The real world presents many targets for cyber criminals. Given that hackers could target bank accounts, credit card numbers and social media accounts, it might tempting to think a video game world would be safe from real-world thieves. However, a recent security breach showed this isn’t the case.Hackers broke into Blizzard’s Battle.net service, which connects users’ login credentials to several of the company’s popular titles. According to the company’s official announcement on the issue, credit card data was not accessed. However, usernames and other login credentials may have been compromised.
“Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China,” Blizzard said. “For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.”
Blizzard also said it stores encrypted versions of user passwords and utilizes Secure Remote Password protocol, a password authentication method that is designed to make simple passwords more secure by protecting data against network attacks.
InformationWeek speculated the attack might have been carried out for a couple of different reasons. Because user email addresses were compromised, it could be an attempt to gather addresses for large-scale phishing scams. However, some features of Blizzard games, such as Diablo III’s real currency auction house, make user accounts themselves valuable targets. There is also a third-party market for digital goods in games such as “World of Warcraft.”
Blizzard’s security precautions may have prevented attackers from being able to make use of the stolen information before users changed their login credentials, but the full effectiveness of those measures will depend on how quickly users secure their accounts. Blizzard also offers layered security for users – in addition to passwords, users can purchase random code-generating authenticators to further protect their accounts.
“Thankfully, SRP will slow down anyone who wants to decrypt the stolen password list, which would seem to buy Blizzard players some breathing room,” the article stated. “On the other hand, Blizzard has yet to confirm exactly when attackers breached its systems – and may not yet know for certain – meaning that the attackers may have already had time to decrypt some of the stolen passwords and begin putting them to use.”
Were you affected by the Battle.net security breach? Do you use an authenticator for any of your online accounts?