Law enforcement has been contacted and an investigation is under way, Mike Morhaime, Blizzard's co-founder and president.
Hackers obtained email addresses for users located outside of China for Battle.net, Blizzard's portal for its online games, and the answers to those users' personal security questions. Affected regions include North America, Latin America, Australia, New Zealand and Southeast Asia.
Some information relating to mobile and dial-in authenticators was compromised as well as cryptographically scrambled versions of the passwords belonging to players in North America, Morhaime wrote. The information is not enough to access Battle.net accounts.
"At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised," Morhaime wrote. "Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed."
Blizzard uses a "secure remote password" (SRP) protocol to protect passwords. Morhaime wrote it would be difficult to decipher actual passwords, but the company is advising its North American customers to change their passwords nonetheless.