In an e-mail sent to Sega Pass users on Friday, Sega wrote: "Over the last 24 hours we have identified that unauthorised entry was gained to our Sega Pass database.
"We immediately took the appropriate action to protect our consumers' data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems."
Sega had to reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials.
Sega is the latest in a line of games companies to suffer hacking and denial of service attacks on their online services. Nintendo, Sony and several multi-player gaming communities have been hit in recent months.
The hacker group Lulz Security, which has been involved in a number of attacks, has denied involvement in the Sega case. "We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down," the group wrote at its Twitter account.
Sega did not say when the Sega Pass online network could be restarted.