Blizzard Entertainment has fallen victim to a security breach and is warning customers to change their passwords.
In a statement issued by Blizzard’s president and co-founder Michael Morhaime, the company said that it had discovered an “unauthorised and illegal access” into its internal network earlier this week, on 4 August, affecting Battle.net accounts. So far, the company has found no evidence that financial or billing information was stolen, although it has confirmed that some data from its servers that was illegally accessed has some security implications.
For North American-based accounts, which will include players from Latin America, Australia, New Zealand and Southeast Asia, the attackers were able to access email addresses, answers to security questions, “cryptographically scrambled versions of passwords”, information related to Blizzard’s mobile and dial-in authenticators, and the Taiwanese phone lock security system.
Accounts located outside of China, including Europe and Russia, only had email addresses exposed. Chinese-based accounts were unaffected.
The company has stated that the mobile authenticator information has the potential to undermine the company’s two-factor authentication scheme. Mobile authenticator works as a software-based two-factor authentication token, displaying a time-based code that players must enter during log-in, if they have opted into the additional security.