account
Latest
Yahoo to strip Facebook and Google logins from Flickr starting June 30th
Yahoo's slowly been closing off third-party logins for its web services, but it's now turning its attention to one of its most-established communities: Flickr. The Next Web reports that the company has emailed users telling them that Facebook and Google account logins will be removed from the photo-sharing site starting June 30th. Yahoo previously said the change would allow it to offer "the best personalized experience to everyone," but given its desire to reinvent itself, ridding its services of rival logins keeps users inside its walled garden and helps boost its own userbase. If your desired login option will cease to exist come June 30th, Yahoo asks that you log into the site one last time using your Facebook or Google details. You'll be required to create a new Yahoo account, which will then be linked with the account you've used previously.
Microsoft accounts now let you flag suspicious activity before it's a problem
Internet account security is frequently a black box; you may not know that something's wrong until there's a notification email or a credit card bill. If you use a Microsoft account, though, you now have some preventative tools. A new security upgrade lets account holders see a history of recent sign-in attempts and settings changes. They can warn Microsoft if there's something amiss, such as foreign access or unexpected password resets. The refresh also provides more control over where notifications go, and fans of two-factor authentication can create recovery codes so that they're never completely locked out. Redmond's security improvements won't stop hackers by themselves, but the company will use account warnings to refine its protection -- any attempts to crack your account could help others avoid the same fate.
Sony resetting some PSN passwords as a 'precautionary measure'
PSN users around the world have been booting up their various consoles only to be confronted with a message saying their passwords are incorrect. They've then had to go through the rigmarole of creating new login details, usually while still in the dark as to what happened to their accounts in the first place -- and whether they might have been hacked. Sony has since put out an explanation via various official channels in the US, EU and Japan, saying that only "some" users have been affected and that the password resets are "purely a precautionary measure" for "routine protection." We've contacted the company for clarification on its policy about contacting users individually in this sort of situation, and also to see if we can find out a little more about this "non-specific" threat to certain accounts.
Nintendo 'very aware' of desire for Wii U, 3DS unified accounts
Dan Adelman, Nintendo of America's go-to indie guy, recently told Destructoid that although Nintendo is "very much aware" of customer feedback calling for unified accounts across the Wii U and 3DS eShop, there is currently nothing to announce regarding the feature. "We don't have anything new to announce, unfortunately, other than we've definitely heard that feedback many times from both inside and outside the company," Adelman said. "It's definitely something that we're very much aware of. All development for the infrastructure really happens out of Japan, so we've kind of communicated this need in the market, and they're very much aware of it and working towards really just always improving the eShop." Unity on Wii U? Check. Unity across Wii U and 3DS accounts? Not so check.
Some PlanetSide 2 European accounts have been compromised [Updated]
You know the drill people: Accounts hacked, time to change those passwords ASAP. Who's affected this time around? It's the runners-and-gunners of PlanetSide 2 in Europe. Email addresses and passwords for some accounts were exposed, and affected players have been notified that they should create a new secret code so that the unwashed hackers don't gain entry to personal accounts elsewhere. ProSiebenSat.1 issued the warning last night: "We have ascertained that there was recently unauthorized third-party access to one of our systems. The possibility that your data (email address and password) has been accessed by an unauthorized third party cannot be excluded. We were able to detect the problem promptly and took all necessary action to rectify the issue." The company said that account data are encrypted and issued instructions how to change your password if this impacts you. No European SOE PlanetSide 2 accounts were affected by the intrusion. [Thanks to the mighty Tandor for the tip!] [We've updated the article to clarify that only some PSS1 accounts were affected. SOE's European accounts are in the clear.]
ArenaNet implementing mandatory password change for Guild Wars 2 players
If you've logged in to Guild Wars 2 lately and have seen a bright red banner at the top of your launcher suggesting that you change your password, your time is almost up. On February 7, 2013, all players who haven't changed their password since September 12, 2013 will need to choose a new password before playing the game. Interestingly enough, ArenaNet has compiled a blacklist of passwords that have been exploited by hackers in the past, so you might be out of luck trying to use "12345" or "password" or even "massivelyisawesome." Head on over to the account management site to change your password today.
Microsoft switches on Sina Weibo integration for Chinese users of Windows, WP and SkyDrive
Sino Weibo is like Twitter, it's often said, but there are some key differences: the service is mainly used within China, it's heavily censored, and it's never been particularly well integrated into the major mobile ecosystems. That final issue is starting to change, however, as Liveside is reporting that Microsoft accounts now permit Sina Weibo connectivity. This allows crosstalk between a Chinese user's microblogging world and their Windows Phone, Windows 8 device and SkyDrive storage -- for example, allowing them to see Weibo contacts in WP's People hub or share direct links to cloud-stored files. It's not known exactly how many of the service's estimated 400 million users have adopted Windows Phone, but this update potentially gives them one more reason to hop aboard.
Blizzard faces class action suit over account authenticators
Blizzard Entertainment is facing a class action lawsuit over the sale of its Battle.net authenticators, which are used to provide security for player account information for games such as World of Warcraft and Diablo 3. The suit, filed by the law firm Carney Williams Bates Pulliam & Bowman, PLLC in the Central District of California, alleged that the authenticators were needed by players "in order to have even minimal protection for their sensitive personal, private, and financial data." The lawsuit referred to an August security breach in which no financial user data was reported to be stolen.The class action suit posited that Blizzard practiced "deceptive upselling," in that it allegedly failed "to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing."A Blizzard representative told Forbes that "this suit is without merit and filled with patently false information, and we will vigorously defend ourselves through the appropriate legal channels." The representative said the use of the authenticator tool was optional for players, and offered players "an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code."Blizzard's statement continued, "the suit's claim that we didn't properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed."
Mozilla Persona sign-in launches in beta, skips the social networking ball and chain (video)
We all know those web pages where the only alternative to a site-specific login is a social networking account. That's not very reassuring for anyone skittish about linking their commentary to a Facebook account relatives might see, if they're even willing to join a social network in the first place. Mozilla has been aware of that hesitation long enough to have just released its long-in-development Persona sign-in service as a beta. Although it has the same kind of simple approach to a login as a Facebook or Twitter pop-up window, Persona's emphasis is on privacy: it stops paying attention the moment credentials go through, keeping any diatribes or subscription details from landing in social streams or central databases. Users don't have to play a rousing game of guess-the-username, either, as they just need to sign in with one or more familiar e-mail addresses and a single password. Persona faces an uphill battle in getting web developer adoption when the establishment sign-in services are open to hundreds of millions of internet citizens, but it does have The Times' online crossword section, OpenPhoto and Voost as early poster children -- and anything that lets the privacy-minded join the party has our vote.
The Daily Grind: Do you immediately change your password when there's news of a hack?
Sadly, we hear more and more about hacking, phishing, and password theft these days in our favorite MMOs. When an outbreak occurs, blame is distributed to the usual suspects, but many times it breaks down to simple account housekeeping. The warnings come through, and we're all told to change our passwords immediately. Authenticators are sold in record number, and many people take the precautions they wish they had from the start. But are you one of the newly cautious? Do you take measure to protect your account the second you hear of a hacking outbreak, or do you figure it can't happen to you? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
North American players may now update their security questions
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators. In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea. Nethaera As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one. source
Blizzard security breach, no evidence that financial data was compromised
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here. The full post is below. Mike Morhaime Players and Friends, Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened. At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed. Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts. We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well. In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here. We take the security of your personal information very seriously, and we are truly sorry that this has happened. Sincerely, Mike Morhaime source
Amazon, Apple stop taking key account changes over the phone after identity breach
By now, you may have heard the story of the identity 'hack' perpetrated against Wired journalist Mat Honan. Using easily obtained data, an anonymous duo bluffed its way into changing his Amazon account, then his Apple iCloud account, then his Google account and ultimately the real target, Twitter. Both Amazon and Apple were docked for how easy it was to modify an account over the phone -- and, in close succession, have both put at least a momentary lockdown on the changes that led to Honan losing much of his digital presence and some irreplaceable photos. His own publication has reportedly confirmed a policy change at Amazon that prevents over-the-phone account changes. Apple hasn't been as direct about what's going on, but Wired believes there's been a 24-hour hold on phone-based Apple ID password resets while the company marshals its resources and decides how much extra strictness is required. Neither company has said much about the issue. Amazon has been silent, while Apple claims that some of its existing procedures weren't followed properly, regardless of any rules it might need to mend. However the companies address the problem, this is one of those moments where the lesson learned is more important than the outcome. Folks: if your accounts and your personal data matter to you, use truly secure passwords and back up your content. While Honan hints that he may have put at least some of the pieces back together, not everyone gets that second chance.
League of Legends accounts compromised
Given League of Legends' immense popularity, we knew it was only a matter of time before a large-scale hacking attempt succeeded against Riot Games' MOBA juggernaut. The firm sent out an email this weekend notifying EU West and EU Nordic and East customers that their account details may have been compromised. PC Gamer reports that players' "email addresses, encrypted account passwords, and dates of birth have been leaked." Riot bigwigs Marc Merrill and Brandon Beck posted an apology on the EU West forums and implored users to change their login credentials, as "more than half of the passwords were simple enough to be at risk of easy cracking."
Blizzard: Diablo 3 account compromises historically in line with WoW expansions
The Blizzard forums are bursting with stories of Diablo 3 players' gold and items magically disappearing from their accounts, and while we bemoan the losses they're not entirely surprising."Historically, the release of a new game -- such as a World of Warcraft expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo 3," Blizzards told Joystiq this evening. "We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well."
The Daily Grind: How do you keep track of your passwords?
It's a hazard of the job that we accumulate scores of passwords while writing at Massively. It makes sense: Every new MMO tried means a new account, and because I'm not stupid, a new password. Unfortunately, the numbers began to pile up on me and I began to realize that there was no way I was going to remember all of these for when I'd go back to a game months after the fact. My old system used a common theme (say, names of Pokemon) that allowed for different passwords while giving me a chance at guessing them if I forgot. My new system is a $0.99 notebook that I desperately hope my kids don't discover and chew up. It's a slight improvement but not perfect. So I'm curious: How do you keep track of your passwords? Do you memorize them, write them down in a notebook, have a text file on your computer, or use a password manager program? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
Warhammer Online is cross-promoting with Wrath of Heroes
Are you the sort of player who just can't get enough of Warhammer Online, whether in classic form or the new Wrath of Heroes bite-sized version? Or are you a fan of the latter game and not sure if you want to keep up a subscription to the former? The latest cross-promotional deal for the games is aimed directly at players like that -- starting now, any players with active Warhammer Online subscriptions will receive a 50% bonus to gold and experience in Wrath of Heroes. There's no complicated process to getting the bonus; if you have both accounts on the same EA/Origin account, your characters will reap the benefits, although it may take up to 24 hours for the system to line up if you've just started a subscription. The bonus also stacks with items from the Wrath of Heroes store, letting veterans of Warhammer Online get ahead in the new game.
Spotify: by the way, you still get unlimited songs with a free account
Remember that six month deadline we warned you about back in January? Well, it looks like Spotify wasn't so gung-ho about limiting the free version of its service, after all. The site is celebrating its nine month anniversary in the States by reminding users that it still has yet to impose a song limit for the unpaid variety. Spotify is extending the deal -- it's not saying for how long, though the mere reminder could certainly be taken as a sign that the sometimes overbearing record labels aren't hounding it to switch things up anytime soon. Of course, Spotify still really wants to get you to opt into a paid account to drop some of those ads from your stream, but if you don't want to pay, that's cool too.
Skyfire browser brings account switching to iPad with HotSwap
Skyfire is among the most popular third-party browser apps in the App Store, bringing quite a few solid browsing features that mobile Safari doesn't have to the iPhone and the iPad. And here's yet another one: The latest update to Skyfire adds account switching capabilities, so multiple users on one device can have their bookmarks, history, account logins, and all other browser settings set for them when they first log in to the app. While we have seen information that many households run more than one iOS device, there are certainly plenty of houses out there where the family shares one iPad, and in those situations (as the company's trailer shows), account switching can be very helpful. Skyfire's feature is called HotSwap, and allows for up to four different accounts to be used on one device at one time. The app's probably most famous for allowing users to watch Flash-based videos on the iPad, by separately compressing and then streaming them straight to the device. You can pick up Skyfire on the App Store now for $2.99.
Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air
Google says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Things aren't quite back to normal in the Big G's world of mobile money, however. Users still find themselves caught between two competing arguments over an entirely different vulnerability, which involves a 'brute-force' attack on rooted devices. Google insists that this isn't a major concern, so long as Wallet users refrain from rooting, and that the system still "offers advantages over the plastic cards and folded wallets in use today." On the other hand, the company that discovered this issue -- zvelo -- has come back at Google with an equally blunt response. It acknowledges that a handset must be rooted to be vulnerable, but crucially its researchers also say that a device doesn't have to be rooted before it's stolen. In other words, they allege that a savvy thief can potentially steal a phone and then root it themselves, and they won't be happy with Wallet until it requires longer PIN number. Whichever argument sways you, it's worth bearing in mind that there's no evidence that anyone has yet managed to exploit these weaknesses for criminal purposes.
