Massive Blizzard security breach: change your password

Blizzard has notified Battle.net customers that an internal security breach has compromised user log-in details.

The company, which runs game servers for several MMO titles, including World of Warcraft, StarCraft II and Diablo III, published an announcement on its website advising Battle.net customers to change passwords.

The breach, the post explained, was an internal one.

This week, our security team found an unauthorised and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

So far, Blizzard has found no evidence that financial information, such as credit card details, billing addresses or real names, had been compromised, but a list of email addresses for all players outside of China was accessed.

In addition, for players on the North American servers (which includes Australia and New Zealand), answers to personal security questions and information about Battle.net Authenticators were also accessed — as well as cryptographically scrambled versions of Battle.net passwords. Note that these are not the actual passwords — the person or people who stole them will have to unscramble them in order to gain access to Battle.net accounts.

Blizzard will be prompting users to change their passwords, change their personal security questions and, if you have an Authenticator, to upload the Authenticator software.

For more information, Blizzard has compiled an FAQ here.