Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Crytek Sites Breached

German developer Crytek is warning their users of security breaches on four of their websites that are now offline, saying users will be asked to change their passwords when the sites return (thanks Ant). Here's word:

We recently became aware of suspicious activity relating to some of Crytek's websites, and acted quickly to take those websites offline for security reasons.

The sites listed below are currently offline:

  • Crytek.com
  • Mycryengine.com
  • Crydev.net
  • MyCrysis.com

The following Crytek sites remain online and are not affected by these issues:

  • GFACE.com
  • Crysis.com
  • Warface.com

If you have an account at crydev.net or mycrysis.com, you will be asked to change your password next time you log in. If you use your current password anywhere else online, we would also suggest that you reset it at those sites.

We are working on getting all websites fully operational again as soon as possible. Please accept our sincere apologies for any inconvenience.

View
25 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >

25. Re: Crytek Sites Breached Aug 4, 2013, 15:10 Redmask
 
swedishfriend wrote on Aug 4, 2013, 12:29:
Any company's site can be hacked. It isn't a matter of the target caring or how much security they use. It is a matter of does someone with enough skills want to hack it or not.

This is incorrect, it is not a foregone conclusion just based on desire or time. Many of the bigger site hacks have been accomplished through social engineering and poor security practices. Most gaming companies do not have an adequate IT staff or budget, many even outsource hosting to companies who resell and have numerous security holes in software for compatibility sake on their hosting platforms.

There are many simple practices which can minimize both risk and trap attacks once they come in. Most companies simply don't want to spend the time or money to do that because they know consumers will tolerate this.
 
Avatar 57682
 
Reply Quote Edit Delete Report
 
24. Re: Crytek Sites Breached Aug 4, 2013, 12:29 swedishfriend
 
Any company's site can be hacked. It isn't a matter of the target caring or how much security they use. It is a matter of does someone with enough skills want to hack it or not.  
Reply Quote Edit Delete Report
 
23. Re: Crytek Sites Breached Aug 4, 2013, 12:00 SlimRam
 
Slim Ram is my real name, I use it on the only e-mail service that I have. Also, once a month I spam all my financial data to 1000 random porn sites. Also I usually rent a billboard near my place and I put my name, social security number, address, and phone number on it. My psychiatrist told me that I use to be too paranoid so I chose to open up a little, sooooo you think I went too far maybe?  
Avatar 57335
 
They always say that everyone's good at something...

I just have to find the right kind of place that appreciates nude juggling of a midget, a hand grenade, and a porcupine while playing the kazoo and riding a unicycle backwards without a seat
Reply Quote Edit Delete Report
 
22. Re: Crytek Sites Breached Aug 4, 2013, 10:37 Dev
 
eRe4s3r wrote on Aug 4, 2013, 04:40:
Having my own mail server and dmain is one of these things I have planned to do.. but never got around to. In the end it's all insecure given the spying done...
Well yeah, unless you encrypt everything, which is a massive pain.
But the idea is to stop normal hackers, not government ones
 
Reply Quote Edit Delete Report
 
21. Re: Crytek Sites Breached Aug 4, 2013, 08:55 cronik
 
It's on!  
Reply Quote Edit Delete Report
 
20. Re: Crytek Sites Breached Aug 4, 2013, 04:40 eRe4s3r
 
Having my own mail server and dmain is one of these things I have planned to do.. but never got around to. In the end it's all insecure given the spying done...  
Avatar 54727
 
Reply Quote Edit Delete Report
 
19. Re: Crytek Sites Breached Aug 4, 2013, 03:43 Tehol
 
My gmail is gunk (pun!) mail account.  
Reply Quote Edit Delete Report
 
18. Re: Crytek Sites Breached Aug 3, 2013, 22:36 Aero
 
I'd guess this is an ego stroker more than for nefarious criminal activity (though I'm not familiar with the sites in question).

Going to a lot of trouble to protect your accounts on random message boards and gaming sites isn't worth the effort if they don't lead to anything of value to you. Just keep a junk e-mail account for signing up to that sort of thing, use the same password for all of them, whatever. There's something to be said for not bothering to remember your password at all, just use the "forgot password" interface all the time and just protect your e-mail login. Save your effort and memory for important accounts.
 
Reply Quote Edit Delete Report
 
17. Re: Crytek Sites Breached Aug 3, 2013, 20:48 Dev
 
Dmitri_M wrote on Aug 3, 2013, 20:18:
I rely on the fact that I'm one in a billion and that I have very little to steal.
If its one of those chinese or russian hackers, they don't care. Even a little is a lot to some of them. In addition, when hundreds or thousands of accounts stolen, they only care about the totals, not any individual amount.
 
Reply Quote Edit Delete Report
 
16. Re: Crytek Sites Breached Aug 3, 2013, 20:18 Dmitri_M
 
I rely on the fact that I'm one in a billion and that I have very little to steal.  
Avatar 22350
 
Reply Quote Edit Delete Report
 
15. Re: Out of the Blue Aug 3, 2013, 19:57 Rigs
 
Dizzy

Still sounds complicated...I just have all my email go to my Hotmail and then it's forwarded to my Gmail...simple...

'Yeah, but, Rigs, those are two participating partners in the NSA Prism program.'

WHAT?! Shocked


=-Rigs-=
 
Avatar 14292
 
'We talked about peace! You didn't want peace. We talked about cooperation! You didn't WANT cooperation. You WANT war! Is that it? You want a war? Well, you've GOT a war!'
Reply Quote Edit Delete Report
 
14. Re: Crytek Sites Breached Aug 3, 2013, 19:14 Dev
 
eRe4s3r wrote on Aug 3, 2013, 18:43:
Dev wrote on Aug 3, 2013, 17:35:
I use unique emails and unique passwords at all sites I sign up for

Wha... how does that even work? I am signed up on like 200 sites.. how do you manage that mess? With email you would need new passwords for each new email addy... sounds like a huge hassle..
I mentioned a bit of it in the previous post.

The idea is that you have ONE email account with ONE password. No need to remember passwords. And OMG it would be a pain to setup a new email account for every one, so no. Just 1 real email.
Then there's a domain that forwards your email. So you gave out an email like bestbuy@forwardingemailthingy.com and give out one like bluesnews@forwardingemailthingy.com
Lets say your real email is RealEraseraccount@gmail.com
Then that domain forwards all those emails to your real email box, such as the gmail I mentioned above. If best buy sells your email, you block that one off from ever getting to your email anymore, but the bluesnews one would still go through. They never know your real email address. Any emails you need to send that are "from" that unique email, you can sent them through the forwarding email which can also scrub the headers that it was originally from so they still won't know your real email even if they look at the headers.

You can easily setup something like this with your own domain and simple email box (I wonder if a raspberry pi $25 computer would work for something like that), or you can use one of the free services that does something like this.
More info here:
http://en.wikipedia.org/wiki/Disposable_email_address
There's a few of the sites that do this free linked there, with varying features.
Although it refers to them as disposable, I consider it more like disable-able. As in I use mine for as long as I want, then if one gets leaked, I disable it.
Disposable would be like that 10 minute email option I linked below, which I don't use, but some people prefer.

This comment was edited on Aug 3, 2013, 19:20.
 
Reply Quote Edit Delete Report
 
13. Re: Crytek Sites Breached Aug 3, 2013, 18:43 eRe4s3r
 
Dev wrote on Aug 3, 2013, 17:35:
I use unique emails and unique passwords at all sites I sign up for

Wha... how does that even work? I am signed up on like 200 sites.. how do you manage that mess? With email you would need new passwords for each new email addy... sounds like a huge hassle..
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
12. Re: Crytek Sites Breached Aug 3, 2013, 18:04 Sepharo
 
Slayblaze wrote on Aug 3, 2013, 16:58:
Yep, been doing it that way for years. In fact my "online identity" is a complete fabrication, with only my closest friends being able to tie the "real me" to my online persona.

So you put pictures of a car up with plates in the picture that isn't actually yours? Whose car and plates are those then? Also your/his reflection is very clear in the two bumper shots

This comment was edited on Aug 3, 2013, 18:19.
 
Avatar 17249
 
Reply Quote Edit Delete Report
 
11. Re: Crytek Sites Breached Aug 3, 2013, 17:35 Dev
 
I use unique emails and unique passwords at all sites I sign up for. That way if something is breached its only the one site. The unique emails also lets me determine if someone sells or leaks their email list, and I can block off those emails that have leaked. The emails are from a free email forwarder that all get forwarded to my real email, there's a few of these kinda things.
I don't use this one since I dont like the time limit but here's an example of a disable email, if you are signing up for something that you don't care if you ever get any more email from them beyond the activation one:
http://10minutemail.com/

For the passwords, if you aren't using the same password anywhere (do this at your peril since this means you are at the mercy of the LEAST secure site you've ever signed up for which is often a forum, if someone can pair your one password with your one email they can often get into things like your bank or paypal), you are likely using a password program to store them. Thats what I do. Storing them in a plain text file isn't very secure.
There's a free open source password program called http://keepass.info
There's mobile versions and a chrome extension to integrate into the browser, etc.
 
Reply Quote Edit Delete Report
 
10. Re: Crytek Sites Breached Aug 3, 2013, 17:31 Gipson
 
Yup. This is why i use a junk email account for these kind of things...even with Blues  
Reply Quote Edit Delete Report
 
9. Re: Crytek Sites Breached Aug 3, 2013, 16:58 Slayblaze
 
Fantaz wrote on Aug 3, 2013, 14:13:
I don't give my personal info to most sites any more. Consider using an alternate e-mail address and login that isn't tied to your name or identifiable personal info.

Yep, been doing it that way for years. In fact my "online identity" is a complete fabrication, with only my closest friends being able to tie the "real me" to my online persona. Not even my family knows.

*Especially* my family, as they are the most insecure nooblets on the planet.

Guess Crytek clamps things down from now on - wake up call!
 
Avatar 56154
 
Reply Quote Edit Delete Report
 
8. Re: Crytek Sites Breached Aug 3, 2013, 16:28 LittleMe
 
Fantaz wrote on Aug 3, 2013, 14:13:
great way to start the day, being worried my personal info is in the wrong hands. thanks Crytek!

I don't give my personal info to most sites any more. Consider using an alternate e-mail address and login that isn't tied to your name or identifiable personal info.

 
Avatar 23321
 
Perpetual debt is slavery.
Reply Quote Edit Delete Report
 
7. Re: Crytek Sites Breached Aug 3, 2013, 16:18 killer_roach
 
Acleacius wrote on Aug 3, 2013, 15:29:
Here's hoping they fix the crappy games at crytek

Seems like the game sites aren't affected at all - this was likely an attempt to steal financial information and/or possibly game assets from developers licensing CryEngine.
 
Reply Quote Edit Delete Report
 
6. Re: Out of the Blue Aug 3, 2013, 15:51 NewMaxx
 
Rigs wrote on Aug 3, 2013, 15:18:
You know, this hacking bullshit is getting old! Seems like these little cock(sucking)roaches are getting in everywhere...The thing is that this can't continue, something major is going to happen. Watch for the obligatory US knee-jerk response to 'protect the citizens'...by shutting the Internet off...

Pretty much what I was alluding to here:
Evening Legal Briefs
 
Reply Quote Edit Delete Report
 
25 Replies. 2 pages. Viewing page 1.
< Newer [ 1 2 ] Older >


footer

Blue's News logo