UK online gamers have been advised to be vigilant about the integrity of their accounts if they play World of Warcraft, StarCraft 2 or Diablo 3 – and to use an authenticator app for added security. The warning follows a hack attack on the games' maker Blizzard, in which millions of players' account details have been stolen.
Blizzard revealed details of the breach in a message posted to its Battle.net account management service. Players in North America should change their login details for the account management service, it said.
So far, it said, there was no evidence that credit card numbers and other personal details had been taken. In the message, Blizzard boss Mike Morhaime said it discovered on 4 August that there had been "unauthorized and illegal access" to its internal network. An investigation into the breach revealed that whoever broke in got a copy of a list of all email addresses for Battle.net users outside China. "We are truly sorry that this has happened," said Morhaime.
Battle.net is the overarching account management and login service gamers use to play Blizzard games including World of Warcraft, StarCraft 2 and Diablo 3.
Also accessed was information about the security questions and account authenticators used by players on North American servers. As well as players in the US atnd Canada this includes people in Latin America, Australia, New Zealand, and Southeast Asia. The attackers also stole a cryptographically scrambled list of the passwords used on North American Battle.net accounts. The technique Blizzard used to conceal these passwords, said Mr Morhaime, made it hard to unscramble them. Blizzard said that, as far as it knew, the information stolen would not be enough for attackers to gain unauthorised access to Battle.net accounts. Despite this, it urged players on North America servers to change their passwords, especially if that secret phrase or character combination was used on other services.
The company said it had begun an automatic process to force players to change their secret questions and get those who use authenticators to update their devices. It said it had found "no evidence" that credit card numbers, billing addresses or real names had been exposed.
For Get Safe Online's information and advice on safe online gaming, click here.
