Blizzard Battle.net hack attack hits millions

Artwork from Mists of Pandaria The attack exposed the email addresses millions use to get at Blizzard games such as World of Warcraft

Related Stories

Account details for millions of players have been stolen in a hack attack on Blizzard, the maker of World of Warcraft, StarCraft and Diablo.

Blizzard revealed details of the breach in a message posted to its Battle.net account management service.

Players in North America should change their login details for the account management service, said Blizzard.

So far, it said, there was no evidence that credit card numbers and other personal details had been taken.

Angry gamers

In the message, Blizzard boss Mike Morhaime said it discovered on 4 August that there had been "unauthorized and illegal access" to its internal network.

Its investigation into the breach revealed that whoever broke in got a copy of a list of all email addresses for Battle.net users outside China.

Battle.net is the overarching account management and login service gamers use to play Blizzard games including World of Warcraft, StarCraft 2 and Diablo 3.

Also accessed was information about the security questions and account authenticators used by players on North American servers. As well as players in the US and Canada this includes people in Latin America, Australia, New Zealand, and Southeast Asia.

The attackers also stole a cryptographically scrambled list of the passwords used on North American Battle.net accounts. The technique Blizzard used to conceal these passwords, said Mr Morhaime, made it hard to unscramble them.

Blizzard said that, as far as it knew, the information stolen would not be enough for attackers to gain unauthorised access to Battle.net accounts.

Despite this, it urged players on North America servers to change their passwords, especially if that secret phrase or character combination was used on other services.

It said it had begun an automatic process to force players to change their secret questions and get those who use authenticators to update their devices.

It said it had found "no evidence" that credit card numbers, billing addresses or real names had been exposed.

"We are truly sorry that this has happened," said Mr Morhaime.

Paul Ducklin, a researcher at security firm Sophos, said the breach was "painful but probably not too bad" in a blogpost about the attack. He said the way Blizzard stored and managed login and password data was "sensible" and should reduce the theft's impact.

Commenting on the breach at games news site Rock Paper Shotgun, Nathan Grayson said it showed up the shortcomings of Blizzard's decision to make formerly offline titles, such as Diablo, only playable if people login via Battle.net.

"No one (except maybe the hackers) is happy about this," he wrote, "but I imagine people who just wanted a single-player experience with no muss or fuss are the angriest of all."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Children in Africa graphicBaby steps

    Are we seeing a child ‘survival revolution’?


  • Olive oil and olivesFood myth

    Did 1950s Britain get its olive oil from a pharmacy?


  • shadow of people kissing on grassOutdoor love

    Should the police intervene when people have sex in public?


  • Hand washing to contain Ebola in LiberiaEbola virus

    More action is needed to tackle Ebola, say experts


  • MarsYour Martian home

    Is this how the cities of Mars will be built?


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.