Blizzard Account Holders Urged to Change Passwords After Breach

Type threatpost
Reporter Anne Saita
Modified 2013-04-17T16:31:43


Video game publisher Blizzard, makers of Diablo III, World of Warcraft and other wildly popular games, is urging account holders on North American servers to change their passwords after the company’s security team this week discovered someone illegally accessed the internal network.

“At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed,” wrote co-founder Mike Morhaime in a message to users.

Attackers accessed email addresses for global users outside of China, answered personal security questions and obtained information tied to mobile and dial-in authenticators. In addition, the hackers took encrypted versions of passwords for those players on North American servers. Those include users from Latin America, Australia, New Zealand and Southeast Asia.

The Activision-owned company is recommending players change their passwords. It also will be automatically prompting North American server players to change their secret questions in the coming days.

“We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually,” Morhaime said. “As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

The company said it took five days to notify its customers to first re-secure the server and fully investigate the breach in order to provide customers with accurate information.