Blizzard Entertainment’s security team has discovered unauthorised and illegal access into its gaming network, Battle.net, home of World of Warcraft, Diablo, Warcraft, Starcraft – and millions of online gamers.
Blizzard immediately took steps to shut down the unauthorised access and launched an investigation into the matter, with the assistance of law enforcement and security experts.
“Even when you are in the business of fun, not every week ends up being fun,” wrote Blizzard CEO Michael Morhaime. “We take the security of your personal information very seriously, and we are truly sorry that this has happened.”
Morhaime confirmed that email addresses for players outside China and answers to security questions for players from North America, South America, Australia, New Zealand and Southeast Asia were compromised. Hashed phone numbers from a small number of users who use dial-in authentication were also taken, as well as data that could compromise the integrity of Battle.net’s mobile authentication service.
Finally, the hackers also made off with cryptographically scrambled passwords for players, but Blizzard assures that the measures it has in place will prevent these passwords from being cracked. Blizzard uses secure remote password (SRP) protocol, which provides strong security even for weak passwords. Passwords protected in this way would need to be deciphered individually, which is a difficult and expensive task for hackers to undertake.
Blizzard is confident that credit card information, billing addresses, real names or other data that could compromise users’ financial information has not been hacked.
Users are now warned to be on alert for phishing emails sent to addresses registered with Battle.net and the company reminds users that it would never send an email requesting their password information.
Though Blizzard is confident that breaking into individual accounts is unlikely, users are advised to change their passwords nonetheless. Players whose security questions were compromised will be prompted to change these through an automated process and a software update to the Battle.net Mobile Authentication iPhone app will be issued soon.