Blizzard Entertainment, creators of World of Warcraft and Diablo III, was hacked this week. As the creators of such incredibly popular games, you might think this would be the time where we would all be inundated with frothing articles about why this should cause you to run out and change the passwords on everything in sight. But thankfully, you’re unlikely to see that this time. Blizzard did one thing very right in terms of protecting their users’ passwords.
At this point, it looks like all that was taken was this:
It does not appear that this information that was taken is enough to gain access to Battle.net accounts. And the best news is that last item. The passwords were not simply “hashed,” but also “salted.” For those of us who only know those two terms in the context of potato-y breakfast treats, here’s a very simplified explanation:
Each of these alone does not represent a sufficiently significant hurdle to someone being able to bulk process the list and get the passwords out again. But by combining them, it makes it so someone would have to individually process each password, and at a good cost of time for each password. So while this doesn’t mean the password list is useless, it does mean it’s unlikely the breach of this list will cause much harm. It’s still a good idea to change your security questions and password for Blizzard and any other site where you used the same question or password (and don’t forget to choose a strong password).
