Something went wrong. Try again later

Giant Bomb News

209 Comments

Change Your Battle.net Password

Blizzard's network has been accessed by an outside party, your email addresses and "secret question" answers are out there.

Hey, while we're posting passwords in the open around here...
Hey, while we're posting passwords in the open around here...

This is the world we live in now. A world where some service you've signed up with seems to get penetrated every couple of weeks, sending everyone into a password-changing frenzy. I bet the guys selling password-securing apps are stoked. This month's victim of unauthorized access is Blizzard, which disclosed yesterday that someone got into its network on or around August 4 of this year.

So what'd they take? According to Blizzard's FAQ on the matter, players in the North American region--which includes Australia for reasons that I'm sure would make sense if someone bothered to describe it--have the following items to worry about:

  • Email addresses
  • Answers to secret security questions
  • Cryptographically scrambled versions of passwords (not actual passwords)
  • Information associated with the Mobile Authenticator
  • Information associated with the Dial-in Authenticator
  • Information associated with Phone Lock, a security system associated with Taiwan accounts only
  • In addition to this list of North American information, all users except those with China-based accounts had their email address taken.

So that means, at the minimum, your email address is out there. If you're part of what Blizzard considers its North American region, the answer to your secret security question is out there, too. Considering the number of sites that don't let you choose what your secret question is (if mine is any indication, Blizzard is among them), this may be an actual concern for you. Anyone that doesn't let you create your own custom secret question is a Bad Person. Blizzard says that an automated process to update secret questions and answers will be available in the near future. In the meantime, if you use the same secret question/answer combo on multiple sites, this might be a good time to tear your hair out and yell at the sky for a bit.

The FAQ goes on to say that the company believes that physical Blizzard Authenticators are secure, but app-based authentication will eventually require an update. For more details on how your password was stored and why it's unlikely that this will lead to your actual password getting out in the open, read the rest of Blizzard's FAQ... after you're finished changing your password, that is.

Jeff Gerstmann on Google+

209 Comments

Avatar image for bourbon_warrior
Bourbon_Warrior

4569

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 1

Edited By Bourbon_Warrior

What sucks is that Blizzard forced me to get the authenticator to do gold auctions. My iPhone just got white screen of death and this is where my authenticator is on. Now I can't log in to Battle.net because I can't remember my stupid secret question and answer because I have never had to use that before and never thought I would have to for a game like this. So now I am locked out of the game I paid for and have recieved various cookie cutter responses from Blizzard that may as well say Too Bad!.

Avatar image for mace_vindu
mace_vindu

14

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By mace_vindu

Whos next? Its like, no one is safe... Cybercriminals... Nice time we live in:)

Avatar image for divakchopra
divakchopra

87

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By divakchopra

i just wanna play starcraft in peace

Avatar image for jasondesante
jasondesante

615

Forum Posts

2

Wiki Points

0

Followers

Reviews: 6

User Lists: 0

Edited By jasondesante

"I bet the guys selling password-securing apps are stoked." honestly what is that supposed to mean

Avatar image for rylle
Rylle

3

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By Rylle

I certainly appreciated the transparency, and this just goes to show that no one is immune to security breaches. It took long enough, but I think it's becoming more and more evident that, given enough time, anyone can and will be hacked if they are a valuable target.

Avatar image for tennesseemcvay
tennesseemcvay

26

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Edited By tennesseemcvay

I wonder if this is related to somebody from Hefei, China keeps trying to get into my gmail. They probably heard about all the fine ladies in my area looking to hook up that seem to blow up my email on a daily basis, so I can't really blame them.

Avatar image for blacklab
blacklab

2025

Forum Posts

22

Wiki Points

0

Followers

Reviews: 0

User Lists: 1

Edited By blacklab

Done and done!

Avatar image for diachron
Diachron

107

Forum Posts

383

Wiki Points

0

Followers

Reviews: 0

User Lists: 10

Edited By Diachron

I'm getting tired of this.

Avatar image for deactivated-5945386c8a570
deactivated-5945386c8a570

429

Forum Posts

2008

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

@rmills87 said:

Jesus fucking Christ, I'm getting so tired of this shit.

me2 :/

it seems to be happening on regular basis now..