Blizzard Entertainment

Under Review: 
No Review
Date Breach Made Public: 
August 9, 2012
Irvine , CA
United States
California US
Records Breached: 


Breach Total Number: 
Dataloss DB
Year of Breach: 
Type of organization: 
Type of breach: 

Blizzard's security team found an unauthorized party or parties had accessed the Blizzard internal network.  Blizzard immediately addressed the security issue and found no evidence that credit card, billing address, or name information had been accessed. Players using North American servers may have had scrambled versions of passwords, answers to personal security questions, and information relating to Mobile and Dial-In Authenticators accessed.  Users are encouraged to change their passwords immediately and to change the passwords of other accounts if they are similar to the compromised passwords.  A list of email addresses for global users outside of China was also accessed.

UPDATE (11/12/2012): Two people have filed a suit alleging that Blizzard's $6.50 protection charge is inadequate and that Blizzard did not take the necessary measures required to secure the private information of customers that was stored online. The lawsuit also alleges that Blizzard continues to fail to disclose to consumers that additional security products must be acquired after buying games in order to ensure that information stored in online accounts is secured.

UPDATE (07/11/2013): The U.S. District Court for the Central District of California dismissed most of the claims that were brought against Blizzard Entertainment.

UPDATE (08/23/2013): At least six out of eight claims from the lawsuit against Blizzard have been dismissed.  Blizzard still faces litigation for failing to fully disclose the importance of an authenticator to users.