I haven't seen anyone else post on this yet. I got this email about 10:40pm tonight.
Last night we identified and stopped an illegal intrusion of the CardRunners servers.
While no customer credit card or financial information was compromised, we have confirmed that the following customer information related to your account may have been compromised:
Out of an abundance of caution, we have forced your password to be reset. If you use your CardRunners username or password for other unrelated services or accounts, we recommend that you change them as well.
Your new password is: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
CardRunners will never contact you in any way asking for any personally identifiable information so please be vigilant in not providing such information to anyone that represents themselves as working for CardRunners.
We regret any inconvenience this causes and want to ensure you that we will continue to work to ensure that additional measures are taken to protect your private information.
Kind of surprised. Why would someone target Cardrunners? Only 2 real reasons I can think of. One is people might use the password to hack into poker sites
(assuming you use the same pw and SN for both) and drain funds (although I imagine that to be unsuccessful given anyone with significant funds would likely check the balance often, not to mention it might raise flags on the site itself).
The second would be for the credit information. It's not that big a service either. If they just wanted the credit information they supposedly failed to get, CR is a relatively small time service. Much better targets (well, larger anyway). But then again, if they broke in and got your encrypted pw, then I imagine Cardrunners security wasn't that great. But I also don't know much about programming/hacking.
Despite they supposedly didn't get credit information, it's kind of ironic. I never actually had a paid subscription. I just made a free account and never upgraded. :-p