Blizzard Entertainment Reveals ‘World of Warcraft’ Security Breach

Yesterday Mike Morhaime, president of Blizzard Entertainment, announced a security breach via a ‘Blue Post’ on Blizzard’s official web site citing “an unauthorized and illegal access into our internal network here at Blizzard.” In the wake of the shaky Diablo III launch, and with the release of Mists of Pandaria looming so close upon the horizon, Blizzard really doesn’t need any more on their plate but they can’t seem to catch a break.

Morhaime goes on to state that “for players on North American servers, the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.” It should be noted at this time Blizzard doesn’t believe that any credit card information was accessed, and what was taken was simply e-mail addresses and SRP-encoded (Secure Remote Password protocol) versions of user passwords.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually.

So in reality there are a few things to think about. First and foremost, change your password. While it seems unlikely, there’s a chance that these data thieves would really go through all the work it would take to extract SRP encrypted passwords. I mean, they already went to the trouble of breaching Blizzard’s internal security. Next, if you don’t already use a Blizzard Battle.net Authenticator you may want to pick one up. Alternately, if you have a smartphone, I suggest that you go ahead and download their Mobile Authentication App. It’s free.

Over the course of the next month Blizzard intends to set up something that will automatically ask you to change your Security question. So at least they’re being proactive about account protection.

Reality: Expect to see phishing attempts continue, and a flood of cheap currency to hit the diminished gold farming market of Warcraft.

The full Blue Post on this security issue can be seen here.

1 Comment »

  1. Change your password, boys & girls.

    Comment by Dave3 — August 10, 2012 @ 7:23 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment

Previous Article
Next Article
You may have noticed that we're now AD FREE! Please support Geeks of Doom by using the Amazon Affiliate link above. All of our proceeds from the program go toward maintaining this site.
2023  ·   2022  ·   2021  ·   2020  ·   2019  ·   2018  ·   2017  ·   2016  ·   2015  ·   2014  ·  
2013  ·   2012  ·   2011  ·   2010  ·   2009  ·   2008  ·   2007  ·   2006  ·   2005
Geeks of Doom is proudly powered by WordPress.

Students of the Unusual™ comic cover used with permission of 3BoysProductions
The Mercuri Bros.™ comic cover used with permission of Prodigal Son Press

Geeks of Doom is designed and maintained by our geeky webmaster
All original content copyright ©2005-2023 Geeks of Doom
All external content copyright of its respective owner, except where noted

This website is licensed under
a Creative Commons License.
About | Privacy Policy | Contact