Blizzard Battle.net hack attack hits millions

Artwork from Mists of Pandaria The attack exposed the email addresses millions use to get at Blizzard games such as World of Warcraft

Related Stories

Account details for millions of players have been stolen in a hack attack on Blizzard, the maker of World of Warcraft, StarCraft and Diablo.

Blizzard revealed details of the breach in a message posted to its Battle.net account management service.

Players in North America should change their login details for the account management service, said Blizzard.

So far, it said, there was no evidence that credit card numbers and other personal details had been taken.

Angry gamers

In the message, Blizzard boss Mike Morhaime said it discovered on 4 August that there had been "unauthorized and illegal access" to its internal network.

Its investigation into the breach revealed that whoever broke in got a copy of a list of all email addresses for Battle.net users outside China.

Battle.net is the overarching account management and login service gamers use to play Blizzard games including World of Warcraft, StarCraft 2 and Diablo 3.

Also accessed was information about the security questions and account authenticators used by players on North American servers. As well as players in the US and Canada this includes people in Latin America, Australia, New Zealand, and Southeast Asia.

The attackers also stole a cryptographically scrambled list of the passwords used on North American Battle.net accounts. The technique Blizzard used to conceal these passwords, said Mr Morhaime, made it hard to unscramble them.

Blizzard said that, as far as it knew, the information stolen would not be enough for attackers to gain unauthorised access to Battle.net accounts.

Despite this, it urged players on North America servers to change their passwords, especially if that secret phrase or character combination was used on other services.

It said it had begun an automatic process to force players to change their secret questions and get those who use authenticators to update their devices.

It said it had found "no evidence" that credit card numbers, billing addresses or real names had been exposed.

"We are truly sorry that this has happened," said Mr Morhaime.

Paul Ducklin, a researcher at security firm Sophos, said the breach was "painful but probably not too bad" in a blogpost about the attack. He said the way Blizzard stored and managed login and password data was "sensible" and should reduce the theft's impact.

Commenting on the breach at games news site Rock Paper Shotgun, Nathan Grayson said it showed up the shortcomings of Blizzard's decision to make formerly offline titles, such as Diablo, only playable if people login via Battle.net.

"No one (except maybe the hackers) is happy about this," he wrote, "but I imagine people who just wanted a single-player experience with no muss or fuss are the angriest of all."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Peaky Blinders publicity shotBrum do

    Why is the Birmingham accent so difficult to mimic?


  • Oliver CromwellA brief history

    The 900 year story behind the creation of a UK parliament


  • Image of Ankor Wat using lidarJungle Atlantis

    How lasers have revealed an ancient city beneath the forest


  • TheatreBard taste? Watch

    Are trailer videos on social media spoiling theatre?


  • Agents with the US Secret Service, such as this one, are responsible for guarding the presidentHard at work

    White House break-in adds to Secret Service woes


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.