Fortune 500 companies and even defense contractors have been hit. Now Blizzard Entertainment, the unit of Activision that produces the mega successful massive multi-online role-playing games World of Warcraft, Starcraft, and Diablo III, has reportedly been hacked.
PC Mag— The intruders gained access to: email addresses for global Battle.net users, except China; answers to personal security questions for users in North America, Latin America, Australia, New Zealand, and Southeast Asia; information relating to mobile and dial-in authenticators; and cryptographically scrambled passwords.
“Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts,” Blizzard said.
Blizzard has posted some basic info at Battle.net which states in part they may be implementing an automatic across the board mandatory password change program for all users in the next few days.
This could have been a gold farming effort, in fact that would be the best bet. It’s not great for gold farmers to have the answer to security questions, armed with that and knowing the users name and address, the farmer could probably change passwords and other info and strip the account of virtual currency and high value virtual items. But that’s about all gold farmers are interested in, damage to the online persona that can usually be easily repaired.
Full-blown identity thieves on the other hand are a whole different ballgame. No doubt any credit card info at Blizzard will be encrypted, I doubt even front line reps setting up accounts for users over the phones at most online companies can see the full unencrypted card number or security code. But identity theives break into companies for a reason, so we’ll see.
If you have ever played World of Warcraft, now would be a good time to change all your passwords. Being human we have a tendency to recycle passwords and small variations on them. Thieves are well aware of this propensity, they have developed automated software to cycle through permutations and crack those credentials. Kids nine years old could use this stuff. It’s not your WoW pw you need to be worried about, it’s your bank, credit card, brokerage account, 401-K, insurance, etc., that you need to secure.