No matter how big they are or how well-protected they think they may be, in today’s age nobody is completely safe from cyber attacks. Present a tantalizing enough prize for whoever can manage to get in and sooner or later somebody WILL find a way to do it. First it was Sony, then Valve, and now it’s Blizzard.
Detailed today in an announcement by Blizzard President Mike Morhaime, it was revealed that the company had recently suffered what appears to be the biggest infiltration they’ve ever suffered, compromising data from Battle.net users around the world (with the exception of China). The biggest victims are players from the Americas, Australia, New Zealand and South East Asia, who have had the following data accessed:
- Email addresses
- Answers to secret security questions
- Cryptographically scrambled versions of passwords (not actual passwords)
- Information associated with the Mobile Authenticator
- Information associated with the Dial-in Authenticator
- Information associated with Phone Lock, a security system associated with Taiwan accounts only
Financial information appears to be intact at this time, and leaked passwords were hashed, making it unlikely that they will be cracked, though Blizzard still highly recommends a password change. Data tied to North American Mobile Authenticators was taken that could potentially compromise the system, though an update will be rolling out in the next few days to re-secure it. A mandatory change of secret questions and answers is also planned.
While not exactly unexpected, Blizzard getting hit is a pretty big deal. With the audience of Blizzard’s games as massive as it is, this incident certainly ranks among the largest intrusions of this type in awhile, and will no doubt result in new security measures being taken for their games in the future. Morhaime’s full statement can be read here, and a detailed FAQ of the action Battle.net users should take can be found on the official page.
hooray, now i will get even more spam about account compromises for games i have never played
and more wowtits
So do these companies have any defenses at all?
sort of, the way that the passwords are encrypted, they would have to be cracked individually to be accessed. And they just need to upload a security update to lock the guy out.
But look, everything is hackable, crackable and very much at risk…and everything gets hacked and cracked at some point. It’s part of the security and piracy evolution, so they will improve their security, and in time people will hack it again.
You’re vulnerable to some degree as long as you’re connected to the internet. Even if your defenses are airtight, hackers could employ social engineering and stuff like that to get in.
Agreed. Think of it from a medical stand point. Just because you’ve had a cold before, and your body has built up an immunity or defense against such a virus, it’s still possible to catch it again. With each new defense in our bodies there’s a new strand of the common cold that evolves. I believe this thinking can be applied to internet security as well.
As long as you’re exposed to the environment (the internet/outside) there is always a chance, despite your health/security.