The Heartbleed bug and its effect (or lack thereof) on Battle.net
The Heartbleed bug, as it's been dubbed, is certainly hot news lately, with various sites being impacted and password reset advice abounding. But Blizzard has some good news: Battle.net was unaffected. However, the advice is to change your password if you used the same one elsewhere.
This is especially true if you're using the same email and password combination as you use for your Battle.net account on other sites. A big way that players get hacked, especially those without authenticators, is that their guild forums get hacked, or their email gets hacked, or their Facebook. Once those username and password combinations are known, it's possible for hackers to try them in various different places, one of which might be your Battle.net account. So be careful, mix up your passwords, and in light of these recent security issues, consider changing your passwords.
It's also a good idea, again as a general rule, to get into the habit of changing your passwords fairly regularly, for everything. So now might be a great time to start, even though Battle.net is unaffected by the recent issues. Hit the break for Blizzard's full post.
We want to emphasize that Battle.net's encryption was not affected by this vulnerability. However, if you use the same password on Battle.net that you use elsewhere, your Battle.net account could be at risk if those sites were affected by this bug.
If the above situation applies to you, we recommend changing your Battle.net password to a new, unique password. As always, we recommend that you maintain separate login credentials for each online service you use. Using the same email or password across multiple services greatly increases the potential impact of any compromise.
More information about the Heartbleed vulnerability can be found at http://heartbleed.com, and you can find additional information on how to protect your Battle.net accounts at http://www.battle.net/security.
