Saturday, August 11, 2012

This is how you do security incident response

Blizzard's service got hacked:
Blizzard CEO Mike Morhaime confirmed on Thursday that Blizzard's online service was hacked with email addresses, personal security question answers and authentication data stolen.


The list of items illegally acquired by the breach include email address, answers to user's personal security question plus "information relating to Mobile and Dial-In Authenticators."
That's the bad news.  The good news is that Blizzard is aggressively taking the right steps:
Despite these assurances, the company asks that you change your password by clicking this link. If you used the same password else, Morhaime encourages you to change that too.

Blizzard will be releasing an update to in the next few days that forces players to change their passwords if they haven't already, change their secret question and answer and prompt users to update their authentication software.
Yup.  It's not rocket surgery, it's just realizing that bad news doesn't improve with age.


Chitown said...

Yeah, saw this happen on my son's WOW account. He quit the paid service a year ago and was using the free one and this Thursday I saw a WOW charge on my card. The CC company called me and took it off right away, also sent me a new card number. The hackers did not get my CC number or I would have seen some overseas charges and I checked the pending charges so nothing there. What they could do was acivate the free account to paid with his info pinning the charge on my card. (I let him use my card to initially open the WOW access, looks like they still ahd the info).
No biggie since the card was canceled right away and they did not have the actual CC number, but still means we have to keep on the lookout.

Old NFO said...

Glad they owned up immediately!