We’ve just received word from Blizzard locally that Battle.net has been compromised, with some account details from all regions — including Australia — being accessed. At the stage it seems like no financial information was accessed, and that only email addresses associated with Battle.net accounts, and some cryptographically scrambled versions of passwords, were accessed.
“Even when you are in the business of fun, not every week ends up being fun,” began a statement posted on Blizzard’s official website. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.
“At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.
“Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.”
The access to emails occurred throughout the whole network, but Blizzard believes that the additional information (which includes the cryptographically scrambled passwords — not actual passwords) was limited to players using the North American servers. If you’re an Australian player who uses these servers, Blizzard is recommending that you change your password, which you can do from this link here.
Blizzard claimed the system they use to protect passwords is secure, and this password change should be thought of as a precaution.
“We use Secure Remote Password protocol (SRP) to protect these passwords,” said the statement, “which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually.”
Still, in these situations it pays to play it safe. If you play on any of Blizzard North American servers, it’s probably best to change your passwords immediately.