Quote (Sanity @ May 23 2012 06:23pm)
Has anyone considered the possibility that the majority of people that were hacked have perhaps been tracked over the course of several months? Although Diablo III was only released a week ago, it's possible that the people hacked could have been targeted before release and the hackers have been waiting. I can't see how such a massive security flaw could exist with a company as experiences as blizzard. It's easy enough to be on something like a botnet for several months without knowing assuming you don't know what to look for.
I just can't see how hackers could acquire emails and password in order to hack accounts.
They use a MitM attack. MitM's are getting a lot more common now and the pressing issue is that the exploit is extremely hard to fix. Basically what it does is use a malware agent on a victim's computer to steal the victim's session, thereby circumventing authenticators entirely. Hackers do not actually obtain the victim's password nor do they need it or anything similar like email addresses. Given that MitM attacks are extremely common nowadays (there are dozens of programs out there that can steal people's passwords just by being on the same WiFi network with MitM using ARP poisoning and other such exploits,
http://code.google.com/p/subterfuge being one such program) it isn't surprising that it's been applied to the newest, multi-million dollar computer game by the scourge that is Chinese gold farmers. Anyways, patching this would be extremely difficult.
Guests cannot view or vote in polls. Please register or login.