Another day, another devastating cyber attack on a video game company.
Hackers targeted UK publisher Codemasters last week, forcing the company to shut down its official website and several services offered through it. The intrusion affected an unspecified number of people, though Codemasters, who recently released the third installment of its "Dirt" racing franchise, admitted myriad data was compromised.
The company sent out the following statement to its customers on Friday:
Dear valued Codemasters customer,
On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.
During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:
Codemasters.com website
Access to the Codemasters corporate website and sub-domains.
DiRT 3 VIP code redemption page
Access to the DiRT 3 VIP code redemption page.
The Codemasters EStore
We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.
Codemasters CodeM database
Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.
Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.
The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.
Advice
For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.
Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.
We apologise for this incident and regret any inconvenience caused.
We are contacting all customers who may have been affected directly.
Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at custservice@codemasters.com.
A Community Relations manager at the official Codemasters forums admitted in a posting earlier this afternoon that there is currently no way for customers to access their accounts. "For all of you wishing to change your CodeM password, as the sites and services are down that support you doing that yourselves, we are currently figuring out if there is a way we can do this for you or setup a temporary way for you to do this," they wrote. "However, in the meantime we ask for your patience as we figure that out."
Some customers were understandably frustrated by the news and had no problem telling the company as much.
"Thanks for waiting a week before telling anyone," sarcastically wrote one forum member, adding, "luckily my password here is not one I use elsewhere because a lot can happen in a week." A similar sentiment was voiced by consumers following the massive PlayStation Network data breach in April when it was discovered that Sony waited nearly a week to alert some 77 million customers that their personal information was compromised during a cyber attack.
Another Codemasters forum member condemned lax online security across the board: "I'm completely fed up with companies not being able to protect the data (my data) that they demand at signup. Time to set up an online alter ego. You can't be trusted with the data so you just won't get it in future." In May, game developer Eidos was hacked, resulting in the leak of up to 25,000 email addresses and information provided by around 350 job applicants.
Attempts to access the official Codemasters website results in redirection to the company's Facebook page, which, ironically, doesn't seem acknowledge the recent cyber attack.
No clues as to who was behind the hacking have turned up as of yet. We'll update this post when more information is available. (Via Eurogamer)
