Battle.net hacked, Blizzard warn users to change passwords
A post on the Blizzard website this morning says that some users may want to change their passwords after a security breach.
Mike Morhaime, president of Blizzard, wrote:
"Players and Friends,
Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard."
This "unauthorized access" was shut off and Blizzard have contacted both law enforcement and security experts regarding the issue.
"we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised"
"Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed."
So luckily, if you're a Blizzard customer, it seems your financial information is safe. Regarding the information that has been accessed, Blizzard say that "this information alone is NOT enough for anyone to gain access to Battle.net accounts"
"We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password."
For your own security, you'll want to change any any passwords that are the same anywhere else online.
Morhaime signs off by telling users if they have any questions they should head here, and saying:
"We take the security of your personal information very seriously, and we are truly sorry that this has happened."