Data Breach at Blizzard Comprises Emails and Security Questions but not Passwords - The UpStream

Data Breach at Blizzard Comprises Emails and Security Questions but not Passwords

posted Saturday Aug 11, 2012 by Nicholas DiMeo

Data Breach at Blizzard Comprises Emails and Security Questions but not Passwords

This week we have news of another breach in the gaming world, however it is not in any way, shape or form related to Sony and their handicapping outage last year. Instead, the victim is Blizzard Entertainment and their online gaming network. Blizzard, makers of StarCraft, World of Warcraft and Diablo, has had their internal network security compromised and the company has issued emails to customers today. Blizzard has said the email went out to all customers who have used, however at the time of this writing, my inbox has not received any such notification. Perhaps I wasn't affected?

The good news is that Blizzard is also saying no financial information has been breached to their knowledge, so you're safe in that regard. Also, while email addresses to lots of non-Chinese users of were snatched along with passwords, those passwords were scrambled, which cannot be said for Yahoo! and other companies' breaches as of late. Scrambling or "hashing" passwords, is a common practice in development and has become the accepted, secure way to handle all customer login activity.

Who is responsible for this and what steps is Blizzard taking to ensure this won't happen again? The path to the answers resides safely and securely after the break.

Blizzard's president, Michael Morhaime, issued a statement via Blizzard's official blog shortly after knowledge of the breach.

This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Security questions and user activity and authentication information was also compromised for users in the USA, Australia, New Zealand and Latin America. Our advice is to you, obviously, is to change your password and any other site where the same password was used, just as a precaution. Blizzard will be automatically asking you to update your security questions. Our best practice is to use answers to questions that don't make sense to anyone but you, because finding your mother's maiden name has been getting easier and easier. For a question like, "What is your favorite number," you could put your favorite food. Just be sure to remember it!

Morhaime did reassure Blizzard's customer base by letting us know that "based on what we {they} currently know, this information alone is NOT enough for anyone to gain access to accounts."

The entire blog post, "Important Security Update," is available in the source link and you should definitely read it if you think you might have been affected or have ever played a Blizzard game. It's always best to ensure safety during these data breaches. The good news is that Blizzard has apologized, reacted quickly and had the right backup procedures in place in case a breach would occur. At this time, we are unsure who specifically was responsible for the compromise in security but Blizzard has been working with police, data experts and other agencies to get to the bottom of it as soon as possible.


Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats