So I heard Blizzard is losing customers

Anything, including off-topic posts

Moderators: Fridmarr, Worldie, PsiVen, Sabindeus, Aergis

Re: So I heard Blizzard is losing customers

Postby Lieris » Fri Aug 10, 2012 10:30 am

CC numbers didn't get stolen in the PSN hack.
Lieris
Maintankadonor
 
Posts: 1521
Joined: Mon Jun 18, 2007 7:49 am

Re: So I heard Blizzard is losing customers

Postby Fetzie » Fri Aug 10, 2012 10:37 am

Teranoid wrote:
KysenMurrin wrote:You can't complain about something if something worse has happened before?


No you can complain all you want. People are acting like this was the fucking end of the world because they took 5 days to make sure they properly identified what happened and took the steps to remedy it and to make sure they knew exactly what did and didn't get out.

Sony waited a MONTH to tell their customers and their breach was even more severe due to CC numbers actually being stolen.

It's the typical stupidity of the community at-large that amuses me. Like Blizz should have said "lol we got hacked brb finding out how and what they got"


like the people freaking out now would have reacted any different if blizzard had announced it as soon as they shut the dude out.
Fetzie | Protection/Holy Paladin | EU-Kazzak
Former Author of the TankSpot Protection Paladin Guide
Image
Sagara wrote:You see, you need to *spread* the bun before you insert the hot dog.

bldavis wrote:we are trying to extend it as long as we can...it just never seems to last very long
User avatar
Fetzie
 
Posts: 2029
Joined: Sat Feb 07, 2009 9:43 am
Location: Karlsruhe, Germany

Re: So I heard Blizzard is losing customers

Postby Fridmarr » Fri Aug 10, 2012 10:41 am

Nikachelle wrote:
Fridmarr wrote:Well a couple of things, I'm not sure what you mean by it's already too late. We don't know precisely yet what information was compromised, or if battle.net is even able to determine that conclusively.

Secondly, it's hardly trivial to have someone racking up fraudulent charges on your cards, even if you can ultimately get it cleared there are all sorts of annoying problems. Also, some people use debit cards, meaning until they can get the transactions cleared their actual money is gone, that's a really big deal when you try to use that money to pay bills and stuff.

If the hackers have already accessed Blizzard's database (even if Blizzard doesn't know the extent of it), then chances are they already have your information. People who cancel their accounts now aren't protecting themselves from anything if the information is already leaked.

Also, debit cards tend to have pretty severe withdrawal restrictions on them, especially when compared to credit cards. Most banks actually reduce cash withdrawal limits to around $200-$500 a week in order to prevent large fraud. Online purchases may be limited at $1000 per week (often lower). I understand these amounts aren't trivial to some people (I'm not saying it's trivial to me either for the record), but the chances of actually losing that money are slim to begin with. Banks already have security precautions in place that usually prevent fraud before it even happens - I mean, how many times have people been on vacation in another country and your bank's basically gone "OH SHIT FRAUD. LOCK THAT DAMN CARD DOWN" and you're no longer able to use that card? If your transaction history is such that your card is being used in a location you are unlikely to go to and/or does not reflect your typical transaction records, the bank is more than likely to shut your card down first and ask questions later.

I just really want to dissolve this mass fear that seems to happen whenever someone gets access to your information. At the end of the day, you are not responsible and you WILL get your money back (if you even lose it in the first place).

My debit card actually has no limit on what I can charge (outside of my account balance) just what cash I can withdraw at an ATM. I also have whatever bills I can come out of a credit card (cash back bonus) so if someone were to max that out and it started refusing transactions that could be a problem and could cost me money in terms of late fees, and a headache of getting a new card and all those accounts updated with the new number.

Despite all the efforts of banks to detect and prevent these sorts of transactions, a lot of them do in fact get through. My point on that would be that having your credit card numbers stolen isn't a trivial matter. Sure there are protections in place, but you can also have real expense come out of it.

I don't think people are quitting because they think it will stop fraud with their information that has already been taken, but more out of anger that their information was compromised. Although, depending on the data taken, and the linkage from your battle.net accounts to credit sources, removing that information from your account does add some security to a system that you already know has been breached.

Are people overreacting? Sure, that always happens, but this isn't a trivial thing either.
Fridmarr
Global Mod
 
Posts: 6465
Joined: Sun Apr 08, 2007 1:03 am

Re: So I heard Blizzard is losing customers

Postby theckhd » Fri Aug 10, 2012 10:43 am

Does canceling your account actually remove that information though? I've never canceled my subscription, so I don't know one way or the other, but wouldn't they just keep your payment information in the database to make it easier for you to re-subscribe later?
"Theck, Bringer of Numbers and Pounding Headaches," courtesy of Grehn|Skipjack.
Simcraft 6.x, Call to Arms 6.0, Talent Spec & Glyph Guide 6.x, Blog: Sacred Duty
User avatar
theckhd
Moderator
 
Posts: 6211
Joined: Thu Jul 31, 2008 3:06 pm
Location: Harrisburg, PA

Re: So I heard Blizzard is losing customers

Postby Worldie » Fri Aug 10, 2012 10:46 am

Cancelling the subscription does remove the card number.

But i know blizzard stores the card numbers used for previous payments. I know it because once I got my credit card info robbed, and someone paid some months of gametime with it, and when i asked to deal with this problem, they not only told me how many months had been payed with my card, but also repayed them all to me.
theckhd wrote:Fuck no, we've seen what you do to guilds. Just imagine what you could do to an entire country. Just visiting the US might be enough to make the southern states try to secede again.

halabar wrote:Noo.. you don't realize the problem. Worldie was to negative guild breaking energy like Bolvar is to the Scourge. If Worldie is removed, than someone must pick up that mantle, otherwise that negative guild breaking energy will run rampant, destroying all the servers.
User avatar
Worldie
Global Mod
 
Posts: 8704
Joined: Sun Sep 02, 2007 1:49 pm
Location: Italy

Re: So I heard Blizzard is losing customers

Postby Fridmarr » Fri Aug 10, 2012 10:48 am

theckhd wrote:Does canceling your account actually remove that information though? I've never canceled my subscription, so I don't know one way or the other, but wouldn't they just keep your payment information in the database to make it easier for you to re-subscribe later?
I don't know the semantics of what blizzard does with that data. They shouldn't retain enough credit card information that allows you to make purchases without having to enter in some identifying data though.
Fridmarr
Global Mod
 
Posts: 6465
Joined: Sun Apr 08, 2007 1:03 am

Re: So I heard Blizzard is losing customers

Postby Nikachelle » Fri Aug 10, 2012 11:02 am

Fridmarr wrote:
Nikachelle wrote:
Fridmarr wrote:Well a couple of things, I'm not sure what you mean by it's already too late. We don't know precisely yet what information was compromised, or if battle.net is even able to determine that conclusively.

Secondly, it's hardly trivial to have someone racking up fraudulent charges on your cards, even if you can ultimately get it cleared there are all sorts of annoying problems. Also, some people use debit cards, meaning until they can get the transactions cleared their actual money is gone, that's a really big deal when you try to use that money to pay bills and stuff.

If the hackers have already accessed Blizzard's database (even if Blizzard doesn't know the extent of it), then chances are they already have your information. People who cancel their accounts now aren't protecting themselves from anything if the information is already leaked.

Also, debit cards tend to have pretty severe withdrawal restrictions on them, especially when compared to credit cards. Most banks actually reduce cash withdrawal limits to around $200-$500 a week in order to prevent large fraud. Online purchases may be limited at $1000 per week (often lower). I understand these amounts aren't trivial to some people (I'm not saying it's trivial to me either for the record), but the chances of actually losing that money are slim to begin with. Banks already have security precautions in place that usually prevent fraud before it even happens - I mean, how many times have people been on vacation in another country and your bank's basically gone "OH SHIT FRAUD. LOCK THAT DAMN CARD DOWN" and you're no longer able to use that card? If your transaction history is such that your card is being used in a location you are unlikely to go to and/or does not reflect your typical transaction records, the bank is more than likely to shut your card down first and ask questions later.

I just really want to dissolve this mass fear that seems to happen whenever someone gets access to your information. At the end of the day, you are not responsible and you WILL get your money back (if you even lose it in the first place).

My debit card actually has no limit on what I can charge (outside of my account balance) just what cash I can withdraw at an ATM.

Do you know this for an actual fact? Or are you assuming? From personal experience, bank customers are usually pretty unaware of their limits because they never actually reach their limits in a given week.
User avatar
Nikachelle
Maintankadonor
 
Posts: 8406
Joined: Mon Mar 23, 2009 10:39 am
Location: Toronto, Canada

Re: So I heard Blizzard is losing customers

Postby Fridmarr » Fri Aug 10, 2012 11:06 am

I'm 100% certain. In fact I recently used it to drop a rather hefty down payment on a new car. Because of the balances that I maintain at my bank (mostly stemming from my mortgage loan which counts towards that balance) I have a "premium" account that doesn't really have many limits.
Fridmarr
Global Mod
 
Posts: 6465
Joined: Sun Apr 08, 2007 1:03 am

Re: So I heard Blizzard is losing customers

Postby Nikachelle » Fri Aug 10, 2012 11:19 am

Fridmarr wrote:I'm 100% certain. In fact I recently used it to drop a rather hefty down payment on a new car. Because of the balances that I maintain at my bank (mostly stemming from my mortgage loan which counts towards that balance) I have a "premium" account that doesn't really have many limits.

That's an assumption then. Just because you can drop a lot of money on a car in one go (even if you paid the entire amount outright) doesn't automatically mean you have zero limits on your account in terms of spending. (For example, my bank's limits used to be $15 000 in a single transaction. Over the years, this has come down significantly, but I can see how that kind of limit would lead people to assume that they had no limits whatsoever.)

Your account type does not dictate expenditures allowable (although your varied accounts will of course reflect how much leeway the bank is willing to give you since you'll already have a very large loan with them due to your mortgage). It's actually your card, not the account, that controls the outward flow of your money. If you are a typical large spender and usually hit high weekly amounts on your account, then the bank will gradually increase your limit so that you can spend more and more (similar to how credit card companies will often up your credit limit if you are consistently getting close to the total loan amount).
User avatar
Nikachelle
Maintankadonor
 
Posts: 8406
Joined: Mon Mar 23, 2009 10:39 am
Location: Toronto, Canada

Re: So I heard Blizzard is losing customers

Postby KysenMurrin » Fri Aug 10, 2012 11:23 am

I'm not aware of any limits on my debit card apart from £250 on ATM withdrawals. At least I can't find a single thing mentioning any limits on my bank's website. I think the most I've used it for, though, was booking flights and hotel earlier this year for about £850.

Anyhow, we know they didn't get any billing info. This is what they got:
What data was affected?
Here's a summary of the data that we know was illegally accessed:

North American-based accounts, including players from Latin America, Australia, New Zealand, and Southeast Asia:

Email addresses
Answers to secret security questions
Cryptographically scrambled versions of passwords (not actual passwords)
Information associated with the Mobile Authenticator
Information associated with the Dial-in Authenticator
Information associated with Phone Lock, a security system associated with Taiwan accounts only


Accounts from all global regions outside of China (including Europe and Russia):

Email addresses


China-based accounts:

Unaffected
KysenMurrin
 
Posts: 4839
Joined: Thu Jun 26, 2008 6:37 am
Location: UK

Re: So I heard Blizzard is losing customers

Postby Nikachelle » Fri Aug 10, 2012 11:25 am

KysenMurrin wrote:I'm not aware of any limits on my debit card apart from £250 on ATM withdrawals. At least I can't find a single thing mentioning any limits on my bank's website. I think the most I've used it for, though, was booking flights and hotel earlier this year for about £850.


Restrictions are at a personal level. They would've been included when you first got your debit or credit card (in the fine print) and can fluctuate at any time as the bank sees fit. The web site would be unlikely to list limits as they are different for every person based on personal transaction history.

I seriously just want to stress that just because people are not aware of limits, does not mean that they don't exist.
User avatar
Nikachelle
Maintankadonor
 
Posts: 8406
Joined: Mon Mar 23, 2009 10:39 am
Location: Toronto, Canada

Re: So I heard Blizzard is losing customers

Postby halabar » Fri Aug 10, 2012 11:41 am

There's another thing about this that pisses me off.. My WoW email address is a "clean" address that I use for a few other services. If that email address starts getting spammed to death, and I have to create a new address to use on all those services, I will be quite upset, and though I don't expect Blizz to answer, I'll send them an invoice for my time cleaning that up.
Amirya wrote:... because everyone needs a Catagonskin rug.

twinkfist wrote:i feel bad for the Mogu...having to deal with alcoholic bears.
User avatar
halabar
 
Posts: 6557
Joined: Fri Jun 08, 2007 8:21 am
Location: <in the guild that shall not be named>

Re: So I heard Blizzard is losing customers

Postby Fridmarr » Fri Aug 10, 2012 1:33 pm

Nikachelle wrote:
Fridmarr wrote:I'm 100% certain. In fact I recently used it to drop a rather hefty down payment on a new car. Because of the balances that I maintain at my bank (mostly stemming from my mortgage loan which counts towards that balance) I have a "premium" account that doesn't really have many limits.

That's an assumption then. Just because you can drop a lot of money on a car in one go (even if you paid the entire amount outright) doesn't automatically mean you have zero limits on your account in terms of spending. (For example, my bank's limits used to be $15 000 in a single transaction. Over the years, this has come down significantly, but I can see how that kind of limit would lead people to assume that they had no limits whatsoever.)

Your account type does not dictate expenditures allowable (although your varied accounts will of course reflect how much leeway the bank is willing to give you since you'll already have a very large loan with them due to your mortgage). It's actually your card, not the account, that controls the outward flow of your money. If you are a typical large spender and usually hit high weekly amounts on your account, then the bank will gradually increase your limit so that you can spend more and more (similar to how credit card companies will often up your credit limit if you are consistently getting close to the total loan amount).
Sorry, I'll be more explicit. Yes, I'm 100% certain, no I'm not making an assumption. I probably shouldn't have given that example. The feature is tied to my account type because that account type is backed by another credit account to deal with overdrafts.

Anyhow, we are getting way off topic, my point was merely that a person placing fraudulent charges on a debit/credit card can still cause quite a bit of pain, even if those transactions ultimately get removed.
Fridmarr
Global Mod
 
Posts: 6465
Joined: Sun Apr 08, 2007 1:03 am

Re: So I heard Blizzard is losing customers

Postby Nikachelle » Fri Aug 10, 2012 3:56 pm

No way. There is no way that you have a debit card that does not have a limit (unless your name is Bill Gates or something - and even then, I don't even know if it's viable for the system to accept no limits - there HAS to be a limit somewhere). Overdrafts ups your available limit based on your credit availability but does not allow you to exceed the total limit available via the card. Your limit may be insanely high (over 2 million for example), but there is no way that you do not possess a limit on your card.
User avatar
Nikachelle
Maintankadonor
 
Posts: 8406
Joined: Mon Mar 23, 2009 10:39 am
Location: Toronto, Canada

Re: So I heard Blizzard is losing customers

Postby degre » Fri Aug 10, 2012 6:21 pm

Shoju wrote:I don't know how it is in canada, but in the US, the "fear" of Identity Theft is rampant.

I run my businesses website through paypal. Even the merchant account, because instead of our small business trying to stay ahead on security measures, it's Paypal's bill, and I'm ok with paying a little more per transaction to keep it that way.

You would be blow away by how many people still call in to give me a card over the phone because they just can't stand the idea of putting that info online, because "WHAT IF THEY STEAL MAH IDENTITY!?"

Which is funny, because they decide not to trust the website while they trust you, who could steal their identity all the same because they are giving you all the info you need.
On EU-Kadghar: Degre | Beldegre | Degrotto | Koshien | Sousuke
User avatar
degre
 
Posts: 724
Joined: Thu Oct 11, 2007 7:11 pm
Location: Oxford, UK

Re: So I heard Blizzard is losing customers

Postby Skye1013 » Sun Aug 12, 2012 7:21 pm

Yes, but anyone could be behind a computer system. If you have someone on the phone, there is at least a little bit of accountability associated with it. That being said... nothing prevents people from tapping phones (other than illegality... but they're already breeching that by trying to steal identities anyway.)

I went in and changed my password. I'll probably go in today and change my security questions. Beyond that:

1) If my account gets hacked, it's just a game, and it can be restored

2) If I suffer from identity theft, it's mostly just money (could be credit rating issues until it gets cleared up, though even that comes down to money in the long run), and it can be restored

Either way, I don't really blame Blizzard. No matter how in depth your security is, someone will ALWAYS find a way around it. It's simply a matter of time. Blizz is doing everything they can, and have notified people of the issue. If they tried to cover it up, THEN I could possibly see blaming them and cancelling my account.
"me no gay, me friends gay, me no like you call me gay, you dumb dumb" -bldavis
"Here are the values that I stand for: I stand for honesty, equality, kindness, compassion, treating people the way you wanna be treated, and helping those in need. To me, those are traditional values. That’s what I stand for." -Ellen Degeneres
"I'm not going to censor myself to comfort your ignorance." -Jon Stewart
Horde: Clopin Dylon Sharkbait Xiaman Metria Metapriest
Alliance: Schatze Aleks Deegee Baileyi Sotanaht Danfer Shazta Rawrsalot Roobyroo
User avatar
Skye1013
Maintankadonor
 
Posts: 3548
Joined: Tue May 18, 2010 5:47 am
Location: JBPH-Hickam, Hawaii

Re: So I heard Blizzard is losing customers

Postby Koatanga » Sun Aug 12, 2012 7:43 pm

Speaking of security, and not meaning to derail, but just a little rant:

Why the heck do so many password validation processes insist on capitals and numbers in a password? It would take years longer to hack "thisiskoatangassupersecretpassword" than "1Bfq7r!#" by brute force methods. If you ask someone to make a password containing caps and numbers that is at least 8 characters long, most people will stop at 8 characters, because they don't want to remember more gobbledygook. But encouraging a minimum-length password only reduces the time a brute-force method would take to hack it.
Un-Retired. Ish. Koatanga, Shapely, Sultry of Greenstone - Dath'Remar
Koatanga
 
Posts: 1671
Joined: Mon Nov 17, 2008 12:46 pm

Re: So I heard Blizzard is losing customers

Postby Skye1013 » Sun Aug 12, 2012 9:12 pm

There is an XKCD comic about that.

I think this is it, but it's not loading for me, so I'll double check later (if someone else doesn't before I get around to it.) http://xkcd.com/936/
"me no gay, me friends gay, me no like you call me gay, you dumb dumb" -bldavis
"Here are the values that I stand for: I stand for honesty, equality, kindness, compassion, treating people the way you wanna be treated, and helping those in need. To me, those are traditional values. That’s what I stand for." -Ellen Degeneres
"I'm not going to censor myself to comfort your ignorance." -Jon Stewart
Horde: Clopin Dylon Sharkbait Xiaman Metria Metapriest
Alliance: Schatze Aleks Deegee Baileyi Sotanaht Danfer Shazta Rawrsalot Roobyroo
User avatar
Skye1013
Maintankadonor
 
Posts: 3548
Joined: Tue May 18, 2010 5:47 am
Location: JBPH-Hickam, Hawaii

Re: So I heard Blizzard is losing customers

Postby rodos » Mon Aug 13, 2012 12:46 am

Do note that "standard English prose", like thisiskoatangassupersecretpassword, is not necessarily a great password because there's a lot of predictability in word-order and most people will actually choose words from a small subset of their vocabulary.

Using truly random words from a very long list is, however, a good way to come up with a memorable password. Basically, you're chosing a few (4-5) tokens from a very big set (many thousands), rather than a few more (8-10) from a much more limited set (~70 upper case, lower case, numbers and symbols). Because there's less random items, and they're items that you are likely to be able to make a mental image of, such a password is easier to remember than "!;Q7$wNVz".

More info: http://www.diceware.com/
User avatar
rodos
 
Posts: 480
Joined: Mon Sep 24, 2007 8:20 pm

Re: So I heard Blizzard is losing customers

Postby Shoju » Tue Aug 14, 2012 11:07 am

I was actually told by a popular website that my password I was trying to use was TOO LONG.
User avatar
Shoju
 
Posts: 5068
Joined: Mon May 19, 2008 7:15 am

Re: So I heard Blizzard is losing customers

Postby KysenMurrin » Tue Aug 14, 2012 11:10 am

I tried to set a too-long password for WoW a little while ago. Took me a week to realise, because all it does is stop adding letters when you keep typing past the limit.
KysenMurrin
 
Posts: 4839
Joined: Thu Jun 26, 2008 6:37 am
Location: UK

Re: So I heard Blizzard is losing customers

Postby mavfin » Tue Aug 14, 2012 11:12 am

KysenMurrin wrote:I tried to set a too-long password for WoW a little while ago. Took me a week to realise, because all it does is stop adding letters when you keep typing past the limit.


Yeah, it stops at 16 chars, I believe, but that's still a nice length that is a bit difficult to brute-force.
--Mav
mavfin
 
Posts: 674
Joined: Mon Oct 13, 2008 8:33 pm

Re: So I heard Blizzard is losing customers

Postby Flex » Tue Aug 14, 2012 11:14 am

The XKCD comic is pretty good. Key things is to never collapse spaces, if the password doesn't allow spaces replace spaces with another special character.
We live in a society where people born on third base constantly try to steal second, yet we expect people born with two strikes against them to hit a homerun on the first pitch.
User avatar
Flex
 
Posts: 4677
Joined: Tue Jul 10, 2007 7:29 am

Re: So I heard Blizzard is losing customers

Postby Fridmarr » Tue Aug 14, 2012 11:31 am

Koatanga wrote:Speaking of security, and not meaning to derail, but just a little rant:

Why the heck do so many password validation processes insist on capitals and numbers in a password? It would take years longer to hack "thisiskoatangassupersecretpassword" than "1Bfq7r!#" by brute force methods. If you ask someone to make a password containing caps and numbers that is at least 8 characters long, most people will stop at 8 characters, because they don't want to remember more gobbledygook. But encouraging a minimum-length password only reduces the time a brute-force method would take to hack it.

It depends what you are referring to as brute force. In the case of english sentences, standard dictionaries (password specialized) are regularly employed to send various strings at the authenticator. That's by far the more common attack and in that case random characters are far more secure than a sentence. Random characters probably won't be broken by that method at all.

Now in this case, the perps have the password hash on hand, so they can send a set of characters at the hash algorithm until it spits out the same hash. In that case, neither password is secure but as you said longer passwords take much longer to derive than shorter ones. However, for you to gain much of an advantage there, you have to be dealing with someone who has the hashed value, which they only get by breaking in in the first place.

So I think the random character password works better against the vast majority of attacks.
Fridmarr
Global Mod
 
Posts: 6465
Joined: Sun Apr 08, 2007 1:03 am

Re: So I heard Blizzard is losing customers

Postby degre » Wed Aug 15, 2012 6:59 am

You also need to keep in mind that not only the password has to be secure, but you need to remember it.

I employ a number of different passwords and I don't believe I'd be able to remember a bunch of 1Bfq7r!# pass, more likely I'll have to write it down somewhere and what's the point in having a secret password if you have to write it where can be found?

As for myself, I use acronyms and they've served me well for years, I take a sentence easy to remember and use the first letter of each word, I usually end up with a 9/10 characters password which is as random as 1Bfq7r!#, but I can actually remember and I don't need to write it down or reset my pass every other use cause I've forgot it.
On EU-Kadghar: Degre | Beldegre | Degrotto | Koshien | Sousuke
User avatar
degre
 
Posts: 724
Joined: Thu Oct 11, 2007 7:11 pm
Location: Oxford, UK

PreviousNext

Return to General

Who is online

Users browsing this forum: No registered users and 1 guest

Who is online

In total there are 2 users online :: 0 registered, 1 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 380 on Tue Oct 14, 2008 6:28 pm

Users browsing this forum: No registered users and 1 guest