Hackers have gained access to around 120,000 transaction records stored on the servers of popular MOBA League of Legends.
Usernames, real names, email addresses and encrypted passwords were all at risk, developer Riot Games admitted last night.
Credit card information was accessed too, although this was both hashed and salted, Riot said (thanks, Kotaku).
The security breach affected a payment system that had not been used since July 2011, meaning any payments made since then were confirmed as safe.
"As a measure to make your accounts safer, within the next 24 hours we'll require players with accounts in North America to change their passwords to stronger ones that are much harder to guess," Riot added.
"At such time, you'll be automatically prompted to change your password when you attempt to log in to the game. If you'd prefer, please click here to change your password now."
Riot said it would also introduce email verification for all new registrations and email or SMS authentication for future account email or password changes.