View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 10, 2012

Games studio Blizzard confirms hack attack

Usernames and encrypted passwords stolen but sensible security should limit damage

By Steve Evans

Games studio Blizzard has confirmed a security breach that has exposed user passwords and other private information. Blizzard is the company behind World of Warcraft and Diablo III.

In a post on the company’s blog it was confirmed that its Battle.net system was accessed illegally. Battle.net is the company’s online multiplayer service.

Email addresses for Battle.net users outside China were taken and users connected to its North American servers had the answer to their personal security question stolen.

The North American infrastructure serves players in that region as well as Latin America, Australia, New Zealand, and Southeast Asia.

Encrypted passwords for players on the North American servers were also taken. Finally, information relating to Mobile and Dial-In Authenticators were also accessed, Blizzard said.

Mike Morhaime, the company’s co-founder, said no financial information such as credit card details were taken and they believe the information that was accessed is not enough to enable a hacker to gain access to someone’s account.

Morhaime added that Blizzard uses Secure Remote Password protocol (SRP), which making it difficult to extract the actual password from what encrypted passwords that were taken.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

However Blizzard is still recommending that users of its North American servers change their passwords, as well as their details on any other services where they may use the same information.

Morhaime also warned users to be on the lookout for phishing emails. "In the coming days, we’ll be prompting players on North American servers to change their secret questions and answers through an automated process."

"Additionally, we’ll prompt mobile authenticator users to update their authenticator software," he said. "As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you."

"We take the security of your personal information very seriously, and we are truly sorry that this has happened," the statement added.

The company has produced an in-depth Q&A providing more information to affected customers here.

There have been a number of high-profile hacks of successful online services recently.

Business social network LinkedIn was attacked in June this year, and 6.5 million passwords posted online. The company is currently facing a lawsuit over the incident, with users claiming that the company should have done more to protect its members. Not long after that online dating site eHarmony and music site Last.fm admitted breaches.

More recently online storage company Dropbox admitted that user email addresses had been compromised after a hacker broke in a stole and internal document. What’s interesting about this incident is that the hacker gained access to a Dropbox employee’s account because they had used the same password on another online service, which had been compromised.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU