(08-15-2012, 06:34 PM)shoju Wrote: I guess the part that surprised me, was that this information, which is supposed to help keep accounts safe, was in some way shape or form exposed to a hack/loophole/open door.
I wont pretend to understand how they have it set up, but it seems.... less than optimal.
It's really no different than them getting to the SRP passwords. It's a breach, and the authenticator serials would have to be stored somewhere near the passwords. However, in reality, the most usable part they got was the email addresses to send phishing emails to for the gullible to click on.
The rest? The authenticator info, as I mentioned above, is of questionable value, unless they can reverse-engineer it to get codes somehow, which I have no idea whether they can or can't easily. My money is on not being able to easily.
SRP passwords? Too much trouble to decrypt.
Secret answers? Theoretically those could be used to reset passwords on an account, but, I'm hopeful that Blizzard isn't going to blindly let people use exposed secret answers for password resets at the moment. Maybe secret answers plus a scanned DL image? Who knows?
So, yes, it's disturbing that they got breached. However, no one is immune, Blizzard hasn't appeared to try to hide it, and in fact has been pretty forthcoming about what was lost. They have a much better track record than some others, and lost less 'easily usable' information than is lost in many cases.
--Mav