Hackers have gained access to player data from League of Legends' EU West and EU Nordic & East databases.
LA-based developer Riot Games said on the League of Legends website: "Keeping player information secure is very important to Riot. That's why we're sorry to share that hackers accessed some player account information."
The data in question includes email addresses, encrypted account passwords, summoner names, dates of birth, and - "for a small number of players" - first and last names and encrypted security questions and answers. Riot said absolutely no payment or billing information was accessed during the breach.
The developer has fixed the specific security issue that hackers exploited, and said it's in the process of notifying all EUW and EUNE players about the situation via email.
It also recommended that players change their passwords. "Even though we store passwords in encrypted form only, our security investigation determined that more than half of the passwords were simple enough to be at risk of easy cracking."
Riot CEO Brandon Beck and president Marc Merrill said they've been humbled by the experience and wanted to "sincerely and personally apologize... for this situation. We take your privacy and security seriously, and we're working diligently to improve it for the better."