Game maker Ubisoft said on Tuesday an account database was breached due to unauthorized access of one of its websites, revealing users' personal information.
The attack divulged user names, email addresses and encrypted passwords, Ubisoft said. The company said it does not store payment information.
"We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems," the company said in an advisory on its forum.
Ubisoft did not say which of its websites was breached or how long attackers may have had access. A new splash page was being shown when users navigated to its main website, ubisoft.com, that asked users to change their password.
"Out of an abundance of caution, we also recommend that you change your password on any other website or service where you use the same or a similar password," the advisory said.
In some cases, encrypted passwords can be converted to their original form using password cracking programs. Longer, more complicated passwords are more difficult to crack, which is why security experts recommend mixing in numbers, symbols and capital letters.
In April, Ubisoft took its Uplay service offline, which is used to purchase and download games. A problem with the service allowed hackers to download games for free, including one that had yet to be released.
Sign up for CIO Asia eNewsletters.