Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Blizzard hack: A security guide for users

Ian Paul | Aug. 13, 2012
If you play PC games from Blizzard Entertainment such as Diablo III and World of Warcraft you need to review your account security as soon as you can.

If you play PC games from Blizzard Entertainment such as Diablo III and World of Warcraft you need to review your account security as soon as you can.

Blizzard has confirmed a security breach compromised a large amount of user account data for gamers. Blizzard is warning players on North American servers (including players from North America, Latin America, Australia, New Zealand, and Southeast Asia) that hackers have nabbed user e-mail addresses, answers to security questions, a database of cryptographically scrambled passwords, and as sensitive data related to dial-in and smartphone app-based two-factor authentication.


Blizzard says the purloined information alone isnt enough to crack into accounts. The scrambled passwords, for example, were protected by the Secure Remote Password (SRP) protocol, a key-based authentication system. The company says anyone trying to crack the passwords would have to decipher the passcodes one by one.

Nevertheless, gamers are being advised to change their passwords, as well as take a number of other security measures. If youre a gamer, heres what you need to know about securing your account and what to expect from Blizzard in the coming days.

Change Your Password

Blizzard is recommending that all users change their account passwords.

You can do that by clicking here. Or, log into and click on the Account link at the top of the page. On the next page click Settings and select Change Password from the drop-down menu.

Expect a Security Question Change

Blizzard does not yet have a mechanism in place to let you change your security question, a measure for account recovery and identity verification, which is a real bummer considering hackers have your answers. But the company says it is working to create a feature that will let you change your question through the account management site. Once the new measure is active, you will be automatically prompted to change your security question.

Blizzard said it didnt immediately revoke users security questions because it believes keeping the secret questions and answers in place still provides a layer of security against unauthorized users who don't have access to the compromised data. The problem, however, is that some bad guys do have access to your security question answers. Color me unimpressed.

Two-Factor Authentication App Update Due

Its not clear what kind of information was stolen, but sensitive data relating to Blizzards free two-factor authentication smartphone app, Mobile Authenticator, was also compromised. Blizzard says the data could potentially compromise the integrity of North American Mobile Authenticators. Blizzard also says hashed phone numbers were compromised for users of Dial-in Authenticator, a service that is no longer available to new users.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.