In a statement released just yesterday Cryptic Game Studios—developer of City of Heroes, Champions Online, Star Trek Online, and a few other online game titles—revealed that they discovered that their systems have been hacked…in December 2010. The delay? The statement enlightens readers that they discovered the hack from almost a year and a half ago due to heightened security audits.

The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.

Due to privacy concerns included, Cryptic is also warning that while there’s no evidence the intruder had access to it, they could have absconded with “first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site.” However, the statement stresses that there’s no reason to believe this information as accessed.

Cryptic says that they have e-mailed those they believe have been affected by the breach and continue to investigate the scope.

In today’s cybersecurity climate this is a good example of why strong encryption is needed across the board. Not just on passwords—although it’s easiest there because of the nature of passwords—but entire database records. After watching the wreckage and mayhem of LulzSec’s rampage across numerous sites, stealing and then leaking their databases, we know how easily they can be broken into and then released. The really dangerous hacks wouldn’t be coming from Internet highwaymen and jokers like LulzSec; but from hacks similar to what hit Cryptic in 2010 and even they didn’t know about it at the time.

In what may be a black mark on Cryptic Studios (for suffering the attack) it’s a bright spot in their record that they’ve acknowledged it to the public as quickly as they could gather evidence of the event. It’s a reminder to everyone that we should always be watching our financials and pay attention to our personal security.

The statement also includes information on identity theft and the usual security messages of making sure to change your password regularly, never use the same password for gaming sites as your e-mail address (in fact never use that password anywhere else), and avoid using the same password across sites as a general rule.

The sort of information taken from gaming sites such as Cryptic Studios has a lot of value to criminals not just because of identity theft, but because it gives an insight into people’s relationships to their data. Instead of identity theft being the most common problem, it’s going to be spear-phishing we need to worry about. Certainly, attackers might sell the authorization credentials to gold farmers (to turn people’s accounts into money) but getting a Trojan onto their computer via a personally crafted e-mail and some choice information might net them even more.

Massively multiplayer online (MMO) games and communities are one of the vanguards of the social media revolution, they house and attract millions of people a year and it’s a growing industry. As a result, it’s full of potential marks for cyberfraud and criminal activity. With gamer culture making an impact on our culture and the Internet as a whole, it’s always best to be sure that passwords and information are carefully separated.