Blizzard's Battle.net Hacked; Company Recommends All Users Change Their Passwords

[MacRumors]

Blizzard Entertainment, the company behind Warcraft, Starcraft and Diablo, today informed customers that their internal security network had been breached.

The company doesn't believe that financial information has been compromised but other data including email addresses for all non-China players and scrambled passwords were taken. The company believes it will be extraordinarily difficult for hackers to break into actual accounts, but is recommending that all users change their passwords.

Blizzard does offer the Battle.net Mobile Authenticator [App Store], an iPhone app that dynamically generates a new six-digit code every minute. Users can't log into any Battle.net account -- either through a game or on a website -- without the code. It virtually eliminates unauthorized access to the Battle.net account and it is recommended for all Battle.net accountholders.

Here is the letter from Blizzard CEO Mike Morhaime:

Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,
Mike Morhaime

Article Link: Blizzard's Battle.net Hacked; Company Recommends All Users Change Their Passwords

 

[Jayse]

One word: LOL

 

[henrikrox]

Like i never thought about this.

But its actually scary to leave electronic footprints with all the hacking going on these days.

Sony, blizzard, and many many others.

I want to a delete all button on the internett for my info

 

[Unggoy Murderer]

Ouch, that's pretty bad news for a lot of people. I'm really happy I chose Computer Security and Forensics as my degree, hopefully I'll be able contribute ways to prevent this sort of thing in the future, really can't wait =D

 

[Sedulous]

I haven't anything worth stealing. My loot is crap.

 

[Schranke]

Wow that took hacker long enough...

but that aside its a damm shame

for all people involved in this i hope they dont get away whit more then what was mentioned in the letter.

hope we will get alot more info since this will be an interesting case.

wonder what the forums are going to sound like?
the *****torm about hacking in D3 will go to new highs

 

[50548]

And why do we always have to be "online" even when not doing anything multiplayer-related? Why doesn't Blizzard (or others such as Steam) explain that to us?

Ah, the good ol' days of true offline independence...

 

[henrikrox]

Ouch, that's pretty bad news for a lot of people. I'm really happy I chose Computer Security and Forensics as my degree, hopefully I'll be able contribute ways to prevent this sort of thing in the future, really can't wait =D

Not really, its just they dont want to use money on security. Before its to late. For example facebook security system is x100 times more secure then lets say sony's was

----------

And why do we always have to be "online" even when not doing anything multiplayer-related? Why doesn't Blizzard (or others such as Steam) explain that to us?

Ah, the good ol' days of true offline independence...

Not again with the old D3 online talk again, its been a whole summer full of it. If you dont like/want dont buy, simple as that.

 

[SVT Amateur]

And I'm glad I just spent several hours worth of work changing all my passwords for known internet accounts to something unique - including Blizzard.net (even though I don't play WoW anymore).

 

[mactmaster]

I wonder if this explains why I started to receive 5x the amount of spam recently. They got all the email addresses....

 

[prezasti]

I have a Blizzard Authenticator/PassKey, so I think I should be safe, but I may have to change my main password anyway. This sucks!!!

 

[Sedulous]

I wonder why everyone except China was affected. Does China have it's own server?

 

[darkplanets]

I wonder why everyone except China was affected. Does China have it's own server?

Probably yes. The government wants to see what goes on there... in every aspect. Plus it's a very large market. There's probably a two-fold reason for not hacking China; 1) the hacker probably originates from China, 2) if the China data is on a China server, that would predicate government action if breached -- if 1) is true, then only a fool would hack their own regional server, especially if a government like China gets involved.

 

[gnurf]

China has its own servers and a slightly different client. Lots of weird things had to be changed with some models.

 

[Icy1007]

Password Changed...just in case.

 

[VPrime]

And why do we always have to be "online" even when not doing anything multiplayer-related? Why doesn't Blizzard (or others such as Steam) explain that to us?

Ah, the good ol' days of true offline independence...

You don;t have to be online with steam, it has an offline mode which lets you play games... just not online.

 

[Sensa]

what the letter from blizzard doesn't say, but they have admitted elsewhere, is that the breach occurred on August 4th and they didn't notify their customers until today, Aug 9th, a full 5 days later.

that's pathetic

 

[iSayuSay]

Eat that, blizzard for not letting us play single Diablo III offline. What the heck with privacy these days?

If people want to cheat and exploit single player session, so be it. They shelled out $60 just for the purpose, remember? So, aren't they supposed to like ... own the game?

 

[macuser1232]

[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


Image

Blizzard Entertainment, the company behind Warcraft, Starcraft and Diablo, today informed customers that their internal security network had been breached.

The company doesn't believe that financial information has been compromised but other data including email addresses for all non-China players and scrambled passwords were taken. The company believes it will be extraordinarily difficult for hackers to break into actual accounts, but is recommending that all users change their passwords.

Blizzard does offer the Battle.net Mobile Authenticator [App Store], an iPhone app that dynamically generates a new six-digit code every minute. Users can't log into any Battle.net account -- either through a game or on a website -- without the code. It virtually eliminates unauthorized access to the Battle.net account and it is recommended for all Battle.net accountholders.

Here is the letter from Blizzard CEO Mike Morhaime:


Article Link: Blizzard's Battle.net Hacked; Company Recommends All Users Change Their Passwords

Hey everyone buy stock in Activision!! You are guaranteed at least a 50% increase! They are the best! I don't know what's up with this stupid hacking though.

 

[Iconoclysm]

One word: LOL

Not really a word or it's three but regardless, why is it funny?

----------

Eat that, blizzard for not letting us play single Diablo III offline. What the heck with privacy these days?

If people want to cheat and exploit single player session, so be it. They shelled out $60 just for the purpose, remember? So, aren't they supposed to like ... own the game?

You do not own any software that you purchase, especially not games.

But it's the customers that have to "eat that" not Blizzard.

----------

Hey everyone buy stock in Activision!! You are guaranteed at least a 50% increase! They are the best! I don't know what's up with this stupid hacking though.

You're kidding right? I've owned ATVI stock for a few years now and it virtually never changes.

 

[soloer]

Eat that, blizzard for not letting us play single Diablo III offline.

Sure it's a media black eye for Blizzard... but I doubt Blizzard is eating anything, it's the customers that are inconvenienced, especially the ones that use the same password everywhere.

 

[Peace]

Warning to blizzard people.

I have not received any notification from blizzard.

Password changed.

 

[GoreVidal]

Is nothing sacred!?

 

[golf1410]

I changed password.

 

[Gemütlichkeit]

I'm waiting for the people to chime in here saying "this is why I never play video games online!"