Blizzard, the company behind such huge games like World of Warcraft and Diablo 3 has confirmed that hackers have breached its internal security compromising usernames, emails, encrypted passwords and security questions.

Battle.net hacked

Blizzard has confirmed that some accounts have had usernames, encrypted passwords, answers to security questions and information associated with Battle.net's Authenticator have been compromised, with players using the North American Battle.net servers to connect to games like World of Warcraft, Diablo 3 and Starcraft.

In a statement posted on its website, Blizzard said: "Our security team found an unauthorised and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened."

Hackers did get access to usernames and passwords, but Blizzard says it's found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. However it cannot completely rule out the possibility, and its investigation is ongoing.

Blizzard discovered the breach on 4 August but decided to announce the breach today, 9 August, as it wanted to first re-secure the network. "We wanted to strike a balance between speed and accuracy in our reporting and worked diligently to serve both equally important needs."

The data which was accessed includes a list of email addresses for global Battle.net users, outside of China. For players on North American servers, which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia, the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed.

Encrypted passwords were also stolen during the attack, again for players on North American servers, but given time the hackers will be able to crack them despite what Blizzards says about the encryption used.

"We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually." 

However with security questions compromised the possibility of the hackers resetting the passwords is certainly a possibility. In response to this, Blizzard said: "This was a difficult decision to make but in the end we believe that keeping the secret questions and answers in place still provides a layer of security against unauthorized users who don't have access to the compromised data."

Blizzard is recommending that all players using North American servers to play games like World of Warcraft to change their passwords. "In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process," Blizzard said.

So far no group has taken responsibility for the hack, and it is unclear if it was carried out for financial gain, or if it was carried out to highlight the poor security protocols implemented by Blizzard.

More information on the breach can be found here.