Blizzard confirms massive Battle.net hack

Blizzard president Mike Morhaime has confirmed that an unnamed team of hackers managed to breach Battle.net’s digital perimeter.

“Our security team found an unauthorized and illegal access into our internal network here at Blizzard,” Morhaime wrote in an official company blog post.



”We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.”



According to Morhaime, Blizzard found no evidence that financial information such as credit cards, billing addresses, or real names were compromised.

Nevertheless, the corporation acknowledged that “some” data was illegally accessed, including a list of email addresses for global Battle.net user outside of China.



In addition, the answers to personal security questions, as well as data pertaining to mobile and dial-in authenticators were accessed for players on North American servers. 

However, Blizzard was quick to emphasize that such information alone was “not enough” for anyone to gain access to Battle.net accounts.

“We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken,” said Morhaime. 



“We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually.”

Despite the above-mentioned encryption, the top Blizzard exec recommended that players on North American servers change their password as a precautionary measure.



“In the coming days, we’ll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we’ll prompt mobile authenticator users to update their authenticator software. 



“[Remember], phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. We take the security of your personal information very seriously, and we are truly sorry that this has happened,” he added.