First off, the company doesn't believe any credit card information, Paypal addresses, or similar data was seized. No billing addresses or real names have been accessed, either. What was taken includes:
- Email addresses for non-Chinese Battle.net users
- Personal security questions and answers
- Information related to Mobile and dial-in Authenticators
- Cryptographically hashed passwords
No "I told you so"
As tempting as it is to claim we saw this coming back in May, we're going to refrain. Here's why: Battle.net hacking has become an even hotter topic in the Blizzard community since the launch of Diablo III. There are people who will read this news and immediately assume that the company launched some enormous cover-up, that the hacks go all the way back to launch, and that Blizzard was blowing smoke up our posteriors about the whole thing.
Sure. That could be true. But there's no proof of it. Security break-ins don't necessarily map to external issues. It's possible that Blizzard caught this almost as soon as it occurred. It could turn out that the hack occurred months ago, but data was only transferred recently. It's absolutely possible that the hack occurred months ago, but that Blizzard was being 100% honest when it said that no one with a Diablo III authenticator had ever been hacked.
If this blows up as big as the Sony hack did, or involves the same sort of blatant stupidity, we'll be there. For now, we recommend resetting your Battle.net passwords, keeping an eye out for the company's updated Authenticator software (if you use one) and checking the FAQ if you have additional questions.