Blizzard has responded to the recent upswing of stolen Battle.net accounts since the release of Diablo 3. Although critics might be tempted to point the finger at Blizzard's security, the game company says that every complaint it has investigated has led to a single conclusion: the thief had the user's password.
Although the true origins of recent account intrusions remain a mystery, it is safe to assume the usual suspects have been at work: phishing, untrustworthy third-party software and poorly protected passwords. Battle.net has had a long history of routine account thefts, most notably through phishing attempts and keyloggers. Blizzard admits that with the release of any new game, there is always an increase in compromised accounts and that's exactly what they expected.
We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. Historically, the release of a new game -- such as a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III.
If you're concerned about the safety of your Battle.net account, consider the following:
- Install a virus scanner, if you don't have one already -- I recommend the free and well-regarded Microsoft Security Essentials.
- Get a second opinion. Scan your computer for malware and viruses with a scanner other than the one installed on your PC -- Try ESET's or Kaspersky's online scanners.
- Once you're clean, change your Battle.net password -- make sure to include numbers, capital letters and symbols for maximum protection.
- Use a Battle.net account authenticator. You can download the Battle.net Mobile Authenticator app or actually buy a physical dongle (really) here for $6.95.
- Sign up for Battle.net SMS Protect.
- Don't store your passwords in a Word document or share them with anyone.