Hackers have breached the security of Blizzard Entertainment’s internal network, gaining unauthorised access to some of its users’ details.
The company, which is behind the World of Warcraft game and the StarCraft and Diablo series, says it detected the attack on August 4 and has since been fixing the vulnerability and looking into what data has been compromised.
“We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened,” said Blizzard president Mike Morhaime in a statement.
Blizzard states that data was accessed from users of the North American Battle.net server. This includes users in North America as well as Latin America, Australia, New Zealand and Southeast Asia.
It’s reported that the stolen data involves Battle.net e-mail addresses, cryptographically hashed passwords, answers to personal security questions, and information about mobile and dial-in authenticators used for two-factor verification.
The company says that billing information, such as credit card numbers, addresses and users’ real names are apparently safe.
The passwords are protected using the Secure Remote Password protocol, making it unlikely that leaked info can actually be used for unauthorised account access.
However, Blizzard recommends that users change their Battle.net passwords as a precaution (and on any other sites if they use an identical or similar password elsewhere, which serves as yet another reminder about how unsafe it is to do that). It also warns to look out for phishing attempts, as email addresses were leaked.
Affected users will also be prompted to update their security question and answer info and mobile authenticator software soon. Its physical two-factor authenticators should still be secure, according to Blizzard.
“We take the security of your personal information very seriously, and we are truly sorry that this has happened,” added Morhaime.
Via Ars Technica
Images: Blizzard Entertainment