Cryptic Reveals 2010 Database Hack

Cryptic Reveals 2010 Database Hack

image

Cryptic Studios has announced that one of its user databases was hacked 16 months ago.

Cryptic Studios, the publisher of MMOs including Star Trek Online and Champions Online, announced yesterday that it had "recently detected evidence of an unauthorized access to one of our user databases." Not good news, but nothing all that super-terribly unusual in this post-PSN-hack world we live in either. But this attack wasn't actually post-PSN at all: it happened in December 2010.

We're only hearing about it now because Cryptic just stumbled upon evidence of the intrusion due to recent "increased security analysis." The good news is that the passwords in the breached database were encrypted; the bad news is that whoever broke into the system was also apparently able to crack the encryption on at least some of the passwords. And while the company says that it currently has no evidence that other information in the database was compromised, it acknowledged that the intruder may have also gained access to data including first and last name, email address, date of birth, billing address and the first six digits and last four digits of credit cards registered to the site.

The investigation into the hack is ongoing and Cryptic issued the usual warning to its users to be extra-wary of scams seeking personal or credit card information. It also strongly urged people who use the same password across multiple services to change them up, and took it upon itself to reset Star Trek Online and Champions Online passwords as a precaution. Cryptic passwords can be recovered using the standard "forgot password" option.

Details about the breach and how to contact customer service with questions can be found at crypticstudios.com.

Permalink

ಠ_ಠ

For almost a year and a half, you were unaware someone was snooping around your servers? This does not inspire confidence. You know, I was thinking that maybe companies like these do have great hacker protection, and it's just the hackers who are getting better, but I think this has shown me that, in all likelihood, there are a few companies out there that just don't have good enough protection.

Honestly, that is just shameful.

Calumon: They could've stole their money and bought like a bazillion cakes in that time! D:

Oh Sony if only you had let the hack go undetected, no one is going to make a fuss out of this and these hackers got far more then anything the PSN hackers got, with at least partial credit card numbers.

Andy Chalk:
The good news is that the passwords in the breached database were encrypted; the bad news is that whoever broke into the system was also apparently able to crack the encryption on at least some of the passwords.

What? How? What sort of encryption were they using? AND ALWAYS! SALT! YOUR HASHES! I'm not even affected by this and if I find out that Cryptic left their database vulnerable to basic rainbow tables or something I'm going to hurt them.

More support for simply assuming that any database we're on may have been hacked.

I got an email about this the other day, i sat there thinking i don't think i was even registered back then, i only got into STO a few months back...

lol

they got nothing from me if they got any of my info at all, i cleared EVERYTHING from that account when i abandoned it, so no credit card data for them :p

still this is really pathetic, it took them this long? really? they make Sony look on the ball don't they .....

I'd never thought I'd see Sony lose the record for slowest response time.

Andy Chalk:

We're only hearing about it now because Cryptic just stumbled upon evidence of the intrusion due to recent "increased security analysis."

O'RLY? You think?! *facepalm*

I got an e-mail about it and I only made an account a few months ago. Inspire confidence, this does not.

Nothing like timely notification to these things~

Jack and Calumon:

ಠ_ಠ

For almost a year and a half, you were unaware someone was snooping around your servers? This does not inspire confidence. You know, I was thinking that maybe companies like these do have great hacker protection, and it's just the hackers who are getting better, but I think this has shown me that, in all likelihood, there are a few companies out there that just don't have good enough protection.

Honestly, that is just shameful.

Calumon: They could've stole their money and bought like a bazillion cakes in that time! D:

Well, pretty much what I was going to say. Well, the jack part.

It's disgraceful, unbelievable, and overall just...bad that they only found out now. I mean...how does that kind of breach go un noticed? Had they not noticed a surge in compromised accounts? Anything?

I don't know why anyone would be surprised by this? We are talking about Cryptic Studios after all. They shouldn't be making computer games in the first place, at best macaroni art and ensure you take away their glue at the end of the day.

The thing is, if the hackers got ahold of all those passwords, why hasn't people noticed the effects? No one in all this time has had their account hacked? Unlikely, but there should have been massive numbers. Had the hackers been good sports enough to just hack two or three of those accounts in two years?

Jack and Calumon:

ಠ_ಠ

i think this alone states my opinion pretty well
seriously how do you not notice this!?!

Well, I'm glad to see they were on the ball about this. -.-

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here