Before logging into Diablo 3, Starcraft II, or World of Warcraft this evening, you may want to change your Battle.net password. Video game publisher Blizzard was hacked this week, and the company says its security team is currently working with law enforcement to figure out who is behind the breach.
“Even when you are in the business of fun, not every week ends up being fun,” said Blizzard co-founder Mike Morhaime in a statement. “We take the security of your personal information very seriously, and we are truly sorry that this has happened.”
The damage includes a number of e-mails stolen for Battle.net players outside of China. Battle.net is the online system that contains a Blizzard player’s profile and also hosts online games. The Activision-owned company says that those on its North American servers are affected as well, which encompasses North America, Latin America, Australia, New Zealand, and Southeast Asia. For these account holders, hackers grabbed answers to personal security questions and breached the the mobile and dial-in authenticators that players use to add two-factor authentication to their accounts. The hackers tool hashed phone numbers from the servers running the dial-in authenticator. The physical authenticators, however, seem to be untouched.
Blizzard suggests that players on the North American servers change their passwords, especially if those passwords were used for other online accounts. We think all Blizzard players should change their passwords as the company continues to dig into what was breached.
North American server players will be prompted to change their security questions as well in the coming weeks. A tip from GamesBeat Editor in Chief Dan “Shoe” Hsu: Don’t answer security questions honestly. Hackers can easily social engineer their way into finding out your security question answers. If the information on your Facebook account is public, you’ve done half the work for them. Coming up with fake answers puts an extra barrier between you and the criminal.
Blizzard set up an FAQ regarding the hack, which can be found here.