Modernizing Authentication — What It Takes to Transform Secure Access
Blizzard Entertainment recently announced that its internal network was breached.
"This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard," company president and co-founder Mike Morhaime wrote on Blizzard's Web site. "We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened."
"Attackers accessed email addresses for global Battle.net users outside of China, answered personal security questions and obtained information tied to mobile and dial-in authenticators," writes Threatpost's Anne Saita. "In addition, the hackers took encrypted versions of Battle.net passwords for those players on North American servers. Those include users from Latin America, Australia, New Zealand and Southeast Asia."
"Blizzard uses secure remote password (SRP) protocol, which provides strong security even for weak passwords," writes Silicon Republic's Elaine Burke. "Passwords protected in this way would need to be deciphered individually, which is a difficult and expensive task for hackers to undertake."
"However Blizzard is still recommending that users of its North American servers change their passwords, as well as their details on any other services where they may use the same information," writes Computer Business Review's Steve Evans.
"While the exact details of the method of breaching their systems still remain to be investigated, it seems they are keeping their users well-informed and providing helpful recommendations, a step in the right direction," writes ESET security researcher Cameron Camp. "While no one wants to be on the receiving side of a breach, importantly, Blizzard are pushing information out to the users from the source though a FAQ here, which is proactive. A lot of consumer-facing websites could learn from the things Blizzard is doing right."