Blizzard Entertainment’s internal network, Battle.Net, recently suffered a security breach conducted by hackers. Mike Morhaime, President and CEO of Blizzard, outlined the scope of the attack in a recent address to players:
Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.
We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password.
However, Morhaime stressed that they do not yet believe that financial information has been stolen by the hackers.
At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.
As part of an attempt to counteract the security breach, Blizzard plans on prompting players to change their passwords and secret questions. Because information associated with Blizzard’s mobile authentication was also accessed, Battle.Net users who use this service will be prompted also to update their authenticator software.
Blizzard warns players to be careful of fraudulent e-mails in the coming days as the hackers might try and phish information from these users.
Analysis: In a conference call recently, Mike Morhaime called this past quarter “Blizzard’s best quarter ever” and stated that “[A]bout 16.9 million players logged in to Battle.net during the past month to play Diablo III, StarCraft II, or World of Warcraft.”
In other words, Battle.Net is growing at ridiculous rates. New players are coming in by the droves, and old users are staying in to keep buying Blizzard products. That means two things: first, Battle.Net is now a huge target for potential hackers; and second, any Blizzard network security tech now has a very large infrastructure to keep safe. It’s not surprising, then, that a hack occurred.
That doesn’t take Blizzard off the hook for losing player information to hackers, but it does highlight an important point about doing business online: these kinds of things do happen from time to time and not even massive companies like Activision Blizzard are immune to it. That said, if you are a North American user of Battle.Net, it’s important that you change your password and secret question for safety reasons, even if it might be unlikely that your password has been compromised. Also, it would be a good idea for you to remain vigilant for phishing e-mails whenever you use the affected e-mail address.
At the end of the day, it seems unlikely that anything too serious was leaked out, assuming Blizzard’s correct about everyone’s financial information being safe. However, it’s always an unnerving reminder of the sometimes dangerous face of Internet business when companies this big end up getting hacked.