Battle.net compromised

[Correction]

Press Release

F.A.Q.

Change your passwords immediately.
You can't change your security question/answer yet.
Mobile authenticator data was grabbed (i.e. phone numbers). Keychain authenticators should still be fine.
Now would be a good time to check out services like keepass to store your passwords/secret answers.
Don't forget this easy primer on how to pick a secure password, even though battle.net stops you at 16 characters.

[Eanae]

All passwords were salted/hashed so no big deal there. Nothing stolen is enough to steal an account straight up, but the list of emails grabbed has to be absolutely massive.

[arus2001]

*snickers*

[Lucavi]

Is this the future of online gaming? Ugh. Every major game. Every time. I can't even take 3 months off of a MMO without coming back to a hacked-and-stolen character.

[Eanae]

Nothing was taken that should lead to a stolen account. Passwords were luckily properly encrypted as they should have been (eyes on you Sony). Authenticator stuff may be a mess to clean up for sure. The major thing taken here is your email address. Incoming 100x more phishing emails. Really have to keep an eye on any correspondence from Blizzard for secure links for quite a while now...

[Plow]

*snickers*

THIS IS IMPOSSIBLE THEY WOULD NEVER ACTUALLY ADMIT GETTING HACKED OMG WE'RE ALL HALLUCINATING AND THIS REALLY HAPPENED A FEW MONTHS AGO AND THEY'RE NOT ACTUALLY ADMITTING IT!

[Kaisha]

Incoming 100x more phishing emails.

I still get BNet phising e-mails to my old ISP-tied e-mail account even though I've not had it associated with BNet in over 5 years. Thankfully Gmail seems pretty on top on what's obvious phising and what isn't, so it shouldn't affect my current address too much.

At least they were on top of shit.

[Rhyis.]

Luckily I send everything I get from Blizzard straight to junk already.

Actually as I say this I've got 10 new emails in my junk folder right now from "Blizz" and "Diablo".

[Lucavi]

Been getting a bunch of new spam email. Why am I not surprised. Blizzard is just too big a target.

[Plow]

Not sure if I'm getting anything new or not, but the same amount as usual of the ones that are cloning my own email (i.e. it says it's from "Blizzard Services, myemail@address") are leaking through into the shit I actually look at.

[Meph]

is it only NA that got h4x0r3d? I dont wanna change my pass again :/

[Aevis]

is it only NA that got h4x0r3d? I dont wanna change my pass again :/

don't have to fear anything else than more spam if your account isn't on NA servers:

North American-based accounts, including players from Latin America, Australia, New Zealand, and Southeast Asia

- Email addresses
- Answers to secret security questions
- Cryptographically scrambled versions of passwords (not actual passwords)
- Information associated with the Mobile Authenticator
- Information associated with the Dial-in Authenticator
- Information associated with Phone Lock, a security system associated with Taiwan accounts only

Accounts from all global regions outside of China (including Europe and Russia)

- Email addresses

China-based accounts

- Unaffected

[Correction]

Nothing was taken that should lead to a stolen account. Passwords were luckily properly encrypted as they should have been (eyes on you Sony). Authenticator stuff may be a mess to clean up for sure. The major thing taken here is your email address. Incoming 100x more phishing emails. Really have to keep an eye on any correspondence from Blizzard for secure links for quite a while now...

The secret question/answer pairs are also problematic as it makes it easier for someone to phone blizzard and provide those for access. Blizzard can guard against this with stronger phone support policies, but I'm willing to bet a lot of bnet users also use identical question/answer pairs on more important online accounts like banking.

[Eanae]

I'm going to go out on a limb and say they won't allow that information to reset passwords until they have everyone change theirs (speculation obviously). They also ask for a cd key that's tied to your account to do anything regarding password/authenticator resets so it really doesn't effect anything within battle.net anyways.

[Dimmauk]

But I use an authenticator! I can't be hacked. It's the players fault not blizzard.

[Eanae]

But I use an authenticator! I can't be hacked. It's the players fault not blizzard.

Sony, EA, Riot, Valve, Trion, Dropbox, LinkedIn, and countless other organizations hacked within the last year. If someone wants into a database bad enough they'll get into it. All the information that really matters was protected. Go circle jerk somewhere else.

[Cleverness]

The Sony info actually wasn't that protected.

[Eanae]

Yeah I know. Mentioned that in an above post. I meant blizzards info is protected. From their blog post it looks like all passwords are uniquely salted so even of you happened to crack one password (which won't happen), you'll have to individually crack them all.

[Dimmauk]

But YOU said it was the players fault. Do I need to go back and quote? Blizzard fucked up. Story end. I'm still playing btw.

[Eanae]

If the players are having their accounts stolen it still is their fault. How dense are you to realize nothing stolen here will lead to hacked battle.net accounts?