World of Warcraft's in-game screenshot feature has reportedly been secretly embedding watermarks containing user information into the images.
The game's screenshot function apparently embeds a watermark containing an encrypted code which, when decrypted, reveals the account ID and server information for the user who took the image in question, along with a timestamp - without that user ever knowing.
According to those who made the discovery (thanks Kotaku), the encrypted messages don't contain any personal data such as users' real names, IP addresses or passwords, but could be used by Blizzard to trace images revealing exploits or other bad behavior back to the offending user.
But that Blizzard takes such action without having ever notified users has come under criticism, along with raising concerns that hackers could potentially use the information to target specific users. Despite being encrypted, the code can apparently "be easily recovered and decrypted by hackers".
Screenshots taken using external software (like Steam) do not contain the watermarks.
Blizzard confirmed early last month that the Battle.net online service was breached with sensitive account data illicitly acquired by an unauthorised user. Customers were urged to change their Battle.net passwords.