Earlier today we received word that Blizzard’s battle.net servers have been hacked, and with a recent influx of 10 million users thanks to Diablo III‘s launch, that makes this potentially devastating for a lot of people. Blizzard has since released an FAQ on battle.net, telling users what exactly was compromised and what remains secure. Those with a North American account (which includes people in Latin America, Australia, New Zealand, and Southeast Asia) were hit the hardest, so if that’s you, read on to find out what you can do to keep your account safe.
When it comes to staying safe after the hack, the first place you’ll probably want to start is changing your password. Blizzard says that the intruders only made off with cryptographically scrambled versions of passwords – meaning that it wasn’t your actual password that was stolen – but its investigation is still ongoing. It could find more evidence of password theft as time goes on, but even if it doesn’t, changing your password as soon as you can isn’t a bad idea. This is especially true if your password for battle.net is the same one you use for other online accounts (if that’s the case, be sure to change those too).
Blizzard says in the FAQ that while mobile and dial-in authenticators were compromised (dial-in authenticators to a lesser degree), physical authenticators are still believed to be intact. This means that if you have a physical authenticator, now is the time to use it, and keep on using it if you were already. In the event that these hackers do manage to figure out your password, the physical authenticator will provide an extra layer of defense. Some claim that Blizzard’s authenticators aren’t a sure thing, and that may be the case, but in this situation there isn’t much reason to believe you’re actually better off without one.
Now for something that is a bit alarming: answers to secret questions were taken during this breach. When paired with an email address, that could provide an easy way into your account, and the bad news is that there currently isn’t a way to change the answers to your secret questions. Even worse is the fact that Blizzard has opted not to suspend secret questions, as it believes that leaving them active does more good than harm. In any case, Blizzard will be asking battle.net users to update their security questions soon, and it’s a very good idea that you do so as soon as possible after receiving the prompt. Doing so closes a backdoor that hackers could use to easily gain access to your account.
Make no mistake, this breach could have been a lot worse, but the steps above will still help ensure that you stay safe as Blizzard continues its investigation and begins rolling out software updates. We’ll likely be finding out more about the breach in the coming days, so keep it tuned to SlashGear for more information.