Free-to-play MOBA League of Legends has been hacked.
Riot Games today revealed in a blog post that North American usernames, email addresses, salted password hashes, and some first and last names were accessed in a recent hack.
The developer said password files are unreadable, but gamers with easy-to-guess passwords may be at risk.
On top of this, Riot Games said it is investigating about 120,000 transaction records from 2011 that contained credit card numbers that were compromised. The developer said the payment system involved with these exposed records has not been used since July 2011.
"We are taking appropriate action to notify and safeguard affected players," Riot Games said in a statement. "We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players."
Players with questions or concerns are should reach out to the Riot Games player support knowledge base, the company said.
To bolster security going forward, Riot Games said within the next 24 hours, players with accounts in North America will be required to change their passwords to "stronger ones that are much harder to guess."
In addition, Riot Games said new security features are currently in development aiming to boost account security. These systems include email verification and two-factor authentication.
"We're sincerely sorry about this situation," Riot Games said. "We apologize for the inconvenience and will continue to focus on account security going forward."