A recent Security Update by Blizzard has revealed that the company recently discovered that someone accessed their internal network illegally. They assure us that the breach was rapidly closed and that they have law enforcement and security experts investigating. As of yet, there is no evidence that financial information has been compromised, though a list of email addresses for global Battle.net users outside of China was taken. Players on North American servers may have had the answers to their personal security questions and information relating to authenticators taken. However, Blizzard say that, based on what they know, this information is not enough for anyone to gain access to your Battle.net account.
Also, thoroughly encoded versions of passwords were taken from players on North American servers. These passwords are protected by 'Secure Remote Password protocol,' which, we are assured, is designed to make it incredibly difficult to get the actual password and means each password would have to be deciphered individually. Of course, it is still recommended that you change your Battle.net password, as well as your password on any other sites if you use the same one in multiple places.
For more information, check out the Security Update in full and its FAQ page.
Good. Of course, a security breach is a bad thing, but I'm glad they're admitting there was a problem.
As for SRP, it is not used on the Website (it's probably used for the in-game login). What they mean is that they store a hash of your password, instead of the password itself, but it's been standard practice in the industry for many years.
Reddit
