Sections

Battle.net hacked, Blizzard advises password change

Friday, 10th August 2012 00:29 GMT By Brenna Hillier

Battle.net account information has been compromised, with Blizzard urging all members to take steps to secure their information.

According to a notice we’ve received from Blizzard, there has been “unauthorized access to some Battle.net account information”.

All regions outside of China were affected, and the hackers obtained a list of email addresses associated with Battle.net accounts.

The publisher said that “additional information” from North American servers was accessed, including “cryptographically scrambled versions of passwords (not actual passwords), the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators”.

“It’s important to note that at this time, Blizzard does not believe this information alone is enough to gain access to Battle.net accounts,” the publisher said.

“Based on Blizzard’s investigation to this point, credit card and other customer payment data does NOT appear to have been accessed or affected. As a precaution, however, Blizzard encourages players to change their Battle.net password and any similar passwords used for other purposes.”

Blizzard has plugged the security breach and is investigating the hack alongside law enforcement.

According to a public-facing update from Mike Morhaime, the breach occurred this weekend.

Although Morhaime reiterated that Blizzard doesn’t believe the hack will enable unauthorised access of individual accounts, all players on NA servers will be automatically prompted to change their passwords and authentication details over the coming week.

Battle.net is Blizzard’s umbrella player information and matchmaking system, and includes Diablo III, StarCraft II and World of Warcraft.

Latest

21 Comments

  1. DSB

    I guess that’s rock bottom then.

    Sounds like they have absolutely no idea what they got or what they can do with it, judging from that vaguely worded nonsense, which is really just copy-pasted from the last guys who let that happen.

    What a disappointment.

    #1 2 years ago
  2. viralshag

    Pretty shady, especially with accounts linked to the real AH.

    #2 2 years ago
  3. freedoms_stain

    Great, I can expect a full spam filter again.

    #3 2 years ago
  4. vormison

    Ah, I remember when I was first hacked on Diablo III and everyone blamed the users. I guess Blizzard’s employees are viewing far too much porn and downloading far too many torrents. The truth will always haunt!

    #4 2 years ago
  5. DSB

    @4 Quite a big difference between trying to make the case that an individual spent a lot of time and effort purely to get at your personal account, and someone actually making the effort to bust the system to get at hundreds of thousands.

    #5 2 years ago
  6. Talkar

    @1
    You do realize there are thousands of sites being hacked each and every day? Your bank has probably been hacked more than once, but it would be bad business to publish it. You can’t really say that Blizz has done a bad job until you know exactly how it was hacked. Was it a simple SQL injection? If it was then yeah it was a pretty bad job they did, but there are almost limitless ways to get unauthorized access to any site.

    #6 2 years ago
  7. roadkill

    Well they practically begged for it. And I expect that this will happen again. Someone needs to teach these pricks that customers and toilet paper are two very different things.

    #7 2 years ago
  8. Deacon

    My accounts been hacked a total of three times since I started playing D3. I’m getting pretty fucking bored of it to be honest. I haven’t even played it for a month yet I got hacked again beginning of this week.
    I’m the first to say ‘companies get hacked every day’, but this is getting kind of silly now.

    #8 2 years ago
  9. Talkar

    ^Does your password contain special characters? Numbers? Upper and lowercase letters? Do you have an authenticator? An example of a password i previously used was: pC#vl6!%8f%#. That is hardly one of the best passwords one can have, hence why i don’t use something like that anymore, but you get the idea ;)

    #9 2 years ago
  10. Deacon

    It’s a mix of upper, lower, and numbers. Pretty far from obvious, but not quite as insanely random as the one you mention… (I like to be able to rattle a password off relatively quickly). I don’t see it as a lack of vigilance on my part, I just see it as a WTF Blizz?

    I haven’t had any items or characters altered or deleted etc, just random level 1 characters appearing and a constant barrage of emails from Blizz saying I’m spamming the same text repeatedly. Pretty annoying.

    Maybe it’s all orchestrated in the hope I buy an authenticator :p

    #10 2 years ago
  11. Talkar

    Well, if you don’t have an authenticator your password is pretty easy to crack if you only use letters and numbers, so i would definately suggest getting an authenticator if you really want a password you can remember ;) You can get it for your phone now i think, not sure though.

    #11 2 years ago
  12. viralshag

    @11, If you have a droid/iPhone you can get an authenticator for it. I have a mobile one for Rift, Blizz and TOR.

    #12 2 years ago
  13. Deacon

    nah fuck that. If Blizz can’t prevent my account from being hacked every week then I’m out.

    Suggesting it’s part & parcel is not a valid excuse in my opinion. Not at all.

    I never had this with WoW back in the day (same password for years!), and I’ve never had my PSN or other online accounts hacked with such regularity.

    I’m done with D3 anyway, so the haxxors can have my spoils for all I care.

    #13 2 years ago
  14. Kabby

    FYI Case differences don’t matter because Blizzards system doesn’t distinguish between them. It has been this way since the original battle.net

    #14 2 years ago
  15. DSB

    @6 I think I’m just gonna start calling you Lord Paranoia from now on.

    Actually a close family member of mine is in charge of my banks security, and he does tell us quite a few things about what’s going on. You’d be amazed at how little it takes to bring down the Danish debit card system. Interns…

    You can’t hide something like a breach, and you wouldn’t be doing yourself any favors by trying. The security departments for these banks are far too big, and often decentralized around the country, including consultants and people who have absolutely no loyalty to the business itself.

    Failing to disclose a breach could mean the death of the entire business, and would bring down a hundred different anti-trust lawsuits on behalf of investors, and the government.

    If you disclose, you lose a few percent on your stock due to a random criminal, which will bounce back soon enough. If you fail to disclose, you become the criminal, and you’re risking your entire business.

    Not that I don’t believe that high business likes to shoot themselves in the foot, but nobody’s that stupid.

    I’m yet to lose an account anywhere, so if there are all of these terribly secret security breaches hidden by equally terrible cover-ups, that info has to be going to some very lazy criminals :)

    #15 2 years ago
  16. Talkar

    ^I know i’m paranoid, and i like to think that contributes to the fact that i’ve never been hacked ^^

    #16 2 years ago
  17. OlderGamer

    I know it goes against the idea of in game comunity econmey. And against the idea of making blizz real money off of the back of the AH item trade. So this will never happen. But; I have long thought that everything in game(wow, Diablo, other games) should be 100% bind to account.

    You play, you find, you keep.

    In truth so long as there are comodities of value in a video game world, there will be people trying to steal them. And the risks to the consumer are even greater when said games all have links to personal financial information.

    Somtimes I feel like grabing my SNES and other preonline systems and gaming under a rock.

    Prolly what I could use is a bogus or secondary bank account used only for online transactions and account linking. Keep a 300usd-500usd amount of cash in it, and if it gets hit it gets hit, but I am not out thousands of usd and this months mortgage payment.

    #17 2 years ago
  18. DSB

    @16 It’s easy to see why, and you should be careful with your accounts, but to simply assume that breaches are occurring constantly, without any indication that it actually does happen, just strikes me as an unneccessary headache.

    #18 2 years ago
  19. Talkar

    ^I assume it does because it isn’t exactly hard to find information on how to do it. Heck, you can even get courses in it. Anyways, i seem to remember back with the whole PSN hacking that happened earlier some expert said something about only 10% or something of breaches are published. I can’t find that source right now, so don’t quote me on it :P

    #19 2 years ago
  20. DSB

    @19 Well, if I was running an internet security firm, I’d certainly make sure people knew why they were paying me as well.

    I’d suppose that you could probably make the argument that only 10% are reported, but I think it would mostly be down to how you define a breach. There’s a lot of different things you can get out of an attack, from merely knowledge of infrastructure (which would qualify as a breach of information) to actual sensitive information from a userbase.

    I mean, it’s also easy enough to claim that you keep in regular contact with God or space aliens, because no one can prove that you aren’t.

    You can’t prove a negative.

    #20 2 years ago
  21. Talkar

    @20
    I know this is now quite old, just wanted to say i recently read an article about the subject how much hacking actually occurs. Berlingske wrote an article on the subject. Now if that is Denmark, then how do you think it compares to the rest of the world? :P (sorry guys, it is in danish)
    http://www.b.dk/nationalt/it-indbrud-holdes-skjult-for-dig

    #21 2 years ago

Comments are now closed on this article.