No matter how big they are or how well-protected they think they may be, in today’s age nobody is completely safe from cyber attacks. Present a tantalizing enough prize for whoever can manage to get in and sooner or later somebody WILL find a way to do it. First it was Sony, then Valve, and now it’s Blizzard.
Detailed today in an announcement by Blizzard President Mike Morhaime, it was revealed that the company had recently suffered what appears to be the biggest infiltration they’ve ever suffered, compromising data from Battle.net users around the world (with the exception of China). The biggest victims are players from the Americas, Australia, New Zealand and South East Asia, who have had the following data accessed:
- Email addresses
- Answers to secret security questions
- Cryptographically scrambled versions of passwords (not actual passwords)
- Information associated with the Mobile Authenticator
- Information associated with the Dial-in Authenticator
- Information associated with Phone Lock, a security system associated with Taiwan accounts only
Financial information appears to be intact at this time, and leaked passwords were hashed, making it unlikely that they will be cracked, though Blizzard still highly recommends a password change. Data tied to North American Mobile Authenticators was taken that could potentially compromise the system, though an update will be rolling out in the next few days to re-secure it. A mandatory change of secret questions and answers is also planned.
While not exactly unexpected, Blizzard getting hit is a pretty big deal. With the audience of Blizzard’s games as massive as it is, this incident certainly ranks among the largest intrusions of this type in awhile, and will no doubt result in new security measures being taken for their games in the future. Morhaime’s full statement can be read here, and a detailed FAQ of the action Battle.net users should take can be found on the official page.