Hackers have broken into the Battle.net online gaming community owned by Blizzard and accessed email addresses, encrypted passwords and account recovery details.
The hack was detected this week and affected gamers outside of China.
Passwords, recovery questions and “mobile and dial-in authenticators” were compromised on accounts that use Blizzard's North American servers. This included players from Australia, New Zealand, Southeast Asia and the US.
The information was not enough for accounts to be accessed, Blizzard president Michael Morhaime said in a statement.
He did not reveal how the hackers broke in but said financial data was not compromised.
Passwords were encrypted with the Secure Remote Password Protocol (SRP) which made recovery difficult.
However, Blizzard will soon force gamers on the North American servers to change their recovery questions and passwords, and has recommended they change those passwords re-used on third party web sites.
Morhaime said Blizzard “quickly took steps to close off [the vulnerability] and began working with law enforcement and security experts to investigate what happened”.
“At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised.”
Morhaime warned users that only phishing emails would ask users to enter login details.
“We take the security of your personal information very seriously, and we are truly sorry that this has happened,” he said.
Affected users can read Blizzard's account security advice page.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.