August 20, 2012
Gamers who immerse themselves in virtual worlds are being warned that their online identity could be accessed by unauthorized users.
According to the BBC, a number of high-profile gaming companies have been targeted in recent weeks with Blizzard Entertainment, maker of World of Warcraft and Diablo 3, reporting that hackers were able to access the security questions and email addresses of players. The company claims that there is no evidence that the data breach led to the loss of any credit card information, but they have advised every member of the massively multiplayer online role-playing game (MMORPG) that they should change their Battle.Net passwords.
The attack happened on August 4 and, according to Mike Morhaime, the chairman of Blizzard, an investigation into the hack showed that the focus of the breach seemed to be for all users outside China. Online games, especially MMORPGs are very popular in North America, and servers at various locations were subject to "unauthorized and illegal access." Players in Australia, New Zealand and Latin America were also targeted, with the hackers stealing a number of encrypted passwords, but Morhaime said that there was no evidence that the real names of gamers had been exposed.
The business of fun
"Even when you are in the business of fun, not every week ends up being fun," Morhaime wrote on the company blog. "This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened."
Paul Ducklin, a researcher for cybersecurity firm Sophos, said that "Blizzard has just owned up to a data haemorrhage." Writing on the company blog, he advised that the virtual world creator was a "sensible" storer of data and this would soften the impact of the theft.
"It was painful but probably but not too bad, " Ducklin said.
World of Warcraft currently has 9.2 million subscribers across the world and is widely acknowledged as the most expansive game of its type, with many players assuming alternate identities. While the hackers may only have been able to scratch the surface of the data in Blizzard's possession, the company apologized to every subscriber, irrespective of whether they had lost information or not.
"We take the security of your personal information very seriously, and we are truly sorry that this has happened," said Morhaime.
-McAfee Cloud Security