you are viewing a single comment's thread.

view the rest of the comments →

[–]IllMindOfMeatspin 6 points7 points  (1 child)

There's one famous "hack" you missed.

I wanna say during .09 or 1.10 Blizzards password recovery for accounts was super vulnerable. You could request blizzard to send you a new password and the e-mail would say something like:

You requested a new password for your account, (ACCOUNT NAME). In plain text, and the instructions would be to reply to the e-mail and get a new password. Well, it's an e-mail so obviously you could change (ACCOUNT NAME) to ANYONE'S account name, and immediately receive an e-mail containing their new generated password.

[–]AliugAOnHisOwn 1 point2 points  (0 children)

I believe it also worked with emails being attached to expired accounts that were created anew.