Blizzard has confirmed a security breach compromised a large amount of user account data for Battle.net gamers. Blizzard is warning players on North American servers (including players from North America, Latin America, Australia, New Zealand, and Southeast Asia) that hackers have nabbed user e-mail addresses, answers to security questions, a database of cryptographically scrambled passwords, and as sensitive data related to dial-in and smartphone app-based two-factor authentication.
Blizzard says the purloined information alone isnt enough to crack into accounts. The scrambled passwords, for example, were protected by the Secure Remote Password (SRP) protocol, a key-based authentication system. The company says anyone trying to crack the passwords would have to decipher the passcodes one by one.
Nevertheless, Battle.net gamers are being advised to change their passwords, as well as take a number of other security measures. If youre a Battle.net gamer, heres what you need to know about securing your account and what to expect from Blizzard in the coming days.
Change Your Password
Blizzard is recommending that all Battle.net users change their account passwords.
You can do that by clicking here. Or, log into Battle.net and click on the Account link at the top of the page. On the next page click Settings and select Change Password from the drop-down menu.
Expect a Security Question Change
Blizzard does not yet have a mechanism in place to let you change your security question, a measure for account recovery and identity verification, which is a real bummer considering hackers have your answers. But the company says it is working to create a feature that will let you change your question through the account management site. Once the new measure is active, you will be automatically prompted to change your security question.
Blizzard said it didnt immediately revoke users security questions because it believes keeping the secret questions and answers in place still provides a layer of security against unauthorized users who don't have access to the compromised data. The problem, however, is that some bad guys do have access to your security question answers. Color me unimpressed.
Two-Factor Authentication App Update Due
Its not clear what kind of information was stolen, but sensitive data relating to Blizzards free two-factor authentication smartphone app, Battle.net Mobile Authenticator, was also compromised. Blizzard says the data could potentially compromise the integrity of North American Mobile Authenticators. Blizzard also says hashed phone numbers were compromised for users of Dial-in Authenticator, a service that is no longer available to new users.
Sign up for CIO Asia eNewsletters.