Blizzard has just announced through a post on their site by President Mike Morhaime that earlier this week there was an unauthorized breach of their network and that certain information has been compromised. Blizzard acted quickly, closed off access, and has been working with both law enforcement and security experts in order to investigate what took place.
The breach occurred on Saturday, August 4, and Blizzard has been working diligently in order to keep user information safe. As of now, their investigation has found no evidence that important billing information like credit card numbers, billing addresses, or real names were taken. Morhaime writes that, “Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.”
Some information, however, was compromised such as a list of email addresses for Battle.net users outside of China. Answers to personal security questions, and information related to Mobile and Dial-In authenticators for North American servers were also compromised. According to Blizzard, these servers generally include “players from North America, Latin America, Australia, New Zealand, and Southeast Asia,” so precautions should be taken no matter where you live.
Blizzard does stress, however, that based on what they currently know, “this information alone is NOT enough for anyone to gain access to Battle.net accounts.” Morhaime goes on to say that “cryptographically scrambled versions” of Battle.net passwords from North American servers were also taken, but that these aren’t actual passwords and that they would be difficult to extract. Either way, Blizzard recommends that you go ahead and change your password anyways by clicking here.
Over the next few days, Blizzard will be prompting players to change their security questions, as well as prompt users of the mobile authenticator to update their software. And of course, users are advised to be careful of phishing emails that will ask for passwords and login information. Blizzard, like every other company, will never ask you for your password.
“We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here. We take the security of your personal information very seriously, and we are truly sorry that this has happened.”