Blizzard Entertainment president and co-founder Mike Morhaime issued a statement late last night revealing that Battle.net had been infiltrated by unknown sources and that some user data may have been compromised. Though his note to the community downplayed the security breach, Morhaime acknowledged that a list of email addresses for global Battle.net users outside of China, cryptographically scrambled versions of Battle.net passwords, answers to personal security questions, and information related to Mobile and Dial-In Authenticators were illegally accessed. The good news is that financial data was not touched:
"At this time, we’ve found no evidence that financial information such as credit cards, billing addresses, or real names were compromised," wrote Morhaime. "Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed."
Blizzard suggests that users change their passwords as a precaution and update their security question with a new answer. They also point out that Battle.net users should be wary of phishing schemes where someone pretending to be from Blizzard asks you for personal or financial information. As most companies will tell you, they don't ever ask you for such information via email.
Blizzard also said that in the days ahead users will be prompted to make changes to their Battle.net accounts for the sake of safety.
The security breach affects everyone outside of China including North America, Latin America, Australia, New Zealand, and Southeast Asia. European servers were not listed in Morhaime's statement.
Finally Morhaime offers a sincere apology to Battle.net users and emphasizes that the company is serious about its users' safety and security:
"We take the security of your personal information very seriously, and we are truly sorry that this has happened."
You can read Morhaime's complete statement here.