If you ever held an account on Xbox360ISO.com or PSPISO.com, now’s the time to reset your password. Both sites were hacked by an unknown attacker in late 2015, with the details of those affected splashed on the Internet late this weekend.

The details encompass an incredible 2.5 million users, and include email addresses, IP addresses, usernames and passwords. It seems that the operator of these sites did nothing to protect the latter, as all passwords were ‘protected’ using the MD5 hashing system, which is trivially easy to overcome. For reference, that’s the same hashing system used by LinkedIn. And we all know how that turned out.