Battle.net accounts compromised, user info stolen
Information lifted included email addresses associated with Battle.net accounts, cryptographically scrambled versions of passwords (not actual passwords), the answer to a personal security question, and information relating to Mobile and Dial-In Authenticators, the company said in a statement.
This was not enough information for the hackers to gain access to accounts, Blizzard said, adding that credit card and other customer payment data did not appear to have been accessed or affected.
As a precaution, the company is encouraging players to change their Battle.net password and any similar passwords used for other purposes.
Blizzard said it has has closed off the unauthorised access and notified appropriate law enforcement.
"We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually," said Blizzard president Mike Morhaime.
"As a precaution, however, we recommend that players on North American servers change their password."
In the coming days, Blizzard intends to prompt players to change their secret questions and answers through an automated process.
Mobile authenticator software would also be updated soon.
"We deeply regret the inconvenience to all of you and understand you may have questions," said Morhaime.
"We take the security of your personal information very seriously, and we are truly sorry that this has happened."