An effort by Cryptic Studios to enhance security on its servers and its databases uncovered a breach from 2010 where the unauthorized intruder had access to account names, encrypted passwords and other account information.
In an email to users today and a post on it website, Cryptic said the hacker had breach one of its user databases:
The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.
Cryptic also believes the hacker may have had access to additional information such as player names, birth dates and partial credit card details, but there was no evidence that any of this information was taken.
(Correction: We had originally reported that Cryptic handled City of Heroes. The studio developed the game, but it is owned and operated by NCsoft. We regret the error)