Reports emerging of serious compromises at video game giant


Fortune 500 companies and even defense contractors have been hit. Now Blizzard Entertainment, the unit of Activision that produces the mega successful massive multi-online role-playing games World of Warcraft, Starcraft, and Diablo III, has reportedly been hacked.

PC Mag— The intruders gained access to: email addresses for global Battle.net users, except China; answers to personal security questions for users in North America, Latin America, Australia, New Zealand, and Southeast Asia; information relating to mobile and dial-in authenticators; and cryptographically scrambled passwords.

“Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts,” Blizzard said.

Blizzard has posted some basic info at Battle.net which states in part they may be implementing an automatic across the board mandatory password change program for all users in the next few days.

This could have been a gold farming effort, in fact that would be the best bet. It’s not great for gold farmers to have the answer to security questions, armed with that and knowing the users name and address, the farmer could probably change passwords and other info and strip the account of virtual currency and high value virtual items. But that’s about all gold farmers are interested in, damage to the online persona that can usually be easily repaired.

Full-blown identity thieves on the other hand are a whole different ballgame. No doubt any credit card info at Blizzard will be encrypted, I doubt even front line reps setting up accounts for users over the phones at most online companies can see the full unencrypted card number or security code. But identity theives break into companies for a reason, so we’ll see.

If you have ever played World of Warcraft, now would be a good time to change all your passwords. Being human we have a tendency to recycle passwords and small variations on them. Thieves are well aware of this propensity, they have developed automated software to cycle through permutations and crack those credentials. Kids nine years old could use this stuff. It’s not your WoW pw you need to be worried about, it’s your bank, credit card, brokerage account, 401-K, insurance, etc., that you need to secure.

Comments

  1. Gregory in Seattle says

    I saw the warning on the WoW game launcher last night (one of the reasons I don’t skip it is so I get announcements like this.) I’ve taken precautions in-game — I have the Battle.net authenticator, and the system is set to require it for each and every login — but I did change my password and notify the issuer of the card I use for payments.

    Thanks for spreading the word.

  2. troll says

    My WoW subscription lapsed months ago, and I’ve had no desire to fire up D3 in quite some time, so I would have missed this. Thanks for the heads-up. I was a little overdue for an across the board password change anyway.

  3. says

    It was suggested to me years ago that it was wise to use an email address for logging into WoW that one did not actually is actually use for anything else so that that email address was not out in the public for hackers to play with. So my email address is one no one knows and I never receive email at. I don’t know if that advice was true but I never get phishing email at that address and I’ve never been hacked. Yesterday I went to battle.net and set up a mobile number thing where they text you about the account and changed my password, but search as I might I could not find anywhere to change password recovery questions. I know I have some; Diablo3 locked up my password and I used them to change it, but I couldn’t find them. I guess I had better look again.

  4. says

    BTW I’ve logged in and out, played a few toons, talked to some buddies, none of us have noticed any issues at all. It’s going aorund in the game that this actually happened a few days ago and it’s already been fixed, either that or it’s the usual media overhype.

Leave a Reply