Battle.net Hacked, Says Blizzard
It’s come to light that this week Blizzard’s online portal for game content and forums, Battle.net, has been compromised by hackers, says a post from the company’s president, Mike Morhaime. According to the post, Blizzard’s security team “found an unauthorized and illegal access into our internal network.”
“We take the security of your personal information very seriously, and we are truly sorry that this has happened,” he writes.
While Morhaime says no financial data like billing addresses or credit cards have been accessed by the hackers, they did manage to get their hands on “a list of email addresses for global Battle.net users, outside of China,” and “the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators” for players on North American servers.
Morhaime says in the post that this isn’t enough to gain access to Battle.net accounts, but he also adds that “cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken.” He’s confident that won’t be enough to crack users’ accounts:
“We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually.”
Even still, Morhaime’s post urges users on North American servers to change their passwords anyway—just in case.