Giant Bomb News


Blizzard Says Battle.Net Hasn’t Been Compromised

Reports of account "hacking" are not necessarily a sign of security issues.

No Caption Provided

The launch of Diablo III has been a series of highs and lows. The game seems pretty great, but the always-on online requirements have come under scrutiny, and allegations of account hacking surfaced a few days back.

Blizzard did issue a statement earlier this week regarding compromised accounts, but I didn't run the studio’s comments yet because I was waiting for the company to answer a series of questions, which are below:

  • "We'd like to take a moment to address the recent reports that suggested that and Diablo III may have been compromised." -- Does Blizzard's analysis of the situation suggest there has been zero compromise of and the subsequent "hacks" are 100% the result of outside interference?

  • In a follow up post, a community manager wrote: "We have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password." What exactly are "traditional means"?

  • In the same post, the same community manager said: "[We] have done everything possible to verify how and in what circumstances these compromises are occurring." Can you outline what these circumstances are to help players combat against it?

  • If the authenticator is the best way to keep an account secure, why not make that a requirement for play?

Blizzard public relations told me the answers to my questions lay within an update this morning. That's mostly true.

Blizzard claims has not been compromised, and the number of customers who have contacted the company about compromises has been “extremely small.” An actual number was not disclosed, and Blizzard said it has not received reports of account issues from any customers using the company’s authentication services.

For more details on those authentication services, click right here.

The issues in question have arisen from accounts being accessed using a user’s login and password, which Blizzard characterizes as a “traditional” mean of compromising an account. Blizzard outlined ways to protect yourself:

“The best defense against account theft still includes smart password management (e.g. using a unique password for every site/service and keeping your password to yourself) and scanning for malware and viruses regularly, as well as following additional preventative steps found here. In the end, while no security method is 100% foolproof, the physical Authenticator and Mobile Authenticator app are great ways to provide your account with an extra layer of protection.”

Additionally, Blizzard claims to have found no evidence of account spoofing after players join a game.

“We’ve determined the methods being suggested to do so are technically impossible,” said the company.

In other Diablo news, Blizzard is looking into restoring lost achievements for some players, and the real-money auction house has been pushed back to an undetermined launch date.

Patrick Klepek on Google+