IT Consulting and Tech Support Blog

Blizzard’s Battle.Net HACKED!

Account details for millions of players have been stolen in a hack attack on Blizzard, the maker of World of Warcraft, StarCraft and Diablo. Blizzard president, CEO and co-founder Michael Morhaime has released a statement explaining that:

“Some data was illegally accessed, including a list of email addresses for global users, outside of China. For players on North American servers, the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to accounts.”

Blizzard claims – but doesn’t guarantee – that financial data such as credit cards, billing addresses, and real names weren’t accessed. Nonetheless, since Blizzard’s servers hold enough data to verify that you know your password and can type it in correctly, therefore anyone who has a clone of Blizzard’s authentication system can easily run a password-guessing attack against accounts.


Here are a few steps that you should implement immediately:


  • Change your Blizzard password.


  • If you chose excessively simple passwords, it could be guessed quickly. Stop choosing simple, non-complex passwords! Always try to use alpha-numeric, case sensitive passwords while incorporating special characters. Here’s a good example of what a strong password looks like: MyP4ssW3rD!


  • If you’ve used the same password someplace else, change that one also, and don’t reuse passwords on different sites.
This entry was posted in Vulnerabilities, Web Security and tagged , , , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>