Up to 13 million gamers could be put at risk after Nexon confirmed that names, usernames, encrypted resident registration numbers and passwords had been hacked.
A statement (translated from Korean to English) said that the incident occurred on 24 November and it had informed law enforcement agencies to investigate immediately.
The data loss only affected players of the online role-playing game Maple Story; owner Nexon said Maple Story is "completely independent of the service".
A Nexon official told Reuters that the leaked data did not include information on financial transactions or bank account numbers and did not affect overseas subscribers of the online game.
The company has asked game subscribers to change passwords to prevent additional damage, although the leaked resident registration numbers and passwords were encrypted. It confirmed that the entire subscription membership of Maple Story is about 18 million.
“Unlawful invasion of privacy in an accident Maple Story Customer's personal information was stolen and detrimental to the point to worry, we apologise sincerely.”
Sophos head of technology Paul Ducklin said the hack came with "spectacularly bad timing for Nexon" because the company had planned an initial public offering.
“It appears that only information about South Korean game users was exposed, but when you consider that South Korea has a total population of 49 million people, you get a feel for just how significant a haul of the details of 13 million of them could be.
The Korea Times reported that an investigation would be conducted into whether Nexon was negligent with customer data.