updated 10:15 pm EDT, Tue September 11, 2012
Watermark by Blizzard found in images captured since 2008
Blizzard has reportedly been caught watermarking screenshots generated by one of its games. Sendatsu, a user of the OwnedCore forums, claims to have noticed what appears to be artifacts in a screenshot that, after examining multiple images going as far back as 2008, was apparently found to contain details about the user, items not initially viewable from looking at the screenshot subjectively.
After three days of experimentation, it was found that each character had a different set of repeatable patterns watermarked on each image. The pattern, which consists of approximately 88 bytes of data repeated throughout, can give information of the character's account name and ID, timestamp of the screenshot, and information about the realm. It has been suggested that the images could be used by Blizzard to track users who are going against the game Terms of Service, including running a private server with an IP not matching Blizzard's own realms.
By hiding the user information in screenshots, this means that unless players edited the images to destroy the data, they will have unknowingly shared their user details in public for a considerable amount of time. Although the information does not include sensitive data such as passwords, the data could still be seen as a security risk, especially considering Blizzard suffered an internal network intrusion that saw encrypted Battle.net passwords and security questions being taken.
In recent months, a number of attacks on online companies has seen a large amount of customer data leaked online for others to see, and steganography embedded in images may add to the accumulated data. Over 6.5 million encrypted passwords from LinkedIn were posted to a Russian hacker forum in June, while Yahoo Voices, Formspring, Billabong, and Best Buy all suffered a similar fate in July. Technology journalist Mat Honan discovered his iCloud account compromised in a widely reported breach in August, which led to damage to other online services he used including Gmail and multiple Twitter accounts, and a loss of data on his MacBook.
Blizzard has been contacted for comment, and Electronista will update this story as the situation warrants. [via Slashdot]