(Credit: Blizzard Entertainment)Add Blizzard Entertainment to the long list of video game companies that have been hacked in the past 18 months.
Mike Morhaime, president of the company behind titles such as World of Warcraft, StarCraft II, and Diablo III, announced the breach of the company's Battle.net servers in a note to users late Thursday afternoon, urging them to change their passwords.
"Even when you are in the business of fun, not every week ends up being fun," he wrote. "This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened. … We take the security of your personal information very seriously, and we are truly sorry that this has happened."
While Blizzard says it appears no financial information (including credit card numbers) was breached, the attackers did obtain some other data, including a list of email addresses for Battle.net users as well as the answers to personal security questions. Information relating to Mobile and Dial-In Authenticators was also accessed.
The company is encouraging users to change their passwords and is prompting players to update their security questions.
Blizzard has an enormous database of players. World of Warcraft alone has 9.1 million active accounts, and at least another 4 million players likely still have log-ins from closed WoW accounts. An unknown number of other accounts are also likely affected for players of the company's other games.
Blizzard, however, stressed that it believed its security protocols will prevent the hackers from directly accessing people's accounts.
"Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts," said Morhaime.
The company did, however, warn users to be on the alert for phishing emails, which could trick them into divulging login information.
And, of course, Sony's hacking last May kicked off the flood. That attack reportedly cost the company more than $170 million.