If the Blizzard Twitter feed is any indication it appears that accounts from the Blizzard breach are getting popped now.
Just the other day Blizzard was saying that there was little chance that the compromised passwords could be reversed because they were using “double secret super awesomesauce” …ok, well they didn’t say that.
They did say this,
Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.
Hmm.
Still it will be interesting to see them explain this one.
(h/t coolacid)
To be honest, judging by the recent breaches, majority of the passwords are going to be somewhere between “password123” and “wow07” – and a bad password is a bad password – no matter how much SHA-256 you roll around it.
I’m guessing at least some of the hashes should have been brute-forced already.