Blizzard’s BattleNet Hacked – Change Your Password Now!
Posted 10 August 2012 by RushsterVery important security notice this. Change your passwords now.
Players and Friends,
Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.
At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.
Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.
We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.
In the coming days, we’ll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we’ll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.
We take the security of your personal information very seriously, and we are truly sorry that this has happened.
Sincerely,
Mike Morhaime
Thanks Lorderan
Fail!
Blizzard obviously knew something was wrong when they pulled the mobile authenticators, they just chose to release the information now + Mike was on well deserved holiday.
The BEST phishing attempts will NOT ask you for your password either. They will fake a Blizzard style security email, and prompt you to log in to a fake Blizzard site….
Blizzard should have kept mum on this and simply prompted a password change upon your next login into bnet.
Scammers win again!
You’re saying you’d rather be ignorant of the fact that your personal information was stolen?
As a publicly-listed company, Activision Blizzard must report those security intrusions that have a potential impact on their bottom line, including in most cases where customer data has been compromised.
Well, the days of everyone using Blizzard as the standard-bearer of online gaming security have just come to a crashing halt.
The days of defending Blizzard against being hacked and blaming everyone else for “clicking e-mail links” or “visiting naughty sites” or “using internet explorer” has been debunked.
Blizzard was hacked, NOT the people who play their games.
If their servers can be breached, considering all the money they make and the talented people they employ, then it’s quite clear that there is NO SUCH THING AS A SECURE SERVER.
PERIOD.
If only, guess you havent seen the latest drone posts, they still saying that its people’s fault for clicking shady sites and 99.5% its the fault of the people not the company. I think your expectations of this people following logic are far too naive.
I wasn’t going to post a comment but as I scrolled down the captcha was “moon cheese”
how could I resist?
Jay Wilson:
“We took the meaning of “astral hell”…and doubled it!”
Well I just doubled the length of my password
Oh gee, you mean my account got hacked and it wasn’t my fault? Good job blizzard. You’re a **** company. Enjoy runic games sodomizing you.
Im tempted to say “it’s not their fault.”
There’s too many assholes behind a computer who get their kicks out of another’s misery, and no secure mesure is 100% garanteed. But, how much of this would be true?
Same here, they really tried hard to make me believe it was my fault !
How exactly was this Blizzard’s fault?
Can you be any more of a fan boy?
Answer the question, oh wait sorry you can’t. You’re too busy blinded by ignorance to be objective here. I know well enough that D3 is a mess of a game but that doesn’t mean it’s Blizzard’s fault
Unless you’re the type of person that thinks a house burglary is the victim’s fault or something.
“I know well enough that D3 is a mess of a game but that doesn’t mean it’s Blizzard’s fault.”
It actually is
The hack may not be their fault, we do not know. They probably don’t know themselves yet.
You do realize that regardless of how tight your security is there’s always someone or a group of people who have more time on their hands than you have to focus on beefing up your security. This is the same thing I said when the PSN got hacked. No it’s not okay to have minimal security and just be like “Well we got hacked again sorry!” but no amount of prep can ever keep you 100% safe. Even if the security was being built, monitored and improved by an AI or some form of automated system. Someone will then build a better AI just to spite you and break your security.
Moral of the story, stop being a flaming troll and think about stuff before you say it.
Not if you pay experts to audit your system. On the other hand, you wouldn’t expect that from a company that didn’t even pay QA to do their job.
How? How about by canceling people’s authenticator orders, for no reason, one full month after the email telling us that they had been successfully shipped. That would be a great start. All subsequent ****-ups are just icing on the cake.
How? They didn’t take the required steps to secure their services. One would expect that such services would be protected properly. Would you expect bank services to be protected? Then with RMAH why wouldn’t you expect BNet to be secured?
The world is a safer place!
Guess Blizzard needs to…
*puts on glasses*
get an authenticator.
In all seriously, the **** just keeps piling on.
*hat’s off*
I would “recommend” this twice if I could.
Only twice, wtf? I just terminated my account because I was too lazy to do it when they dumped D3 on us. This got me back into action. ****ing loser company.
Hmm weird…
I was playing some D2 single player today and no hacks or anything…
WTF?
Ahhh yes back in the golden age. I really didn’t know how good I had it. Unlimited replay value. Stable servers. No problems logging in. No authenticator needed. Never got my account hacked or even trade scammed. Got to PVP and PK nooblings whenever I wanted. Didn’t have to give them my credit card info, real name, etc. How times have changed.
In all fairness, I have been playing D2 the last two weeks (ladder character) and the servers are extremely ****ty. There are horrible lag spikes every time I handle my inventory, open windows with npcs, etc. Wish they would enable the ladder only runewords in single player as well.
There is a mod for that
It’s as if Blizzard used up their quota of good fortune – at some point someone made a deal with the devil and now it’s time to cough up :/
Uncle Bobby will get right on that.
Seem like a convenient excuse to delay PVP until the end of the year… /sigh
Uncle Bobby is … well, if you don’t know by now, you’re not a fan of the show
I like it how Mike actually used the word “sorry” and not some horse sh!t “apologies” line… Still, Blizzard is full of penguin marketeers sucking high salaries and influencing bad decisions… What next, white rings and ITH blades?
yeah, good commenting.
Really stick the boot in.