08-15-2012, 06:29 PM
(08-15-2012, 04:45 PM)shoju Wrote: Yeah, this is the part that really surprised me. HOW THE !#*()% do you get that hacked? It does make the whole idea of the authenticator less enticing to be sure.
Probably got some of the Blizzard-end keys/serials exposed on some of the mobile authenticators. So, not 'hacked' as in hacked the authentication itself, but they may have the 'shared secret' for it. Whether that means they know the algorithm used from there is anyone's guess.
I'm sure they'll have people with the mobile authenticators affected reset their keys somehow, and that will fix any issue. I'm guessing that just having that key doesn't give the hackers access to the accounts w/o knowing *how* to use the key to generate the code on demand, or we'd have a bunch of new hacks from that. Also, they don't have passwords, just SRP hashes. Basically, they didn't get enough to hack any one account with the information stolen from Blizzard.
--Mav