Blizzard’s Battle.net has been compromised, change your passwords!
If you are like millions of other PC gamers out there, it is more than likely you have a Battle.net account, so now changing your passwords right away is vital.
For those console gamers who are not too familiar with Battle.net; it is Blizzard’s social gaming and account management software. World of Warcraft, Diablo 3 and Starcraft 2 are among a few of the games that on Battle.net.
Mike Morhaime has posted a message on Blizzard’s website mentioning about a security breach, saying that user account information on Battle.net has been ‘illegally compromised’. Before you completely panic, Blizzard seems certain that your credit card information has not been stolen and your billing addresses were not taken either. But, they did access email addresses for users who are outside of China. For those who are in the North American servers (Blizzard classes these as the USA, Latin America, New Zealand, Australia and Southeast Asia), the answers to personal security questions as well as information on Mobile and Dial-In versions of authenticators. If you happen to own a classic authenticator device though (the physical kind, where you press the button and a code appears) you will be okay.
“Based on what we currently know, this information alone is not enough for anyone to gain access to Battle.net accounts,” says Mike Morhaime.
China remains unaffected it seems.
General advice on the Battle.net security breach
According to an official FAQ on the subject, “Upon learning of the unauthorized access, we worked quickly to re-secure our network. Afterward, we immediately notified law enforcement as well as security experts and launched an ongoing investigation to determine what had occurred. We also took steps to notify players, which happened in a matter of days from the time we discovered the illegal access,” Blizzard were first aware of this on August 4th.
On the subject of ‘mobile authenticators” “we still believe that keeping mobile authenticators active provides a layer of security against unauthorized users who don’t have access to the compromised data. In fact, the mobile authenticator information by itself won’t grant access to a Battle.net account — that still requires the actual password as well. We are working quickly to deploy new mobile authenticator software and will notify players to update as soon as it’s available.”
Obviously Blizzard recommends you change your password as quickly as possible. “While Blizzard has no indication that any of your information was shared with any other unauthorized parties or that there has been any unauthorized use of your data, we urge all members of our community to closely monitor all of their online accounts.
As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. We take the security of your personal information very seriously, and we are truly sorry that this has happened.”
Blizzard’s Battle.net is the latest in a long line of high profile hacking targets
Blizzard certainly are not alone in being hacked, it was not too long ago Nvidia were the targets of an attack, and there have been numerous other companies who have of course been affected. The PSN blackout being perhaps the most famous (although the circumstances were vastly different to this). Once again, I would like to suggest people have multiple email accounts and so on, having one as a ‘don’t care’ that you use to sign up to random forums, websites and other things and another for more serious things (such as say Ebay, bills, bank accounts and so on) is a fairly good idea too. Although it will not protect you fully for phishing, it can only help.