On March 5, 2012, Curse community IPB sites were targeted by hackers and for a brief amount of time unauthorized individuals had access to the Administrative Control Panel interface. This intrusion was quickly noticed, however the intruders retrieved a large portion of user records from the IP.Board sites. The information downloaded included Usernames, E-mail addresses, IP addresses where you originally registered from, and an encrypted version of your password.
First, we'd like everyone to rest assured that Curse is very aware of this situation, and we've already begun taking steps to make sure this incident will not happen again.
The passwords in the stolen data are encrypted, and it is unlikely that the intruders would ever be able to get your actual passwords. Curse uses a number of security features to ensure your passwords are secure:
- The passwords are encrypted using a one way hashing algorithm and were salted, so they appear as scrambled text and your plain text password is not retrievable from it.
On behalf of Curse, we would like to apologize to you for this inconvenience. We take your security extremely seriously and believe that being forthright about anything that may compromise your security is the correct course of action. Please take this time to update whatever passwords you need to update, and please post if you have any questions, comments or concerns.
This is a good time to remind everyone about general account security habits that will help ensure your safety online.
- Use different, complicated passwords for all your accounts. Your Email passwords, your game account passwords and your passwords on various websites should all be unique. If you have trouble remembering them, write them down on a piece of paper and put them in your wallet (without the usernames/sites). This way, if for some reason your password on one of the sites is compromised, all your other accounts are safe.
- Try to have passwords that are long (over 16 characters) that you can remember. Read this very helpful article on how to come up with secure and memorable passwords: Create strong passwords
- Avoid clicking links from your email, as spoofing and other tricks can make an email appear like it comes from a legitimate source. Whenever you want to log on your account, go directly to the website by typing the URL in your browser, and check that you've spelled the address correctly.
- Keep your browser up to date! Modern browsers have a lot of security features and lack the vulnerabilities older browsers might have.
- Use an anti-virus on your computer. If you're a Windows User, Microsoft Security Essentials is a free and easy to use anti-virus, and it's that's one of the best performing ones too.
- Use two factor authentication whenever you can. A two factor authentication system is an additional layer of security, typically a one time password generated or texted to your phone, or generated by another device that you have to enter in addition to your main password. Some examples are the Battle.net Authenticator, Google's 2-step verification and Facebook's Login Approvals. These nifty two factor authentication tools will ensure your Battle.net, Google and Facebook accounts are much more secure.
- Make sure you've got a recovery email address on your primary email in case something happens to it, so that you may get your email back.