Yesterday, I receive an email from the terrific site have I been pwned? that one of my accounts had been, in fact, pwned. Today, I receive a notification from Blank Media Games that my account with them had been breached. Notice, a third party informed me of the breach before the people that I had the actual account with did. There is a bit of a story about it from DeHashed about it, in which a person(s) reported to DeHashed that it had happened and gave proof. DeHash contacted Blank Media Games and HaveIBeenPowned. Allegedly, Blank Media Games did nothing for at least five days, at least in regard to contacting their customers.
That’s five days that customers could have had for changing their passwords, which they should have been doing since a bunch of them are likely re-using their passwords on every site.
If you’re re-using passwords, let this be a cautionary tale, and get a password manager. I use 1Password, but I’m sure all of its competitors are just as good.