Industry News

Data Breach Hits, Exposes Players

Online gaming service has fallen victim to unauthorized access and the leak of sensitive user information. Even though credit card data is thought to be safe, a list of email addresses for global users, as well as the answer to the personal security question, hashed passwords and information relating to Mobile and Dial-In Authenticators have fallen into the wrong hands, according to the official Blizzard website, which revealed the breach.

“This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened,” Blizzard president Mike Morhaime wrote., home to the world’s most popular games such as World of Warcraft, Starcraft and Diablo, aggregates millions of players around the world. Although the company did not reveal the number of affected accounts, the official announcement states that all players on North American servers (the rally point for North America, Latin America, Australia, New Zealand, and Southeast Asia) have been affected.

Luckily for the players, even though their e-mail addresses and private security questions have been exposed, the authentication system uses Secure Remote Password protocol (SRP) for password protection, which practically dismisses the probability of brute-forcing.

“As a precaution, however, we recommend that players on North American servers change their password. […] Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well,” concluded Morhaime.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.