However, the company has stressed that, based on its investigation so far, “credit card and other customer payment data does NOT appear to have been accessed or affected”.
Blizzard, developer and publisher of games such as StarCraft II, World of Warcraft and Diablo III, said the unauthorised access included email addresses associated with Battle.net accounts in all regions bar China, with additional information accessed on the North American servers generally used by Australian and New Zealand players as well as those from North America, Latin America and Southeast Asia.
The latter includes the answer to players’ personal security question, and information relating to Mobile and Dial-In Authenticators.
“Based on what we currently know,” Blizzard said, “this information alone is NOT enough for anyone to gain access to Battle.net accounts.”
In a notice posted online, Blizzard said: “We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken.
“We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually.
“As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.”
The company says it took immediate action on discovering the hack, closing off the unauthorised access and notifying law enforcement agencies and security experts.