What Blizzard Doesn't Want You To Know - Part 7

Posted by Daeity On Thursday, July 15, 2010

While I was looking around for public Blizzard employee information, I came across an old article from wow.com called "Account security mythbusting."

It's a very entertaining read, you should check it out.

The article was written by Michael Sacco (Dec 31st / 2008) where he disproves various "myths" about the company due to his vast experience working for Blizzard Entertainment.

Here were my 2 favorite parts from the article:

MYTH: Blizzard's internal security has been compromised, which is why these notices have gone up.

Blizzard's internal security has never been compromised. If your account is compromised, it is your fault.

Take it from the dude who worked there--it's not Blizzard's fault that your account was compromised.

Myth Status: BUSTED
Wow! That's a very bold statement!

Although... he does mention "hackers" breaking into Blizzard from the outside. That's a different approach then what I was writing about. I don't think he considered internal theft. It's not called "hacking" if the employee simply copies-and-pastes customer details into an email. =]

Monitoring software would catch that, though, but there are more sneaky ways to escort information outside of the building. Excluding malicious activity, sometimes it's just accidental: employees leaving USB/laptops in their cars, media disposal policy is weak leaving recoverable data on harddrives, or backup tapes going missing.

Like I said though, no security is foolproof and there's no such thing as 100% security. It's simply Data Security 101.
MYTH: Blizzard Authenticators can be hacked, removed, or bypassed by a third party.

Myth Status: BUSTED
Blizzard Authenticators can be removed by social engineering means (he confirms a couple ways). As for stating that it's impossible for Blizzard Authenticators to be hacked or bypassed.. sorry, it did happen.

Encryption can _eventually_ be brute force cracked (so I try to avoid words like "impossible", "never" or "can't"), but after all that there's no point in encryption if there's a keylogger on your PC.

His article has a few other "myths" too, but they're irrelevant to my earlier posts.

The following is a little background on Michael Sacco by the way.

He was a Blizzard employee (CS Forum Representative for 3 years) under the name Belfaire. His previous work experience before becoming a Joystiq editor were:
  • Community Representative (1 Year 1 Month)
  • Team Manager (11 Months)
  • In-Game Support Representative (10 Months)
  • Retail Clothing
Nothing about internal affairs or IT security related positions in his past. (Typically, you're privy to different levels of information based on your pay grade and the circles you operate in.)

Also, from what I was told by Blizzard employees, the internal affairs positions were part of a very small and "elite" team, and you were selected rather than applying for the position. This team was also heavily discouraged from interacting with the other ("regular") employees due to their important responsibilities.