Star Trek Online and Champions Online maker Cryptic Studios has only now discovered evidence of "unauthorised access" to game accounts from December 2010.
Cryptic Studios broke the news to gamers overnight.
"As part of our ongoing efforts to monitor and enhance security, we recently detected evidence of an unauthorised access to one of our user databases," the company revealed. "The unauthorised access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.
"The unauthorised access included user account names, handles and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident."
"While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed.
"We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user."
Cryptic pledged to investigate further and and to "strengthen our systems and redouble our security vigilance and protections". Cryptic restated familiar line of 'we will never contact you asking for these kinds of personal details'.
"While we have no evidence of unauthorised use of personal information as a result of this incident," Cryptic closed, "to protect against any possible identity theft, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.
"We apologise for any inconvenience this unauthorised access may have caused our customers."