Internal Breaches at Blizzard

Posted by Daeity On Friday, December 3, 2010

I've been sitting on this story since the end of November, still deciding whether to write about it. I was waiting for another confirmation before posting anything. But, it looks like some new information has hit the news outlets confirming what has been writing about.

Here are some links to bring you up to date:

Blizzard Product Slate Leaked
China Management Reshuffle
China GM Fired for Leak
Blizzard Release Schedule Leak?
Blizzard Angry, a Lot of Other Information Leaked
Competitors Trying To Buy Confidential Information

The information was leaked from a forum user, which, a very new website, picked up.

One item that concerned me was that new MMO was called "Project Titan". However, "Project Titan" is the exact same name as Ensemble Studio/Bungie's secret "Halo" MMOFPS project that was cancelled. It would be easy to get that information confused with Blizzard's MMO from all of the random internet sources out there. The "Codename Titan" has been around for a while too (I've even used it too), and there have been obscure forum posts calling Blizzard's new MMO "Titan" as well for several months now. The Portuguese translation ("WOW BRAZIL") has also been known internally for some time for example.

Keep in mind that "Project Titan" is just a code name too and it wouldn't be the actual name of the new MMO (which hasn't been decided yet).

For example,
Diablo 3 was called "Project Hydra".
Starcraft 2 was called "Project Alpha" then changed to "Project Medusa".
Cataclysm was called "Project South Seas" then changed to "Worldbreaker". (Another reason for the name change was because they significantly reduced the scope of the game so that they could reserve parts/zones/content for later expansions.)

(Note: For the past few years, Blizzard has been using names from Greek mythology to label their secret projects. Hydra, Medusa, Titan, and Phoenix are all from Greek mythology so if you wanted to create a new fake roadmap - just pick a name from mythology that can be interpreted a hundred different ways to keep people guessing.)

Here were the more interested tidbits of information I pulled out from these leaks and related news stories:

- It appears that we're getting a Warcraft movie (didn't need a leaked doc to tell us that), there's a Starcraft 2 Phoenix project that looks related to the Map Marketplace (probably map and game designs using the SC2 engine), and there's going to be an online multiplayer Warcraft trading card game. Sounds like a lot of fun! =]

- It also appears that the information might have been given to a Blizzard competitor already (sold?), and that someone there was the one who leaked it that Chinese forum. If this production release schedule is proved true, this is very bad for Blizzard's security.

- Other competitors are showing interest in purchasing this information (due to the sales information, full income/revenue breakdowns, advertising budgets, media plans, and subscriber details.)

- Global subscriber information (yes - you) is all out there in the open market now. It wouldn't contain credit card details though, this was a breach from a different database so to speak.

- Although it was believed that NetEase fully operated WoW in China with impunity (and Blizzard only provided Technical Support), apparently Blizzard has a deep penetration and large say in the complete operation and maintenance of WoW China. This means that Blizzard HQ is "okay" with the massive account selling/gold buying/selling in one country, but not okay with it in others. Talk about double standards. This is very interesting to know.

I've been talking about this for a little while now. For years, Blizzard has been stating that there have never been any breaches, there never will be any breaches, all echoed by Blizzard CS and Forum reps and fanboys. Well, it just happened like what I've been writing about all along.. simply put, it's all about the internal personnel breaches and leaks of information. "External hacking" attempts are much more rare and significantly more difficult by comparison.

But these internal breaches by employees are more frequent, this one just happened to make it public before Blizzard could seal the leak.

This is a pretty massive breach too - all global subscriber database information in fact. Paul Sams (remember him?) in fact had to take a trip to Shanghai to fix things there, and what was interesting is that they had a very quick (external) replacement after the "unexpected resignation" of their GM. Strange how they had someone so readily available..

Meanwhile, Blizzard maintains that this Release Schedule is just rumor and speculation, and that the resignations, management shuffle, and executive management travelling overseas are all just coincidence. =]

Oh! By the way.. here's what Blizzard has officially stated on the matter of security breaches:

There are substantial and multi-layered safeguards in place, after all. An inside job is IMPOSSIBLE!

The list just goes on and on..

Here are some other interesting reads from Forum Reps and Blizzard fanboys on the matter. Many players actually believe (falsely) that Blizzard is required by federal and/or state law to notify of data breaches, so logically there have been no breaches at all.

And finally.. here are some examples of security breaches that did actually occur before said official statements. These are just the ones that made it public too, there are tons of cases and even blogs/websites have received take-down notices from Blizzard.

Blizzard GMS, CS/Forum reps, and Community MVPs are all trained to say "There have been no security breaches." Don't believe everything you read though, that's just what they're trained to say - whether it's fact or not. But that's the beauty of plausible deniability.. plus, they may actually believe what they are conveying is the truth.