In an email sent to subscribers of their MMO games Star Trek Online and Champions Online, MMO game developer and publisher Cryptic Studios has revealed a data breach in their network that has compromised the accounts of subscribers to the two games, warning that passwords and personal information were taken.
In an email sent out late last night by Cryptic's Customer Service division, the Studio warned gamers:
"As a result of routine security checks and upgrades, we have discovered that certain of your account information, including your password, may have been accessed by an unauthorized party.
"For your security, we've reset the password on your account. You can recover your password via the "forgot password" link on the official Star Trek Online or Champions Online web sites:"
The email provides the following links for gamers to use to regain access to their accounts:
The email goes on to caution:
"If you have used your account name and password for other accounts, especially financial accounts or accounts with personal information, you should consider changing your password on other services as well."
Further Details Revealed
The unauthorized access events occurred in December 2010, though evidence of the security compromise was only just uncovered due to increased security analysis at the online game company.
The unauthorized access included user account names, handles, and encrypted passwords for accounts, and even though the passwords were encrypted, it is apparent that the intruder was able to crack some portion of the passwords in the database, evidently using them to log into some accounts.
All of the accounts that Cryptic believes were present in the database at the time of the break-in have had their passwords reset, and customers registered to those accounts have been notified via e-mail of the incident, and provided with instructions on what steps are required to restore their access to the games.
Cryptic says that they have no evidence that any other information was taken by the intruders, but it is possible that the intruders were also able to access additional account information. If they did so, the first and last name, e-mail address, date of birth, billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. They insist that they have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user, but suggest that reasonable caution is advised.
Cryptic is continuing to investigate the compromise, and are taking further action to strengthen their systems and redouble their security protocols, but for your own security are encouraging gamers to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information.
They warn that Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information, so any requests that appear to originate from the game company for that sort of information should be treated as bogus.
They also caution that if you use the same password for other accounts, especially financial accounts or accounts with personal information, they strongly recommend that you change them.
Gaming Update will keep you informed as new information is made available. Remember the question is not if you are paranoid, the question is are you paranoid enough?
Posted: 26th Apr 2012 by CMBF
Tags: Star Trek Online, PC, MMO,