Last night, a carefully-worded e-mail went out to subscribers of Trion World’s massively multiplayer online role playing game, Rift announcing that the game developer’s user accounts had been compromised by hackers. The breadth and width of the breach is not currently known but it looks like the attackers stole a database containing pretty much basic billing information and login credentials.

According to the Trion World’s account notification regarding the attack: “The database in question contained information including user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards.”

The e-mail is quick to add, “There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way.”

As a result of the breach, Trion Worlds is taking a novel approach that we haven’t seen too often: they’re forcing users to change their passwords.

Any Rift customer, current or past, has been invited to log into the website and change their password immediately. Doing so will net customers 3 days of Rift play time compensated immediately (even if they don’t currently pay for the game) as well as give them a 10% boost on earning in-game currency while playing.

Users who use mobile authenticators will be asked to reconnect their credential security devices as well in order to make certain that they continue to work properly. Popularized by Blizzard for World of Warcraft, many extremely popular MMO games use keychain fobs that slowly update a number based on a cryptographic algorithm and a salt unique to the user and require the entry of that number for account access (or access to sensitive activity on said account.)

In a way, this hack could be a boon to Trion Worlds by inviting old players back to play for three days and experience the enjoyment of boosted gaming.

Rift has taken their Christmas coal and stuffed customer’s stockings with good tidings and cheer for the holidays—all the while encouraging them to be more security conscious as an apology for getting hacked.

In the world of the Internet, suffering a hack can almost be seen as an eventuality. Trion Worlds appears to have properly encrypted their user authentication passwords (although that can be cracked, thus why they want people to reset) and I speculate they kept their credit card information in a separate database.

In the past we’ve seen numerous MMOs and game networks targeted by data thieves from the now-infamous hack of the PlayStation Network, the loss of 13.2 million account records by South Korea’s MapleStory, attacks against Xbox LIVE users over FIFA Soccer 2012 money cards, the list goes on.

Stay safe online. Don’t use the same password/username across sites (definitely not between your e-mail, games, and financial sites) and be careful to watch your statements after any site you pay using credit cards gets hacked. We have pickpockets in cyberspace as much as we have thieves on city streets, so while the digital mugging may not happen to us directly, it does affect us indirectly.

Stay vigilant, change passwords, and have a merry Christmas and a sprightly Yule.