Diablo III and StarCraft maker Blizzard Entertainment has confirmed that Battle.net’s North American servers have been compromised by hackers.
The illegal access to the data stored on the internal network of the company was detected by the security team on August 4, who immediately responded to the situation by closing off their access to the network and bringing in law enforcements and security experts to investigate how and why the security breached happened.
The president and CEO of Blizzard Entertainment Mike Morhaime has confirmed in a security update on the company’s official website that hackers indeed managed to get into the internal network. He verified that the hackers had gotten access to account information, which included a list of e-mail addresses, cryptographically encrypted passwords, personal security questions and mobile and Dial-in Authenticators-related information.
“Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.”
He however confirmed that no financial information such as credit card numbers, real names or home addresses of the Battle.net users had been compromised.
Commenting on just how much damage the hackers were capable of doing with the information that they had managed to access, Morhaime said that the company uses encryption to keep the passwords secure and therefore the hackers would require a lot of effort to crack every password individually.
The server’s mobile and dial-in authentication service may be under threat after the related information has been comprised, but the company is confident that the physical authenticators will continue to work as they should.
Despite the optimism, Blizzard Entertainment has advised the players registered on the North American Battle.net servers to change their personal security question as it is the only bit of compromised information that pose a serious threat to the safety of their account. It further prompted the players to change their passwords as well in case they were using a similar password for multiple accounts.
Even though the illegal intrusion of hackers into the internal network was detected by the company almost a week ago, it took its time to report it to the outside world. Explaining this delay, Morhaime said that the company gave top priority to closing off the intrusion and making the network secure and once that was done, it immediately fulfilled its responsibility of letting the global play base know of the security breach, while at the same time investigating the matter.