GamesBeat

Blizzard’s mobile and dial-in authenticators breached in hack

Before logging into Diablo 3, Starcraft II, or World of Warcraft this evening, you may want to change your Battle.net password. Video game publisher Blizzard was hacked this week, and the company says its security team is currently working with law enforcement to figure out who is behind the breach.

“Even when you are in the business of fun, not every week ends up being fun,” said Blizzard co-founder¬†Mike Morhaime in a statement. “We take the security of your personal information very seriously, and we are truly sorry that this has happened.”

The damage includes a number of e-mails stolen for Battle.net players outside of China. Battle.net is the online system that contains a Blizzard player’s profile and also hosts online games. The Activision-owned company says that those on its North American servers are affected as well, which encompasses North America, Latin America, Australia, New Zealand, and Southeast Asia. For these account holders, hackers grabbed answers to personal security questions and breached the the mobile and dial-in authenticators that players use to add two-factor authentication to their accounts. The hackers tool hashed phone numbers from the servers running the dial-in authenticator. The physical authenticators, however, seem to be untouched.

Blizzard suggests that players on the North American servers change their passwords, especially if those passwords were used for other online accounts. We think all Blizzard players should change their passwords as the company continues to dig into what was breached.

North American server players will be prompted to change their security questions as well in the coming weeks. A tip from GamesBeat Editor in Chief Dan “Shoe” Hsu: Don’t answer security questions honestly. Hackers can easily social engineer their way into finding out your security question answers. If the information on your Facebook account is public, you’ve done half the work for them. Coming up with fake answers puts an extra barrier between you and the criminal.

Blizzard set up an FAQ regarding the hack, which can be found here.

Image via Shutterstock


Mobile developer or publisher? VentureBeat is studying mobile marketing automation. Fill out our 5-minute survey, and we'll share the data with you.

GamesBeat is your source for gaming news and reviews. But it's also home to the best articles from gamers, developers, and other folks outside of the traditional press. Register or log in to join our community of writers. You can even make a few bucks publishing stories here! Learn more.

You are now an esteemed member of the GamesBeat community. That means you can comment on stories or post your own to GB Unfiltered (look for the "New Post" link by mousing over your name in the red bar up top). But first, why don't you fill out your via your ?

About GamesBeat