In a month that’s seen major password breaches for several sites, it felt like it was only a matter of time before the passwords for a game were compromised, and this time, it’s one of the biggest. Blizzard have announced that Battle.net’s database has been compromised, however, due to Blizzard hashing user passwords, it’s unlikely that user passwords have been leaked.
According to Blizzard’s announcement, names, addresses and credit card details have not been accessed, however email addresses, security question answers and information relating to mobile and dial-in authentication was accessed. Blizzard says that this information alone is not enough to access a Battle.net account.
Blizzard has made a big deal out of making sure Battle.net accounts are as secure as possible, especially in the lead-up to the Diablo III real money auction house, so this is quite a blow for them. On the bright side, it shows the value of using good encryption on user passwords.
Blizzard are recommending, but not requiring, that users change their passwords, and they will be requiring users to update their security questions in the coming days.