Blizzard's Battle.net hacked, (encrypted) passwords, email addresses, security questions and mobile authenticator data stolen in major breach
Blizzard has announced officially that Battle.net, the gaming company's online platform, has been hacked, and that personal information has been taken.
Blizzard, the makers of the popular games World of Warcraft, Starcraft II, and the monster hit Diablo III, says that while personal information was taken, credit card and financial details were not. What was taken though were the email addresses of all Battle.net members (excluding those from China), and for those using the North American servers, answers to personal security questions and "information relating to Mobile and Dial-In Authenticators" were also taken.
Battle.net passwords were also stolen, but as they're encrypted and needs to be decrypted on an individual bases, it is unlikely that the hackers could gain access to user's accounts via these taken passwords.
But as a precaution, Blizzard will be asking all affected users to change their password (and change the password of any other online service that used the same stolen password), security answers and to update the software for their mobile authenticators.
It is still unknown at this point who is behind the hack, and what their intentions are when it comes to the stolen data, but Blizzard's Diablo III is seen as an attractive target for hackers. This is the case because of Diablo III's controversial "always-on" DRM system, which was implemented as a way to prevent both piracy and hacking. Diablo III's "Real Money Auction House" also offers a financial incentive for hackers to infiltrate Blizzard's system. The Auction House allows in-game items to be traded with real money, and there have already been reports of successful exploits that allows duplicated items to be created.
A FAQ on the security breach can be accessed here.