Blizzard has issued a warning that its internal network behind Battle.Net has been compromised by hackers and that users are advised to change their passwords as soon as possible.
The company confirmed that the hackers have managed to get their hands on data including a list of email addresses, personal security question answers and information relating to Mobile and Dial-In Authenticators.
The company is still investigating the breach, but so far nothing suggests that hackers have gained access to real names, credit card data or billing addresses. Based on the available info, Blizzard believes that the collected data is not enough to access any user’s account illegally.
Hackers have also gained access to "cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers;" But according to Blizzard, the passwords were properly encrypted using Secure Remote Password protocol (SRP) which means that the hackers should gain nothing from it. As a precaution however, the company recommends North American players to change their passwords.
A security update notice has been posted on the Blizzard homepage.