Account details for millions of players have been stolen in a hack attack on Blizzard, the maker of World of Warcraft, StarCraft and Diablo. Blizzard president, CEO and co-founder Michael Morhaime has released a statement explaining that:
“Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers, the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.”
Blizzard claims – but doesn’t guarantee – that financial data such as credit cards, billing addresses, and real names weren’t accessed. Nonetheless, since Blizzard’s servers hold enough data to verify that you know your password and can type it in correctly, therefore anyone who has a clone of Blizzard’s authentication system can easily run a password-guessing attack against accounts.
Here are a few steps that you should implement immediately:
- Change your Blizzard password.
- If you chose excessively simple passwords, it could be guessed quickly. Stop choosing simple, non-complex passwords! Always try to use alpha-numeric, case sensitive passwords while incorporating special characters. Here’s a good example of what a strong password looks like: MyP4ssW3rD!
- If you’ve used the same password someplace else, change that one also, and don’t reuse passwords on different sites.