Important Account Security Message
Dear friends and players!
')
Although our activity is related to entertainment, sometimes the work week does not end as happily as we would like. This week, our security team discovered unauthorized intrusion into the Blizzard internal network. We took action to curb illegal access as quickly as possible and contacted law enforcement and security experts to investigate the incident.
At the moment, we do not have data that as a result of unauthorized entry, illegal access to financial information such as credit card numbers, billing addresses and registered user names was obtained. Investigation of the event is still ongoing, but so far nothing indicates that this data could fall into the hands of intruders.
During the penetration, illegal access to the list of email addresses of users registered outside of China was obtained, as well as some information regarding user accounts playing on North American servers (including players from North America, Latin America, Australia, New Zealand and Southeast Asia). This information contains answers to secret questions and information concerning mobile and Dial-In Authenticator / Phone Lock identifiers. Based on what we know at the moment, it can be argued that this data is not enough for anyone to access user accounts.
We also learned that as a result of the incident, data were obtained about the passwords of users playing on North American servers, stored in a format that is not equivalent to the clear text of the password. For their encoding, the Secure Remote Password Protocol (SRP) was used, which provides a high degree of data protection. This, in particular, means that in order to receive the clear text, each password will need to be decrypted separately. However, we recommend that users playing on North American servers take the necessary precautions and change the account password . In addition, if you use the same or similar password for other purposes, we recommend that you change it.
In the coming days, we will notify users playing on North American servers about the need to change the secret question and the answer to it, and also distribute a notification about the update of the mobile identifier program. We want to remind our users that the official Blizzard employees will NEVER ask for your password. We regret the inconvenience caused to you and we understand that you may have many questions. Please follow this link for more information.
We take the protection of your personal information very seriously and sincerely regret this incident.
Respectfully,
Mike Morheim
Source: https://habr.com/ru/post/149370/