went down to the Ryatt trail and ended up miles above the planet and /unstick wouldn't work so I sent a ticket and logged out and it wasn't until 13 days later a CSR responded and finally moved my character- extremely frustrating time.
Hm, the "as well as" is making the trouble. Fortunately no strange e-mails yet however choosing a new password may come in handy.
Better safe than sorry.
I have had no issues with SOEs support speed since 2008 (never needed to befor then), and in game tickets get faster repsopnses than webpage tickets, although have needed to send in multiple tickets, which provikes them to respond, but had no luck with Blizzar with that! Maybe their staff is reduced too nowadays? Recession has hit almost everyone, in the last few years. Less staff + still loads more people + more problems = slower service