Blizzard’s Battle.Net Hacked, Details Compromised

“This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard,” says a security bulletin posted last night on Blizzard’s website.

“Some data was illegally accessed,” it adds, before listing what they think was compromised. It includes email addresses, personal security question answers and – worryingly – “information relating to Mobile and Dial-In Authenticators” which translates to hashed phone numbers.


Passwords were also accessed, although Blizzard use “cryptographically scrambled” passwords which use SRP to protect them, so they should hopefully remain encrypted. That said, Blizzard do recommend passwords are changed.

If you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well, says the bulletin. This is common sense – don’t reuse passwords.

There is no evidence that financial information was affected or accessed, says Blizzard. Thankfully, there’s also no evidence that personal information such as real names or billing addresses were accessed, which is hopefully some comfort.

China-based accounts appear to be unaffected by the hack.

For anyone still concerned that has a Blizzard account with there’s a FAQ with additional information here that you should definitely read.



  1. *sigh* seriously, this is exactly why I buy all of my Microsoft Points, XBL and PSN credit from shops. Plastering my personal details all over the web just doesn’t seem a great idea.

  2. According to the FAQ European users only had their E-Mail address leaked. I think I’m fine.

  3. And this is why I’ve started using unique passwords for every service, so that when one is compromised there is only one password that needs changing (bit of a pain to keep track of them all though)

  4. Going to have to remove my details from the PSN I think and XBL. It’s a risky business.

    Yawn at these hackers though, such talent wasted on such negativity.

    • They probably do not see it as a waste of their talent if someone is willing to pay them handsomely for what they reap.

      • That is if it’s not for their own benefit from the start.

  5. Always a bit sceptical about the claims of resilience of the SRP protocol. It still requires a recoverable password on the server side, even if it is salted, scrambled and encrypted. It cannot be as secure as a salted and hashed password. In a situation like this, rather than “advising” a change of password, forcing a change of password would be more secure, although there would no doubt be some outcry from users.

    • “even if it is salted, scrambled”
      I want eggs on toast now :(

  6. Is nothing safe :(
    Seems like this is just going to give diablo 3 players an even harder time than iv heard they are getting already.

Comments are now closed for this post.