14 DAY TRIAL // Battle.net has been hacked and Blizzard is advising users to change their passwords to make sure that their accounts and their digital assets remain safe.
So, what exactly did the hackers steal?
According to an FAQ published by the company, they’ve gained access to email addresses, the answers to secret questions, password hashes, and information associated with the Mobile Authenticator, Dial-in Authenticator and Phone Lock (a security mechanism available for players in Taiwan).
All the stolen details belong to users from North America, Australia, New Zealand, Southeast Asia and Latin America.
Russian and European players are not as affected since the attackers obtained only their email addresses. Chinese players are apparently not impacted by the breach.
While Blizzard’s representatives claim that no financial information has been accessed, experts stress that the compromised information could still be misused in certain circumstances.
The company has been storing its authentication data “sensibly,” but according to Sophos’ Paul Ducklin, users could still be at risk.
“Nevertheless, since Blizzard's servers hold enough data to verify that you know your password and can type it in correctly at your end, anyone who has a clone of Blizzard's authentication system has what he needs to run a password-guessing attack,” Ducklin explained.
For this reason, it’s important that gamers change their passwords as soon as possible. If you want an expert opinion on how to choose a password and how to keep it safe, you can check out this great advisory we’ve made after the LinkedIn breach.
Security experts from Avast, Sophos, Trend Micro, AVG, independent researchers, and even hackers chipped in their ideas.
On the other hand, companies are recommended to make sure that they properly encrypt the authentication data of their customers.
Of course, as Paul Ducklin highlights, it’s best not to lose the valuable information in the first place, but, as hackers will tell you, security is just an illusion.