There are games online that will let you do anything, go anywhere and be anyone, ostensibly. They provide an immersive experience with rich artwork and stirring musical scores, brimming with fantasy adventures and futuristic technology that puts the player in the role of the epic hero. These games also require monthly subscription fees and a good amount of personal data to sign up and play, making host servers a ripe target for hackers.
Recently, one of the biggest names in the massive multiplayer online role-playing gaming (MMORPG) world, Blizzard, took another hit to its declining user base. A hack of its main account servers jeopardized personal information of all its users across its entire interface, drawing the company's server security practices into question.
Internal errors abound
As a leader in online gaming entertainment, Blizzard collects monthly user fees for its many popular games. World of Warcraft, Diablo 3 and Starcraft 2 pull over 10 million users to Blizzard's servers on a regular basis and each of these users pays for access to each individual title.
All these transactions are tied to a single account through Blizzard's Battle.net website. This server is responsible for housing payment information, names and addresses, phone numbers, email addresses, ISP trackers and physical location data for every player. The company has long been in the habit of coaching its users on best practices for data security, reminding players every time they log into a game to purchase a special security device offered through the Battle.net store, and otherwise to never give out password information to any player or via an email request.
However, it wasn't a user error that resulted in a recent hack of the entire network. Battle.net's server security has been so consistent over the years that hackers were simply able to finally break through its protections, resulting in a massive data breach.
According to InformationWeek, the company released a security update in response to the hack that potentially compromised all personal data for every one of its users. Blizzard stated that financial information was not accessed, but that email addresses and other account information had been leaked. Fortunately, the company has long been in the practice of using heavy encryption for all its user passwords, so while these codes were also stolen, the company doubts hackers will be able to discern the true information and jeopardize accounts further.
A troubled relationship
Blizzard is not only the best-known online gaming companies, it's also the biggest. World of Warcraft, its flagship title, has been seeing declining subscribers over the past couple years, yet it still holds a commanding lead in numbers. Over 9 million people currently pay the monthly fee to use Blizzard's servers and play online, according to The Oceanic Gamer.
Despite the company's statement that it feels accounts shouldn't be further compromised, International Business Times reported some Diablo 3 users are seeing attacks on their PayPal information tied to Battle.net accounts. The source reported that users are finding money laundering activity in their financial profiles after the reported Blizzard attack, and as many Starcraft and Diablo payments come through the online service, some are concerned that the attack has already compromised more sensitive data.
A statement from the company reiterated the previous message . "At this time, we've found no evidence that financial information such as credit cards, billing addresses or real names were compromised," the company stated on its website. Our investigation is ongoing, but so far nothing suggests that these pieces of information were accessed."
Unfortunately, Joseph Hanlon, a writer for CNET, already had his PayPal information hacked due to Diablo 3, so Blizzard's statement may fall on deaf ears. The incident in question may have more to do with PayPal's data security than Blizzard's, but some feel the company is still at fault for allowing personal accounts to be waylaid so thoroughly.
If Blizzard's account is correct and no financial data was stolen, it still puts every user of the Battle.net system in danger. Millions of email accounts and other information have been handed to hackers, meaning those with accounts could begin to see a huge influx of spam and phishing attempts. If hackers should figure out how to decrypt Blizzard passwords, the threat could become even bigger. Right now InformationWeek wrote, the company is urging users to change their passwords and other personal data so as to assist with the recovery, but when server security at some of the biggest online entities is drawn into question, it's a sign that the hacking community is getting even more virulent.