Battle.net hacked, Blizzard says change your password

World of Warcraft-mongers Blizzard have been hacked, with the company's Battle.net system broken into and customer emails compromised.

Blizzard fessed up to the security breach in a statement posted to its site, where it explains that a list of email address for global Battle.net customers outside of China has been accessed by digital ne'er-do-wells.

President and co-founder Mike Morhaime says the company has found "no evidence that financial information such as credit cards, billing addresses or real names were compromised," but notes that the investigation is ongoing.

Scrambled passwords, answers to security questions and mobile and dial-in authenticator data for players dwelling on North American servers (that's generally gamers from North America, Latin America, Australia, New Zealand and Southeast Asia) were also accessed, but the Blizzard boss says that the leaked information isn't enough to let anyone take control of a Battle.net account.

That's a drop of good news, but Battle.net members, who use the platform to play World of WarcraftStarCraft 2 and Diablo 3, may find their emails used in phishing scams that persuade the account holder to fork over passwords or other information. Blizzard won't ever ask for your password via email, so be wary, gaming fans.

Gamers may also be irked to learn that Blizzard detected the breach on 4 August, but waited until 9 August to notify the community. It says its "first priority was to re-secure our network," though in those intervening days customers may have been subjected to targeted phishing scams that they wouldn't have been on guard for.

Players on North American servers will be prompted to change their secret questions and answers over coming days, while the official advice for gamers on those servers is to change your password, which you can do here. Blizzard also notes that if you've used the same or similar passwords elsewhere, it might be an idea to change them as well.

The Orc-spawning organisation says that in the wake of the attack it closed off access and has started "working with law enforcement and security experts to investigate what happened."

With breaches of this sort seemingly becoming more and more common, customers understandably want reassurance that big companies have their data safely stowed away. Apple recently turned off the ability to reset passwords over the phone after it was revealed that malevolent hackers could take control of an iCloud account with only a few bits of personal information.

[Source: cnet]