Blizzard announced today they they have suffered a major data breach, and sensitive user data was stolen from their servers. According to their statement the specific data stolen includes email address, the answer to the personal security question, and information relating to two-factor authentication. They also lost their SRP server-side verifier database, which is the database they use to verify user passwords.
And despite what Blizzard is claiming, I believe the majority of their users’ plain text passwords have been exposed as well.