Blizzard's CEO, Mike Morhaime, made an important post on the official Battle.net website, letting every Battle.net user know that Blizzard's “bullet proof” database has been hacked. The good news is that the hackers did not retrieve financial information or credit card data, the bad part is that usernames, passwords and other information were taken across the entire Battle.net service, which includes World of Warcraft, StarCraft II and Diablo III.
The Battle.net post [via Examiner] is straight to the point and acknowledges the fears that many gamers had ever since May, that something like the RMAH would make Blizzard an even bigger target for nefarious individuals. And while the actual target of the hacks was not revealed, it's not hard to guess that criminal circles would have a financial feeding frenzy on Blizzard's user database especially with all the credit and PayPal attached to a lot of Battle.net accounts.
Morhaime states a frightening reality in the post, though, saying...
Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.
A writer with a much higher sense of integrity or decorum would take this time to end the post warning you about changing passwords to any online institution you use, especially for any service handling e-banking. However, I'm not that writer and I don't know what "integrity" means, so instead I'm going to use this platform to say: Blizzard, we all told you so.
Always-on for Diablo III forced every player to be online, to submit a lot of personal information and worked as a safeguard for the RMAH, which has already become popular enough in the underground markets to spawn publicized clones. Naturally, Diablo II already had a bustling black market and Diablo III has already far surpassed Diablo II's numbers, so having a bustling black market and an RMAH circulating money around Diabo III makes it a mouth-watering target for any criminal organization. In plain terms, digital crooks would have been crazy not to attempt to hack Battle.net.
Now, many defenders would say “But a lot of companies get hacked and have user data stolen”, yes they do, but how many video game companies have a series of games as popular or as big as Blizzard? Also, how many of these same companies are using a Real-Money Auction House market for virtual trading? Exactly.
Blizzard getting hacked is almost...almost equivalent to PayPal getting hacked. Sadly, even with the extra measure of security and password resets, authenticator flushing and secret questions getting a redo, the elephant in the room is still the Real-Money Auction House. I mean, a guy just nabbed $10,000 legitimately by trading non-existent goods. Tell me that crooks wouldn't want to hit some of that booty? But so long as a service like the RMAH continues to exist I doubt this will be the last time Battle.net gets hit, and the always-on DRM looks like a fool in the process.
Goodbye rights, hello greed.
It goes without saying that you should immediately change your passwords, modify your secret questions and take all necessary precautions as if you found out a thief had a key to your house.