Blizzard Entertainment, the company behind the insanely popular World of Warcraft franchise and, more recently, Diablo III, confirmed that it's Battle.net game service suffered a security breach that compromised certain user data. The full extent of the hack attack is still unknown, but at this stage, Blizzard doesn't believe that any financial data was lifted, including credit card info, billing addresses, or real names.
At minimum, a list of email addresses for global Battle.net users living outside of China were compromised in the data breach, Blizzard said in a statement . For players living in North America, cryptographically scrambled versions of Battle.net passwords (but not actual passwords) were taken.
"We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually," Blizzard explains. "As a precaution, however, we recommend that players on North American servers change their password."
While actual passwords may still be safe, Blizzard said the hackers were able to extract players' personal security questions, and were also able to access information relating to Mobile and Dial-In Authenticators. Blizzard stressed that this information alone is not sufficient to access Battle.net accounts.