League of Legends (LoL) - the most popular PC game with an average 12 million daily players globally - has been hacked in the US.
Developer Riot Games said that a portion of its North American account information was "recently compromised", including usernames, email addresses, encrypted passwords, as well as some first and last names of users.
Riot says that League of Legends players with easily guessable passwords are vulnerable to account theft, and so is requiring its US users to come up with new, stronger passwords.
It is also investigating whether some 120,000 transaction records (containing encrypted credit card numbers) have been accessed or not. The payment system for these hasn't been used since July 2011.
League of Legends is now working on new security features including email verification and two-factor authentication - where changes to an account email or password will require verification via email or text message.
"The security of your information is critically important to us, so we’re really sorry to share that a portion of our North American account information was recently compromised," said Riot Games' co-founders Marc Merrill and Brandon Beck in a joint statement.
"We are taking appropriate action to notify and safeguard affected players. Our investigation is ongoing and we will take all necessary steps to protect players.
"We’re sincerely sorry about this situation. We apologise for the inconvenience and will continue to focus on account security going forward."
League of Legends is a free-to-play online PC MOBA (Multiplayer Online Battle Arena) game. It has over half a million peak concurrent daily players on its EU West server alone.