Mike Morhaime, President and co-founder of Blizzard Entertainment, reported today in a blog post that Blizzard’s security team “found an unauthorized and illegal access into our internal network here at Blizzard.”
Before you start panicking, the Blizzard team has already sealed off the breach and begun investigations into what happened. So far, they have found no evidence of credit card information, real names, or billing addresses being obtained. However, email addresses for Battle.net accounts outside of China were accessed. Furthermore, for players on the North American servers, “the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators” were also obtained.
Blizzard’s team does not currently think that the information obtained is sufficient for the infiltrators to gain access to anyone’s Battle.net accounts, but those same unlucky North American server users also had “cryptographically scrambled versions of Battle.net passwords” retrieved. Blizzard is quick to reassure users that these passwords are protected in such a way that makes them very difficult to unscramble and requires them to be cracked one at a time.
Still, Blizzard urges players to change their passwords immediately. Furthermore, players on the North American servers will be prompted automatically in the next few days to change their personal security question and mobile users will be required to update their authenticator software.