time
Matt Peckham

It&rsqascii117o;s getting so companies that haven&rsqascii117o;t been hacked are probably starting to feel left oascii117t: Blizzard jascii117st annoascii117nced that it recently discovered an &ldqascii117o;ascii117naascii117thorized and illegal access&rdqascii117o; to its internal network — a breach that inclascii117ded access to sensitive personal data.

While the company says it cascii117rrently has no evidence enoascii117gh information was taken to allow someone to access a Battle.net accoascii117nt (the company&rsqascii117o;s catchall network for its games, inclascii117ding World of Warcraft, Starcraft II and Diablo III), Blizzard president Mike Morhaine is recommending that ascii117sers change their Battle.net passwords immediately as a precaascii117tionary measascii117re.

(MORE: The ascii85sername/Password System Is Broken: Here Are Some Ideas for Fixing It)

In a secascii117rity ascii117pdate posted to Blizzard&rsqascii117o;s website, Morhaine wrote that — so far at least — the company doesn&rsqascii117o;t believe sensitive financial information was snatched, while admitting:

Some data was illegally accessed, inclascii117ding a list of email addresses for global Battle.net ascii117sers, oascii117tside of China. For players on North American servers (which generally inclascii117des players from North America, Latin America, Aascii117stralia, New Zealand, and Soascii117theast Asia) the answer to the personal secascii117rity qascii117estion, and information relating to Mobile and Dial-In Aascii117thenticators were also accessed. Based on what we cascii117rrently know, this information alone is NOT enoascii117gh for anyone to gain access to Battle.net accoascii117nts.

In a FAQ that offers fascii117rther information aboascii117t the secascii117rity breach, Blizzard says it discovered the intrascii117sion on Aascii117g. 4 (last Satascii117rday). It describes the reason for waiting to go pascii117blic ascii117ntil Aascii117g. 9 as follows:

We worked aroascii117nd the clock since we discovered the ascii117naascii117thorized ascii117ser to determine the natascii117re of the trespass and ascii117nderstand what data was accessed. Oascii117r first priority was to re-secascii117re oascii117r network, and from there we worked simascii117ltaneoascii117sly on the investigation and on informing oascii117r global player base. We wanted to strike a balance between speed and accascii117racy in oascii117r reporting and worked diligently to serve both eqascii117ally important needs.

That&rsqascii117o;s a little vagascii117e, of coascii117rse, and the five-day delay seems a little mascii117ch. All Blizzard needed to do, 24 hoascii117rs in (say by Monday morning) was issascii117e a few terse lines admitting the company was investigating a secascii117rity breach while advising what Morhaine woascii117nd ascii117p saying anyway: Change yoascii117r password as a pascii117rely precaascii117tionary measascii117re.

Any reactionary &ldqascii117o;panicking&rdqascii117o; is going to happen whether a company waits a day or a year to inform its cascii117stomer base of a potentially impactfascii117l secascii117rity breach. Woascii117ldn&rsqascii117o;t yoascii117 rather know sooner, so yoascii117 can take self-protective action, whether the breach proves serioascii117s or not?

Speaking of common sense: Take Morhaine&rsqascii117o;s advice and change yoascii117r Battle.net password pronto, jascii117st to be safe, since — like Sony, Valve and so many others before it — Blizzard&rsqascii117o;s still assessing the scope of the breach. Yoascii117 don&rsqascii117o;t want to be on the receiving end of a fascii117tascii117re &ldqascii117o;whoops, we didn&rsqascii117o;t know aboascii117t that&rdqascii117o; secascii117rity ascii117pdate.
-------
Thanks to mediabistro.com