Passwords Stolen in Data Search is Confirmed by Blizzard

Account details of million players are said to be stolen in a recent hack on Blizzard. On Aug 4, 2012, the internal system of Battle.net was illegally accessed and information about players was stolen. The news was confirmed by Mike Morhaime, co-founder of Blizzard, who posted on behalf of the company on their website. Encrypted passwords and some personal documents, and key answers were the highest among the stolen incident, along with player’s email-addresses.

The company uses ‘Battle.net’ for endorsing users, processing payments, and other purposes. One of the North American servers, Battle hosts accounts from Latin America, Southeast Asia, New Zealand, Australia, and of course North America. Talking about the hack, Morhaime said “Even when you are in the business of fun, not every week ends up being fun,”

So far, they didn’t find any proof of stolen financial data, including billing addresses and credit card numbers. Users who use Battle.net’s dial-in confirmation service had their phone numbers stolen. Information regarding Mobile Authentication, an iPhone app that needs 2-fatcor verification, could potentially compromise the truth. The company is working on secured software to address this problem and the company believes that the integrity of the physical status present remains intact.

Company says hackers haven’t received enough data to be able to check players, profiles, and account details. All players will be asked to change their respective password and answers to their security inquiries over a couple of days. The staffs at customer service will be asked to incorporate additional measures to check player’s real identity. They are also thinking of cancelling mobile authenticators; however, it will not be applicable to unauthorized users, whose accesses have been limited to compromised data.

However, it is not the very first attack on Blizzard, rather the second in this year; in May, their website was breached when game items and currency were stolen by criminals. They waited for 5 days, before reporting about the latest hack as they were investigating the issue and securing their network. Last time, attackers broke in through a SQL injection, but this time’s way is still unknown.

Note to Players

Users should make their emails safe purporting to be from any trusted sites. If the email address gets exposed, there is a high chance of getting other personal details hacked. When it comes to security answers, do not answer it honestly as it’s very easy to get answers via various social engineering tricks. Security experts recommend coming up with a fake answer, which is quite hard to break in.