Blizzard laid off about 600 employees a few months ago.
I wonder if one or more of them might have been very upset at having lost their job(s) and hit back.
After all, who is better placed to hack Blizzard than someone who knows their security systems?
DEFCON was last week also.
Yeah you would never inform people until you had identified the source of the intrusion. Five days from the initial detection is a pretty good response if Blizzard is accurately reporting it. The first day or two would be spent going over logs to find out how an attacker gained access and how to remove that access - there isn't a magical red button killswitch they can use to insure they've secured the network from the attacker. Sending out any type of information would give a clear signal to perform any last act before access is lost (vandalism for some, last ditch efforts to get sensitive data for others). Its a matter of semantics but if it were me I would word the press release such that the 'initial report' is when the breach was confirmed and the source fully identified rather than just the first point at which unauthorized access was detected.
Doesn't the LFR legendary theory have major holes in it? It seems just as likely that the LFR weapons have the slot so that if you complete the legendary chain as a normal mode guild, without receiving the weapon drop, they can still put the gem in the LFR weapon as opposed to getting nothing out of it.
Unlikely that you'd get it before you got a weapon drop, but we didn't get a second caster spine trinket despite killing it for however long DS was out.