Blizzard's Network Breached, Australian Emails Accessed

We've just received word from Blizzard locally that Battle.net has been compromised, with some account details from all regions — including Australia — being accessed. At the stage it seems like no financial information was accessed, and that only email addresses associated with Battle.net accounts, and some cryptographically scrambled versions of passwords, were accessed.

"Even when you are in the business of fun, not every week ends up being fun," began a statement posted on Blizzard's official website. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

"At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

"Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts."

The access to emails occurred throughout the whole network, but Blizzard believes that the additional information (which includes the cryptographically scrambled passwords — not actual passwords) was limited to players using the North American servers. If you're an Australian player who uses these servers, Blizzard is recommending that you change your password, which you can do from this link here.

Blizzard claimed the system they use to protect passwords is secure, and this password change should be thought of as a precaution.

"We use Secure Remote Password protocol (SRP) to protect these passwords," said the statement, "which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually."

Still, in these situations it pays to play it safe. If you play on any of Blizzard North American servers, it's probably best to change your passwords immediately.

Originally published on Kotaku Australia


Comments

    And anyone that changes their password by clicking a link like the above EVEN in Gizmodo deserves to be hacked.

    Browse to Blizzard yourself and navigate to your battlenet account from there and do it properly.

      you can see where it links to when you hover over it...

    i never knew blizzard had personal security questions? i cant find it on their site

      John, the personal security question is something you picked when you first made your battle.net account, and they ask you for it when you change something like your account email address. When I changed my password I also looked for how to change the security question, and found a FAQ on this hacking that says Blizzard is now working to add an automated way to change the security question as soon as they can. I guess they'll send out another email to account holders once they've got it working.

      They do. That said, I entered in gibberish for mine (keyboard key slamathon). I had to call support a month back for an activation query and the lady on the phone was going to ask me to answer it but realised it wouldn't be possible. Instead they asked me to quote part of the serial number for a game already attached to my account.

    I want compensation!

    The headline is pretty misleading -- Australian email *addresses* were accessed, there's nothing about any actual emails being accessed.

      Huh so it is. I just interpreted it as email addresses.

    My D3 account was hacked so blizzards response was to blame me and force me into getting a authenticator in order to play a game i'd only just purchased :(

      "aren't you thankful?"

    inside job clearly

    I discovered the other day that my battlenet account password isnt case sensitive.
    must say I wasnt impressed.

Join the discussion!

Trending Stories Right Now