Millions of gamer account details stolen in huge Blizzard attack

Millions of gamers have had their account details stolen in a hack on, the online service used to store and manage the personal information of players of Blizzard games like World of Warcraft and Diablo 3.

Blizzard president Mike Morhaime confirmed the attack in a blog post, writing that “our security team found an unauthorized and illegal access into our internal network.”

“We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened,” he continued.

Morhaime advised users in North America to change the login information they use to access their accounts, though he insisted that, so far, there has been no evidence that credit card information, addresses, or real names have been stolen.

The breach compromised a list of email addresses of players outside of China, as well as answers to personal security questions and information related to mobile and dial-in access to

The hackers managed to gain access to a cryptographically scrambled list of passwords used by players in North America. Though the encryption technique makes it difficult to unscramble the passwords, those users are nonetheless recommended to change their details.

The company will begin prompting users in North America to update their account information, including security questions and answers, through an automated process. Those using mobile authentication will be asked to update their authenticator software, Morhaime said.

Sophos researcher Paul Ducklin has described the hack as “painful but probably not too bad.” In a post penned for the security firm’s blog, Ducklin praised Blizzard for its “sensible” storage and management of authentication data.

Meanwhile, Blizzard has created an FAQ page to answer any leftover questions users may have while the investigation continues.