The hack that took down Sega's online gaming service late last week has affected 1.3 million customers.
That was one of the details confirmed by the publisher on Sunday.
A cyber attack on the publisher's Sega Pass service - a subscription-based feature that allows gamers to play unlimited Sega games online - forced the service to be shut down.
"We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text. Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion," Sega wrote in an e-mail to its customers.
On Sunday, Sega confirmed 1.3 million people were affected but did not have an estimate for when Sega Pass would be back online. The company said it is working on increasing its security.
The Sega Pass website has been replaced with a terse message that reads, "SEGA Pass is going through some improvements so is currently unavailable for new members to join or existing members to modify their details including resetting passwords. We hope to be back up and running very soon. Thank you for your paitence." (sic)
This of course comes just off the heels of Sony's massive data breach which forced the Playstation Network offline for over a month, resulting in what is estimated to be billions of dollars in damages.
Unlike Sony's service, Sega Pass is not an e-commerce platform for other publishers, so the damage is limited only to Sega itself. But with such a large number of users affected, it isn't a small attack by any means.