Data Breach Hits Battle.net, Exposes Players
Online gaming service battle.net has fallen victim to unauthorized access and the leak of sensitive user information. Even though credit card data is thought to be safe, a list of email addresses for global Battle.net users, as well as the answer to the personal security question, hashed passwords and information relating to Mobile and Dial-In Authenticators have fallen into the wrong hands, according to the official Blizzard website, which revealed the breach.
“This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened,” Blizzard president Mike Morhaime wrote.
Battle.net, home to the world’s most popular games such as World of Warcraft, Starcraft and Diablo, aggregates millions of players around the world. Although the company did not reveal the number of affected accounts, the official announcement states that all players on North American servers (the rally point for North America, Latin America, Australia, New Zealand, and Southeast Asia) have been affected.
Luckily for the players, even though their e-mail addresses and private security questions have been exposed, the battle.net authentication system uses Secure Remote Password protocol (SRP) for password protection, which practically dismisses the probability of brute-forcing.
“As a precaution, however, we recommend that players on North American servers change their password. […] Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well,” concluded Morhaime.