GamesBeat

Blizzard’s mobile and dial-in authenticators breached in hack

Before logging into Diablo 3, Starcraft II, or World of Warcraft this evening, you may want to change your Battle.net password. Video game publisher Blizzard was hacked this week, and the company says its security team is currently working with law enforcement to figure out who is behind the breach.

“Even when you are in the business of fun, not every week ends up being fun,” said Blizzard co-founder Mike Morhaime in a statement. “We take the security of your personal information very seriously, and we are truly sorry that this has happened.”

The damage includes a number of e-mails stolen for Battle.net players outside of China. Battle.net is the online system that contains a Blizzard player’s profile and also hosts online games. The Activision-owned company says that those on its North American servers are affected as well, which encompasses North America, Latin America, Australia, New Zealand, and Southeast Asia. For these account holders, hackers grabbed answers to personal security questions and breached the the mobile and dial-in authenticators that players use to add two-factor authentication to their accounts. The hackers tool hashed phone numbers from the servers running the dial-in authenticator. The physical authenticators, however, seem to be untouched.

Blizzard suggests that players on the North American servers change their passwords, especially if those passwords were used for other online accounts. We think all Blizzard players should change their passwords as the company continues to dig into what was breached.

North American server players will be prompted to change their security questions as well in the coming weeks. A tip from GamesBeat Editor in Chief Dan “Shoe” Hsu: Don’t answer security questions honestly. Hackers can easily social engineer their way into finding out your security question answers. If the information on your Facebook account is public, you’ve done half the work for them. Coming up with fake answers puts an extra barrier between you and the criminal.

Blizzard set up an FAQ regarding the hack, which can be found here.

Image via Shutterstock


Screen Shot 2014-03-25 at 2.00.11 PMGamesBeat 2014 — VentureBeat’s sixth annual event on disruption in the video game market — is coming up on Sept 15-16 in San Francisco. Purchase one of the first 50 tickets and save $400!

GamesBeat is your source for gaming news and reviews. But it's also home to the best articles from gamers, developers, and other folks outside of the traditional press. Register or log in to join our community of writers. You can even make a few bucks publishing stories here! Learn more.

You are now an esteemed member of the GamesBeat community. That means you can comment on stories or post your own to GB Unfiltered (look for the "New Post" link by mousing over your name in the red bar up top). But first, why don't you fill out your via your ?

About GamesBeat