"This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened", said Blizzard president and co-founder Mike Morhaime in a security advisory.
Morhaime said that email addresses for the company's Battle.net users were illegally accessed. “For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to mobile and dial-in authenticators were also accessed”, he explained.
In addition, the hackers stole encrypted passwords for Battle.net users on its North American servers. “We use secure remote password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password”, he stressed.
The company said that it found “no evidence” that credit card numbers were compromised. The BBC estimated that the breach affected millions of video game users’ accounts.
This is the second data breach at Blizzard this year. In May, Blizzard’s Diablo III video game was hacked within a few days of its launch, and servers in Europe were taken offline for a number of hours as a result.