Blizzard's Battle.net Hacked; Company Recommends All Users Change Their Passwords

MacRumors

macrumors bot
Original poster
Apr 12, 2001
46,790
8,960





Blizzard Entertainment, the company behind Warcraft, Starcraft and Diablo, today informed customers that their internal security network had been breached.

The company doesn't believe that financial information has been compromised but other data including email addresses for all non-China players and scrambled passwords were taken. The company believes it will be extraordinarily difficult for hackers to break into actual accounts, but is recommending that all users change their passwords.

Blizzard does offer the Battle.net Mobile Authenticator [App Store], an iPhone app that dynamically generates a new six-digit code every minute. Users can't log into any Battle.net account -- either through a game or on a website -- without the code. It virtually eliminates unauthorized access to the Battle.net account and it is recommended for all Battle.net accountholders.

Here is the letter from Blizzard CEO Mike Morhaime:
Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,
Mike Morhaime
Article Link: Blizzard's Battle.net Hacked; Company Recommends All Users Change Their Passwords
 

henrikrox

macrumors 65816
Feb 3, 2010
1,218
2
Like i never thought about this.

But its actually scary to leave electronic footprints with all the hacking going on these days.

Sony, blizzard, and many many others.

I want to a delete all button on the internett for my info
 

Unggoy Murderer

macrumors 6502
Jan 28, 2011
360
98
Edinburgh, Scotland
Ouch, that's pretty bad news for a lot of people. I'm really happy I chose Computer Security and Forensics as my degree, hopefully I'll be able contribute ways to prevent this sort of thing in the future, really can't wait =D
 

Schranke

macrumors 6502a
Apr 3, 2010
857
825
Copenhagen, Denmark
Wow that took hacker long enough...

but that aside its a damm shame

for all people involved in this i hope they dont get away whit more then what was mentioned in the letter.

hope we will get alot more info since this will be an interesting case.

wonder what the forums are going to sound like?
the *****torm about hacking in D3 will go to new highs
 

50548

Guest
Apr 17, 2005
5,039
2
Currently in Switzerland
And why do we always have to be "online" even when not doing anything multiplayer-related? Why doesn't Blizzard (or others such as Steam) explain that to us?

Ah, the good ol' days of true offline independence...
 

henrikrox

macrumors 65816
Feb 3, 2010
1,218
2
Ouch, that's pretty bad news for a lot of people. I'm really happy I chose Computer Security and Forensics as my degree, hopefully I'll be able contribute ways to prevent this sort of thing in the future, really can't wait =D
Not really, its just they dont want to use money on security. Before its to late. For example facebook security system is x100 times more secure then lets say sony's was

----------

And why do we always have to be "online" even when not doing anything multiplayer-related? Why doesn't Blizzard (or others such as Steam) explain that to us?

Ah, the good ol' days of true offline independence...
Not again with the old D3 online talk again, its been a whole summer full of it. If you dont like/want dont buy, simple as that.
 

SVT Amateur

macrumors 6502
Dec 22, 2006
421
1
Tyler, Texas
And I'm glad I just spent several hours worth of work changing all my passwords for known internet accounts to something unique - including Blizzard.net (even though I don't play WoW anymore).
 

mactmaster

macrumors 6502
Jun 16, 2010
390
0
I wonder if this explains why I started to receive 5x the amount of spam recently. They got all the email addresses....
 

prezasti

macrumors 6502
Jul 9, 2010
390
43
I have a Blizzard Authenticator/PassKey, so I think I should be safe, but I may have to change my main password anyway. This sucks!!! :mad:
 

Sedulous

macrumors 68020
Dec 10, 2002
2,374
1,650
I wonder why everyone except China was affected. Does China have it's own server?
 

darkplanets

macrumors 6502a
Nov 6, 2009
853
0
I wonder why everyone except China was affected. Does China have it's own server?
Probably yes. The government wants to see what goes on there... in every aspect. Plus it's a very large market. There's probably a two-fold reason for not hacking China; 1) the hacker probably originates from China, 2) if the China data is on a China server, that would predicate government action if breached -- if 1) is true, then only a fool would hack their own regional server, especially if a government like China gets involved.
 

gnurf

macrumors member
Apr 25, 2011
84
4
China has its own servers and a slightly different client. Lots of weird things had to be changed with some models.
 

VPrime

macrumors 68000
Dec 19, 2008
1,721
82
London Ontario
And why do we always have to be "online" even when not doing anything multiplayer-related? Why doesn't Blizzard (or others such as Steam) explain that to us?

Ah, the good ol' days of true offline independence...
You don;t have to be online with steam, it has an offline mode which lets you play games... just not online. :)
 

Sensa

macrumors newbie
Jul 23, 2012
25
0
what the letter from blizzard doesn't say, but they have admitted elsewhere, is that the breach occurred on August 4th and they didn't notify their customers until today, Aug 9th, a full 5 days later.

that's pathetic
 

iSayuSay

macrumors 68040
Feb 6, 2011
3,233
350
Eat that, blizzard for not letting us play single Diablo III offline. What the heck with privacy these days?

If people want to cheat and exploit single player session, so be it. They shelled out $60 just for the purpose, remember? So, aren't they supposed to like ... own the game? :rolleyes:
 

macuser1232

macrumors 6502a
Jan 20, 2012
666
3
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


Image

Blizzard Entertainment, the company behind Warcraft, Starcraft and Diablo, today informed customers that their internal security network had been breached.

The company doesn't believe that financial information has been compromised but other data including email addresses for all non-China players and scrambled passwords were taken. The company believes it will be extraordinarily difficult for hackers to break into actual accounts, but is recommending that all users change their passwords.

Blizzard does offer the Battle.net Mobile Authenticator [App Store], an iPhone app that dynamically generates a new six-digit code every minute. Users can't log into any Battle.net account -- either through a game or on a website -- without the code. It virtually eliminates unauthorized access to the Battle.net account and it is recommended for all Battle.net accountholders.

Here is the letter from Blizzard CEO Mike Morhaime:


Article Link: Blizzard's Battle.net Hacked; Company Recommends All Users Change Their Passwords
Hey everyone buy stock in Activision!! You are guaranteed at least a 50% increase! They are the best! I don't know what's up with this stupid hacking though.
 

Iconoclysm

macrumors 68020
May 13, 2010
2,357
1,600
Washington, DC
One word: LOL
Not really a word or it's three but regardless, why is it funny?

----------

Eat that, blizzard for not letting us play single Diablo III offline. What the heck with privacy these days?

If people want to cheat and exploit single player session, so be it. They shelled out $60 just for the purpose, remember? So, aren't they supposed to like ... own the game? :rolleyes:
You do not own any software that you purchase, especially not games.

But it's the customers that have to "eat that" not Blizzard.

----------

Hey everyone buy stock in Activision!! You are guaranteed at least a 50% increase! They are the best! I don't know what's up with this stupid hacking though.
You're kidding right? I've owned ATVI stock for a few years now and it virtually never changes.
 

soloer

macrumors 6502a
Sep 27, 2004
804
68
Omaha
Eat that, blizzard for not letting us play single Diablo III offline.
Sure it's a media black eye for Blizzard... but I doubt Blizzard is eating anything, it's the customers that are inconvenienced, especially the ones that use the same password everywhere.
 

Gemütlichkeit

macrumors 65816
Nov 17, 2010
1,276
0
I'm waiting for the people to chime in here saying "this is why I never play video games online!"