World of Warcraft, Starcraft and Diablo players at risk after Battle.net hacking

10 Aug 2012

Blizzard Entertainment’s security team has discovered unauthorised and illegal access into its gaming network, Battle.net, home of World of Warcraft, Diablo, Warcraft, Starcraft – and millions of online gamers.

Blizzard immediately took steps to shut down the unauthorised access and launched an investigation into the matter, with the assistance of law enforcement and security experts.

“Even when you are in the business of fun, not every week ends up being fun,” wrote Blizzard CEO Michael Morhaime. “We take the security of your personal information very seriously, and we are truly sorry that this has happened.”

Morhaime confirmed that email addresses for players outside China and answers to security questions for players from North America, South America, Australia, New Zealand and Southeast Asia were compromised. Hashed phone numbers from a small number of users who use dial-in authentication were also taken, as well as data that could compromise the integrity of Battle.net’s mobile authentication service.

Finally, the hackers also made off with cryptographically scrambled passwords for players, but Blizzard assures that the measures it has in place will prevent these passwords from being cracked. Blizzard uses secure remote password (SRP) protocol, which provides strong security even for weak passwords. Passwords protected in this way would need to be deciphered individually, which is a difficult and expensive task for hackers to undertake.

Blizzard is confident that credit card information, billing addresses, real names or other data that could compromise users’ financial information has not been hacked.

Users are now warned to be on alert for phishing emails sent to addresses registered with Battle.net and the company reminds users that it would never send an email requesting their password information.

Though Blizzard is confident that breaking into individual accounts is unlikely, users are advised to change their passwords nonetheless. Players whose security questions were compromised will be prompted to change these through an automated process and a software update to the Battle.net Mobile Authentication iPhone app will be issued soon.

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.

editorial@siliconrepublic.com