Saturday, August 11, 2012

This is how you do security incident response

Blizzard's service got hacked:
Blizzard CEO Mike Morhaime confirmed on Thursday that Blizzard's online service was hacked with email addresses, personal security question answers and authentication data stolen.


The list of items illegally acquired by the breach include email address, answers to user's personal security question plus "information relating to Mobile and Dial-In Authenticators."
That's the bad news.  The good news is that Blizzard is aggressively taking the right steps:
Despite these assurances, the company asks that you change your password by clicking this link. If you used the same password else, Morhaime encourages you to change that too.

Blizzard will be releasing an update to in the next few days that forces players to change their passwords if they haven't already, change their secret question and answer and prompt users to update their authentication software.
Yup.  It's not rocket surgery, it's just realizing that bad news doesn't improve with age.

No comments:

Post a Comment