Blizzard's Battle.net hacked, change your passwords now
Blizzard, developer of such popular brands of gaming such as World of Warcraft, Starcraft and Diablo, is one of the most popular PC game companies.
The company's World of Warcraft MMORPG for instance still has nine million players that pay the company a monthly subscription fee to play the game.
A security update has been posted on the Blizzard website that informs all customers of the company that unauthorized and illegal access to its internal network was detected. Blizzard noticed the break-in this week and has then been working with security experts and law enforcement to investigate the hack since then.
According to the security update, the hackers managed to get their hands on the following data sets:
- A global list of email addresses of Battle-net users
- For North-American players, which includes Latin America, Australia, New Zealand and Southeast Asia), the answers to the personal security question, and information about Mobile and Dial-in authenticators were accessed as well.
- The encrypted passwords of players on North American servers have also been dumped by the attackers.
Investigators found no evidence that financial information such as credit cards or real names were compromised.
The attackers either were after North American user and account information, or managed to only get access to those. Since they managed to dump encrypted user passwords it is likely that they have already started to use dictionary-based and maybe even brute-force attacks to decrypt passwords to gain access to accounts.
Blizzard asks all North-American users to change their battle.net account passwords immediately to protect the account from unauthorized access. Users who have been using the same password on other services are asked to change the password at those web services to protect the accounts as well.
Blizzard lastly announced that it will prompt all players on North American servers to change their secret questions and answers in the coming days to block this way of accessing user accounts. The company furthermore will distribute an update for its mobile authenticator software.
Update: The attack was detected by Blizzard on August 4 according to Blizzard.Advertisement