U.K. Retailer GAME Denies Hack Report - UPDATED
U.K. videogame retailer Game denies reports that email addresses and unprotected passwords were lost to hackers.
UPDATE: With magnificent timing, Game says the reports of the hack are a big fat lie.
"We have thoroughly investigated the hacking claims made today by the website Pastebin, and can confirm that they are entirely false. The published email addresses are not registered users of GAME.co.uk, and there has been no breach of our database security," Game rep Anna-Marie Mason said in a statement. "We would like to assure all our customers that their details are well protected, and advise anyone who has any questions to contact our customer services team via the website, our Facebook page or Twitter account."
The original story:
The hack, it would appear, is back, and while specifics are a bit thin at this point, the relevant bit is pretty simple: if you have an account at Game.co.uk, you need to get on it and change your password, like, immediately. Hackers recently hit the site thanks to a "shell injection vulnerability" that allowed them to access the Game user database and get their hands on email addresses and passwords in plain, unprotected text. Whether or not any credit card information was lost is unknown.
Why was Game storing user information in an unencrypted format? That is where the mystery lies, although I suspect that laziness, apathy, negligence and/or outright incompetence probably figures into it somehow.
Another gaming site, the less-well-known Catalyst Gaming from Northern Tasmania, was also hacked, leading to the loss of user information and passwords, but fortunately those passwords were protected.
Game has yet to comment on the situation but we'll let you know what it has to say if and when a statement is forthcoming. In the meantime, if you're a Game customer, get over there and make the switch, before someone else does it for you.
Laws exist for a reason and in this case it's not pathetic red-tape but an actual means to protect customers. I'm going to delete/remove my account later on tonight.
Great. So some random website from Northern Tasmania knows how to encrypt user passwords, but one of the biggest game retailers in the UK doesn't? It ought to be illegal to not take basic measures to protect user information.
Thanks for the heads up.
I don't shop at GAME anymore, they're incompetent and constantly rip off customers.
I'd totally recommend ShopTo, best game retailer I've ever used.
Doesn't the U.K. have laws regarding companies encrypting user info?
Not sure since I live in America where its the accepted norm to get hacked constantly...
Thank you! Changed it! Although I agree with @The_Plunk, you think they would have been safe to begin with!
Change my password just in case. Hope they aren't just covering their arses.
I have a game card, but that's ancient, I don't think I ever made any online purchases...Still, it's hardly comforting to know that a company based around gaming, for which security is a big issue, isn't being more careful.
Well it's good thing I got nothing in my account page in GAME at all.
Dem hackers seem to be losing their touch.