Monday, July 12, 2010

ESRB mistakenly releases player email addresses

Many people have asked me how the bad guys get hold of our battle.net login id's - the same bad guys that inundate us with WoW phishing emails and do dictionary attacks on our battle.net logins.

The team at wow.com have published an article on how the Entertainment Software Rating Board (ESRB) managed to mistakenly release almost 1000 email addresses of wow players that wrote to them to complain about Blizzard's plan to use real names on the official wow forums.

This email list is a gold mine to the bad guys, especially where these email addresses match up with battle.net ID's.  There is little doubt that these 1000 email addresses will end up on WoW phishing lists and that they may also be targets for WoW dictionary attacks.

If you recently wrote to ESRB and you used the same email address as your battle.net ID then please consider changing your battle.net ID to a new, unique email address.

You can read more about the mess-up at Wow.com