Blizzard Account Holders Urged to Change Passwords After Breach

Video game publisher Blizzard, makers of Diablo III, World of Warcraft and other wildly popular games, is urging account holders on North American servers to change their passwords after the company’s security team this week discovered someone illegally accessed the internal network.

Video game publisher Blizzard, makers of Diablo III, World of Warcraft and other wildly popular games, is urging account holders on North American servers to change their passwords after the company’s security team this week discovered someone illegally accessed the internal network.

“At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed,” wrote co-founder Mike Morhaime in a message to users.

Attackers accessed email addresses for global Battle.net users outside of China, answered personal security questions and obtained information tied to mobile and dial-in authenticators. In addition, the hackers took encrypted versions of Battle.net passwords for those players on North American servers. Those include users from Latin America, Australia, New Zealand and Southeast Asia.

The Activision-owned company is recommending players change their passwords. It also will be automatically prompting North American server players to change their secret questions in the coming days.

“We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually,” Morhaime said. “As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

The company said it took five days to notify its customers to first re-secure the server and fully investigate the breach in order to provide customers with accurate information.

Suggested articles

Researchers Discover Dozens of Gaming Client and Server Vulnerabilities

Two video game researchers have discovered a slew of zero day vulnerabilities in the engines that run popular first person shooter games like “Quake 4,” “Monday Night Combat,” “Crysis 2” and “Homefront,” among others that could put their servers and the gamers who use them in danger.