The Town of Salem (video game) was hit with a massive data breach last week that exposed the information on more than 7 million users.

The breach was discovered by the cybersecurity research Dehashed on December 28 when he received an anonymous email that indicated someone had gained access to the game’s database. Town of Salem is a role-playing game operated by BlankMediaGames.

Dehashed reported the compromised data includes usernames, emails, passwords (phpass, MD5(WordPress), MD5(phpBB3)), IP addresses, game and forum activity, and some payment card information for those members who have paid for the games premium services.

The company has posted a response saying it is investigating the problem, has put out a patch to block access and is recommending all users change their passwords.

“We don’t store any credit card or payment info. At all. All passwords were hashed and not plain text. This means they do not know what your password is unless they run a program to attempt to guess it against the hashed password. Any reasonably strong password will take a very long time to be guessed,” BlankGamingMedia wrote, adding most of the user data it stores is game related.

Dehashed believes access was gained using an LFI/RFI attack, which is similar to a cross-site scripting attack.

SC Media has reached out to BlankGamingMedia for a comment.