Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Codemasters Hacked

We've received reports from several readers about a note they received from Codemasters about a hacking incident, which has Codemasters.com offline until further notice. In many cases they have reason to believe personal details have been compromised, but not payment information. The entirety of the message follows.

Important information regarding your account

Dear valued Codemasters customer,

On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:

Codemasters.com website

Access to the Codemasters corporate website and sub-domains.

DiRT 3 VIP code redemption page

Access to the DiRT 3 VIP code redemption page.

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.

Advice

For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.

We apologise for this incident and regret any inconvenience caused.

We are contacting all customers who may have been affected directly.

Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at custservice@codemasters.com.

View
30 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >

30. Re: Codemasters Hacked Jun 11, 2011, 09:04 Dev
 
Bhruic wrote on Jun 11, 2011, 06:39:
Most smaller websites go under the radar and don't get attacked so their mediocre security doesn't get tested.

Are you kidding? I run a website purely to host some patches that I've made for a game. I get multiple hacking attempts every month. Admitedly they aren't terribly sophisticated ones, but they are frequent. The amount of attempts that companies that actually have financial details of some type get must be significantly higher.
Ok my bad I should have said something like "don't get seriously attacked". I'm guessing most of the ones hitting you are script kiddies.
 
Reply Quote Edit Delete Report
 
29. Re: Codemasters Hacked Jun 11, 2011, 06:39 Bhruic
 
Most smaller websites go under the radar and don't get attacked so their mediocre security doesn't get tested.

Are you kidding? I run a website purely to host some patches that I've made for a game. I get multiple hacking attempts every month. Admitedly they aren't terribly sophisticated ones, but they are frequent. The amount of attempts that companies that actually have financial details of some type get must be significantly higher.
 
Reply Quote Edit Delete Report
 
28. Re: Codemasters Hacked Jun 11, 2011, 01:57 Kajetan
 
ASeven wrote on Jun 10, 2011, 20:23:
And I don't think it's white hats either since they wouldn't put out the DBs in the open, there's something else going on here.
The usual criminals just learned that gaming companies are easy, VERY EASY targets.
 
Reply Quote Edit Delete Report
 
27. Re: Codemasters Hacked Jun 10, 2011, 21:25 Tanto Edge
 
Epic Mega Games was hacked too (received an email apologizing) but it's nowhere on Bluesnews.  
Avatar 13202
 
http://www.youtube.com/watch?v=705LEH3j2g0&t=0m24s
http://www.youtube.com/user/tantoedge
Reply Quote Edit Delete Report
 
26. Re: Codemasters Hacked Jun 10, 2011, 20:23 ASeven
 
Now it's Epic's turn to be hacked.

What the hell? It's as if the PSN hack opened a flood gate or something. And I don't think it's white hats either since they wouldn't put out the DBs in the open, there's something else going on here.
 
Reply Quote Edit Delete Report
 
25. Re: Codemasters Hacked Jun 10, 2011, 19:06 Dev
 
AnointedSword wrote on Jun 10, 2011, 18:08:
Try and use your brains people...Businesses want to keep their clients info private, after all, that is how they make their money...
Yeah they do... as long as it doesn't cost them much money. Businesses are in business to make a profit, which they think doesn't include spending tons on top notch security. Unfortunately, since the internet is global and hackers can hack into anything anywhere from anywhere, the only way to prevent most of these attacks is actually HAVE top notch security. Most smaller websites go under the radar and don't get attacked so their mediocre security doesn't get tested.

The first positions to go when a business wants to let someone go, are those who aren't seen as contributing directly to a companies bottom line (and of course it never includes management). These include positions like copy editors at news organizations (anyone else notice how sloppy they've gotten in spelling and grammar lately?), or the security guy at IT (he's just a money sink with no return right? Right?), or the environmental guy (he's just costing us money, surely we won't get fined if we ignore this stuff), etc.

Its why many corporations don't have proper backup procedures in place either, its something that's viewed as not needed until something bad happens.

Think about this if nothing else... many of these corporations storing credit card info are violating Visa/mastercard/amex policies regarding this. There's a bunch of requirements that if followed as they are dictated by credit card companies, should prevent any credit card numbers from ever getting stolen in a usable state by hackers. Guess what? Many of them are NOT following those procedures. And those procedures are logical and straightforward to protect data. Such as NOT STORING THEM IN PLAINTEXT. You can't possibly convince me that a company made a good faith effort to keep client info private if they stored things like passwords as PLAINTEXT such as happened just recently and reported and linked here on bluesnews.

Edit: Yeah, here it is
http://www.bluesnews.com/s/122334/evening-safety-dance
Sony was hacked AGAIN just 1 week ago and over a million accounts with PLAIN TEXT passwords were taken.

This comment was edited on Jun 10, 2011, 19:22.
 
Reply Quote Edit Delete Report
 
24. No subject Jun 10, 2011, 18:08 AnointedSword
 
Oh ya....it is the trusting media that makes companies have security! Oo wrong again! Do you like getting your files hacked into? ? Try and use your brains people...Businesses want to keep their clients info private, after all, that is how they make their money...  
If you were right, I would be agreeing with you.
Reply Quote Edit Delete Report
 
23. No subject Jun 10, 2011, 18:02 AnointedSword
 
lol ya, the companies are at fault again? Listen to you people. "standard hacker" attacksOo Are you guys for locking up the hackers? Really, if it was your company would you want a hacker breaking into your comp? It is the evil corporations again! They are from Satan! Oo lol  
If you were right, I would be agreeing with you.
Reply Quote Edit Delete Report
 
22. Re: Codemasters Hacked Jun 10, 2011, 17:39 Kajetan
 
Talisorn wrote on Jun 10, 2011, 16:38:
Seriously though, this is getting out of hand.
No. Thats just standard hacking attacks, which take place all the time. Now this time media covers it in detail. Which is a good thing, because thats the only way to force companies to do something about IT security.

The hackers need to be found and have the book thrown at them so hard, the promise of phat ca$h lewts will not be so appealing.
Yeah, bring the hammer down. Because that'll teach them for good! *yawn*
If there is a lot of cash to gain, there will ALWAYS be someone to take the risk, regardless how high it is.
 
Reply Quote Edit Delete Report
 
21. Re: Codemasters Hacked Jun 10, 2011, 17:38 zirik
 
Nameless Again wrote on Jun 10, 2011, 13:43:
-management (We bought this already with out consulting you, now make it fit)

seen that happen a lot. end users and IT want a specific product but management approves and buys a different one because:

a) the vendor sweetened the deal with expensive dinners and paid vacations.

b) the vendor promised heaven and earth support which never materialize once problems occur with the product they sell.

c) management has a relative working for the vendor.
 
Reply Quote Edit Delete Report
 
20. Re: Codemasters Hacked Jun 10, 2011, 17:34 Wolfen
 
Whats with all the hacking lately? It's making my conspiracy side of the brain think it's intentional to push an anti net neutrality agenda.  
Reply Quote Edit Delete Report
 
19. Re: Codemasters Hacked Jun 10, 2011, 16:38 Talisorn
 
Creston wrote on Jun 10, 2011, 14:15:
I'm just waiting for the inevitable hack to hit EA or Amazon or Newegg; places where I DO have credit card info stored.

Creston

And when Blizzard gets hacked, it will be the sound of 12 million nerds suddenly crying in pain, and then .... continuing to cry out in pain.

Seriously though, this is getting out of hand. The hackers need to be found and have the book thrown at them so hard, the promise of phat ca$h lewts will not be so appealing.
 
Avatar 19028
 
Reply Quote Edit Delete Report
 
18. Re: Codemasters Hacked Jun 10, 2011, 16:10 Creston
 
CythrawL wrote on Jun 10, 2011, 15:02:
Creston wrote on Jun 10, 2011, 14:15:
I'm just waiting for the inevitable hack to hit EA or Amazon or Newegg; places where I DO have credit card info stored.

Creston

Time to delete all stored cards in these places methinks.. I know its a minor hassle to type the info in every time you want to make a purchase, but honestly its the better option these days.

The problem is that deleting your stored cards doesn't actually take it off their servers. They keep that info for years and years.

Just gotta keep an eye on your statements and as soon as weird shit shows up, cancel and ask for a new one.

It's irritating that companies which store personal information like that do so fucking little about security.

Creston
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
17. Re: Codemasters Hacked Jun 10, 2011, 15:22 Verno
 
CythrawL wrote on Jun 10, 2011, 15:02:
Time to delete all stored cards in these places methinks.. I know its a minor hassle to type the info in every time you want to make a purchase, but honestly its the better option these days.

Many of these companies do not in fact delete your credit card data when you delete it from your profile is the problem.
 
Avatar 51617
 
Playing: Fire Emblem, Diablo 3, Bravely Default
Watching: The Machine, After the Dark, Devils Due
Reply Quote Edit Delete Report
 
16. Re: Codemasters Hacked Jun 10, 2011, 15:06 Spaced
 
In other news...3 people in Spain have been arrested in connection with the PSN hacks.

That's the effective solution right there (for software developers also). Security is fine, but devote some of your resources to putting the hackers in jail. Stops the problem at the source, rather than just giving them some new targets to try for. New security leaves the problem in place and they just come back and keep at it. Putting them in jail takes care of the source.
 
Reply Quote Edit Delete Report
 
15. Re: Codemasters Hacked Jun 10, 2011, 15:02 CythrawL
 
Creston wrote on Jun 10, 2011, 14:15:
I'm just waiting for the inevitable hack to hit EA or Amazon or Newegg; places where I DO have credit card info stored.

Creston

Time to delete all stored cards in these places methinks.. I know its a minor hassle to type the info in every time you want to make a purchase, but honestly its the better option these days.
 
Reply Quote Edit Delete Report
 
14. Re: Codemasters Hacked Jun 10, 2011, 14:54 yuastnav
 
I think they are pretty careful about these things at amazon. They know what's at stake and how much that could hurt them.
I'd also bet that there are always some people who'll try to get into that site but inevitably fail.
 
Reply Quote Edit Delete Report
 
13. Re: Codemasters Hacked Jun 10, 2011, 14:53 WyldKat
 
Wow... not even an offer of a free game...

Way to fail, Codemasters.
 
Reply Quote Edit Delete Report
 
12. Re: Codemasters Hacked Jun 10, 2011, 14:15 Creston
 
I'm just waiting for the inevitable hack to hit EA or Amazon or Newegg; places where I DO have credit card info stored.

Creston
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
11. Re: Codemasters Hacked Jun 10, 2011, 14:08 yuastnav
 
Oh dear. Signed up for the jumpgate evo beta.
Unfortunately I don't remember what info they actually wanted and there's no way to find out.
 
Reply Quote Edit Delete Report
 
30 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >


footer

.. .. ..

Blue's News logo