Blizzard confirms Battle.net hacked

World of Warcraft and Diablo III maker says encrypted passwords, security question answers, email addresses from players on North American servers were compromised.

by

Battle.net's internal systems were illegally accessed on August 4 and account information including encrypted passwords and security question answers appear to have been taken. Blizzard said in a security update today that while no evidence so far suggests financial information like credit card numbers or home addresses were taken, affected users are encouraged to change their security credentials.

Stop reading this caption and change your password!

The intrusion is under investigation by law enforcement as well as Blizzard. Account information stored on Battle.net's North American servers (which generally hosts accounts from North America, Latin America, Australia, New Zealand, and Southeast Asia) was most significantly breached. Only email accounts were gleaned from all other regions besides China, which does not appear to have had any user information illegally accessed.

Blizzard said encrypted phone numbers from players who use Battle.net's dial-in authentication service may have been taken, and that information accessed in the attack could be used to compromise Battle.net's mobile authentication service. Blizzard plans to update its mobile authenticator software soon, and it believes security from physical authenticators should remain intact.

The information uncovered in the attack should not be enough to access accounts, Blizzard said, as each encrypted password would have to be cracked individually with great effort. Blizzard plans to prompt players on North American servers to change their security questions and answers in coming days, and encourages those who used the same password for multiple accounts to change them. It will also ask its customer service staff to use additional measures to verify player identity.

Blizzard said it refrained from reporting the attacks for five days while it attempted to strike a balance between rapid response and external communication. "Our first priority was to re-secure our network, and from there we worked simultaneously on the investigation and on informing our global player base."

Discussion

0 comments
uforic
uforic

Hmm I get a call from my bank telling me my credit card has been comprimised, someone had tried to charge $641 at Nordstrom's in San Diego which was declined, then the next day I get an email about my battle.net account being hacked.....WHAT??

Sounds like Blizzard might die after this one!

Atheno
Atheno

If it can bleed, it can die. Welcome back to the world of mortals Blizzard, how does it feel to be able to be touched? Rude awakening I bet.

jthotty
jthotty

Can't Wait til Torchlight II comes out.. That's the Original D1-II Team.  Graphics may be subpur, but they at least know what they are doing.

acer7x
acer7x

The online always DRM kept me away from this game. I'm so glad it did now

AlmityGuitarist
AlmityGuitarist

Glad I dropped D3 and got my money back. This company has a blinding superiority complex.

mpeg3s
mpeg3s

They are done. I'm glad I didn't buy D3.

P90E21
P90E21

I;m glad I have a physical athenticator. hard to see that when I have it on me.

Lothos_Delion
Lothos_Delion

THis is what happens when you have a Real Money AH in your system. Saw this one coming... not to mention password case- sensitive as mentioned earlier.

DarkSaber2k
DarkSaber2k

See this is what happens when you deliberately don't make your users passwords case-sensitive. Why do I get the impression their OWN server access passwords aren't case-sensitive either. Fucking idiots.

ziproy
ziproy

About time you hackers actually went after a company that deserved it

rann89
rann89

I think we've been telling Blizzard this for the last four years. Glad to see they caught up with the rest of us.

eric_neo3
eric_neo3

Didn't people tell Blizzard they were hacked and they banned those people and deleted their posts? while telling us to change our passwords which are now in the hands of who knows...

 

Best password in the world won't help you if Blizzard keeps the holes in their database wide open and their heads up their a**.

JMLert
JMLert

Hmm..  A barbarian charging into Ghom gave infinite charge status, and was missed by Blizzard devs and QA for who knows how long.  I think the real news here is how long it took for Battle.net to get hacked.

PremiumUnleaded
PremiumUnleaded

@higherflyerJ It seems like you should learn what the definition of 'snobby fanboy' actually entails before you next make yourself look like an utter mong.

DiscGuru101
DiscGuru101

I never thought I would regret buying D3 with my spare change jar to such a wild extent.

botroo3
botroo3

I have bought and got addicted by every game blizzard released since Starcraft 1 back in the 90s , and have spent like one grand on subscriptions and expansions for WoW, the only game i didn't buy is Diablo 3 mainly because of that freaking real money AH and always online for single player, even though my account got breached i am kinda happy they got hacked, hope they get sued and lose a lot of money, they got extremely greedy lately.

JimmeyBurrows
JimmeyBurrows

So if they have all these details of people who play their games... Why are they still wasting their time spamming my junk mail with phishing scams? I don't have any bloody battle.net account!!! lol

NoDzombie
NoDzombie

force us all to be online when we dont want to be, get us all hacked, thanks Blizzard

servb0ts
servb0ts

Both Hackers & Blizzard are to Blame. That's right I said it. Don't force people to play online only if you can't protect their information. Companies that comprimise their paying consumers gets no future services from me lol.

edant79
edant79

Ha! Gotta love the Auction House!

Yulaw2000
Yulaw2000

And yet Blizzard continue to try and force people to always be online on a game that could/can work perfectly offline/LAN?!

MW2ismygame
MW2ismygame

so they make me go through all the trouble and excess crap on that site to be able to play D3 (the most stuff ive had to do for a game in recent memory) for "security" reasons. . . . . . . . f*ck off, id sell my D3 if i could, only played through once, what a crock.

firehawk998
firehawk998

No matter how good your online service is, no matter how secure it is, it is only a matter of time before someone finds a way into your network and hack it. Blizzard really made of the worst decisions ever when they pretty much forced everyone to implement always online DRM in Diablo 3 SP. This was the main reason why I didnt buy Diablo 3 at all.

sword_stalker
sword_stalker

I just wanted to play Diablo III offline, solo. Instead, their super pro DRM not only prevents me from doing that, it also makes my online account hackable. Last blizzard game I'm buying.

-Jonce-
-Jonce-

And here lies one of the many problems with forced DRM. Thanks to piracy though we'll see more and more companies adopt the 'always online thing' which only serves to annoy and punish legitimate gamers.

redskinStu
redskinStu

Are they going to do something about the hundreds of emails I get every week stating, "Greetings Friend! This your friends at blizzard! You're trying to sell your WoW account! That's not allowed! Please go to our fraudulent website and allow us to downlaod tons of malicious software onto computer! Tanks!"

I wonder where they got my email address, couldn't have been GameFAQS or Gamespot...could it?

northArrow
northArrow

I must be getting old. I can still remember when Blizzard didn't suck at everything they did.

NicholasT33
NicholasT33

What a F*** mess, to play a sup-par game.

Serpentes420
Serpentes420

So Blizzard makes games with DRM forcing you to be logged  into their servers even if you want to play a game like Diablo 3 or Starcraft 2 singleplayer, which can (and has) leave you vulnerable to having personal infrmation stolen. I'm no lawyer, buit seems to me that this can be an opening for a class action lawsuit (another one rather) against DRM.  In any case I'm glad I learned to avoid Blizzard products after Starcraft 2.

8bitgen
8bitgen

i have physical authticator so i should be okay but still annoying. i was victim back when SOE was hacked last year and had to get credit card reissued. these bums need get off there bum and work like rest society. bet they look like jabba the hutt sitting there all day.

GuillermoX
GuillermoX

While I'm here I just want to remind everyone to never use Goozex.com

 

I have to spread the word, its a huge ripoff scheme that refuses to respond to the Better Business Bureau.

origamistyle
origamistyle

From the battle.net site:

 

"We understand that account security is critically important, and we are committed to helping maintain account security for our players. To that end, a feature that will allow players to securely change their secret question answer through Battle.net is in development now."

 

What? Changing the secret question and its answer wasn't a "feature" already? Such an obvious security option shouldn't only be considered after a major attack. I'm not at all convinced that Blizzard is committed to keeping its users' information secure.

rat5112
rat5112

Well based on Blizzard's security record I'm guessing the password for those internal systems was probably "password" or maybe "12345".

Emrikcah
Emrikcah

 @ziproy comments like this confuse me. How do they deserve it? For being the typical American company $$$$$$$$$$$$$?

P90E21
P90E21

 @eric_neo3 They will keep all the files with the sensitive info in the back ally of there HQ with a sign that says please dont steal. lol

eric_neo3
eric_neo3

 @JimmeyBurrows Password dictionaries. They're massive text files filled with words and phrases people use for their passwords.

JimmeyBurrows
JimmeyBurrows

 @Yulaw2000 And if millions of people didn't buy a game they knew was going to be online only, theyd probably change it...

petran78
petran78

 @-Jonce- I really prefer the old anti-copy methods of secret manual codes to this.

egger7577
egger7577

How does DRM have anything to do with personal account hackers? This information was obtained through battlenets website most likely. Face it, a majority of Blizzard players actually want to play online and do; WOW is online only because that's how the game works. This kind of makes your argument irrelevant.

sword_stalker
sword_stalker

 @8bitgen The authenticators system was also stolen; physical or not, you should change pass.

Yulaw2000
Yulaw2000

@JimmeyBurrows Yeah, but I have a feeling that quite a few people didn't know that it was Online Only until they installed it.

Henrique2324
Henrique2324

 @petran78 Yeah, but those are old for a reason. They don't work. Still better than this always-online crap though.

-Jonce-
-Jonce-

 @egger7577 My point was this will happen more and more in the future because more video game companies will wish to combat piracy with DRM and force gamers to be online whilst playing.