Shouldn't users be changing their battle.net email addresses as their primary concern? This was the first thing I did.Ideally you should have a e-mail address that is for Blizzard only, use it for no other purpose and the password for that e-mail account should be unique. Having a unique e-mail addy and a unique password for that e-mail account is more important than having a strong password on that account because it cabins any damage a hacker might do. In other words, it's better to have an isolated account with a weaker password than a combined account with a stronger password. After you have set up a new e-mail account then change the password on your Blizzard account.I didn't even bother to reset my authenticator. edited to add: Since my e-mail was isolated to begin with I simply deleted the entire e-mail account after creating a new one on a different e-mail provider.
You're welcome to change your email address if you feel concerned about it. However, even if the individuals did manage to get your exact email address and the answer to your Security Question they still don't have access to your email address to actually gain access to your account. They'd need to know your email accounts password in order to actually get in and do any resets and that sort of thing. I'm certain that if Blizzard was concerned about that aspect they would have suggested it be changed. All they've asked for is your password to be changed and they'll be setting it up to change security questions/answers and update the Mobile Authenticator service as soon as they can.Thanks for the reply, sas148. I was more concerned with account theft via the customer service telephone line. I'm fairly certain I can get my authenticator removed just by knowing my battle.net email address and the answer to my secret question, both of which were pieces of information that were stolen. Because of the threat I perceive that someone could remove my authenticator, I thought it would be best to change my email.Am I mistaken? Does an account thief need more than my battle.net email address and the answer to my secret question?
Yes. They mentioned in one posting that in light of the hack customer service was adding additional verification to changes made over the phone.That doesn't mean that changing you e-mail address is a bad idea. I'm certain that if Blizzard was concerned about that aspect they would have suggested it be changed.That's an ugly way to state your point. Based upon the information released so far there is no reason to change your e-mail address as a specific response to this particular event. Blizzard is concerned about this aspect of security, however. If this security breach prompts more people to consider how their long-in credentials are secured that's all to the good.Do you have to change your e-mail in response to this event? No. Is it good security practice to reevaluate your on-line security arrangements in light of this event? Yes. Might that lead one to create a new e-mail address? Yes.
RIP people who don't change the passwords within a day or two. The lazy people at Blizzard don't even use case-sensitive passwords, which means that even hashes will be deciphered really, really soon.Well then, good thing that they're using SRP, not hashes.
See this is the reason I use time codes rather than use a credit cards when it comes to sub mmo games