Codemasters Hacked

Andy Chalk

One Flag, One Fleet, One Cat
Nov 12, 2002
45,698
1
0
Codemasters Hacked


U.K.-based publisher Codemasters is warning that its site has been hacked and data belonging to thousands of users has potentially been lost.

You may have noticed over the past couple of days that codemasters.com [http://www.codemasters.com] no longer leads to the Codemasters website but instead now points to the company's Facebook page. The reason is simple: in the wake of an attack that took place on June 3, the site was pulled down and won't be back until it's completely overhauled and relaunched, sometime later this year. Codemasters informed its customers of the attack in an email that went out this morning.


Dear valued Codemasters customer,

On Friday 3rd June, unauthorized entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:

Codemasters.com website

Access to the Codemasters corporate website and sub-domains.

DiRT 3 [http://www.amazon.com/Dirt-3-Xbox-360/dp/B004Q8N7IE/ref=sr_1_1?ie=UTF8&qid=1307719789&sr=8-1] VIP code redemption page

Access to the DiRT 3 VIP code redemption page.

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.

Advice

For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favorite websites is always by typing in the address manually into the address bar of your browser.

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.

We apologize for this incident and regret any inconvenience caused.

We are contacting all customers who may have been affected directly.


What's less clear at this point is whether this hack is related in any way to the attack that took place on May 20 [http://www.escapistmagazine.com/news/view/110400-Codemasters-Admits-Weekend-Hack-Attack], in which encrypted user data was stolen and posted online. In that case, Codemasters pulled its site for a few hours, plugged a security hole and then put it back online after ensuring that all stolen data had been encrypted.

It would seem to be a separate attack [we're waiting for confirmation of that] which leads to the obvious question of, why? With all due respect to Codemasters, we're not exactly talking about one of the industry heavyweights here, so what's it done to attract this kind of unwelcome attention? Is it just an easy target, or is somebody really holding on to a grudge over that whole Clive Barker's Jericho [http://www.amazon.com/Clive-Barkers-Jericho-Pc/dp/B000R2W8WE/ref=sr_1_3?ie=UTF8&qid=1307719916&sr=8-3] thing?


Permalink
 

Kopikatsu

New member
May 27, 2010
4,924
0
0
Andy Chalk said:
It would seem to be a separate attack [we're waiting for confirmation of that] which leads to the obvious question of, why? With all due respect to Codemasters, we're not exactly talking about one of the industry heavyweights here, so what's it done to attract this kind of unwelcome attention?
On an earlier thread about this, someone mentioned that the cause was a project that Codemasters was involved in that started with the letter 'M'. But I have no idea what that could possibly be.
 

uppitycracker

New member
Oct 9, 2008
864
0
0
yep, got my email about that today! i don't even remember having signed up for anything codemasters related, but i did find this pretty amusing.
 

intheweeds

New member
Apr 6, 2011
817
0
0
So many sites seem to be getting hacked recently I can't help but wonder if there is some kind of funded black market. Certainly many hackers will hack 'for the lulz', but surely they realize the crippling real world financial implications of something like this.

'Lulz' hacks usually have some point to them. The target company/site has wronged them in some way or (as in the case of Lulzsec v. Nintendo) they wish to show off vulnerabilities or their own skills. Press releases and the showing off of the stolen goods usually follows.

Is it just me, or does it seem like these reports are increasing? This attack for instance seems completely unprovoked and no one has taken responsibility for it. The fact that this poor company will now be out until later this year is just terrible for business. I can't help but wonder if some of these attacks are being committed by people who were 'put up to it' in some way by somebody for some amount of money.
 

CommanderKirov

New member
Oct 3, 2010
762
0
0
Oh come on? What is it Hack-Year?

Or did all the hackers awoke from their thousand years slumber deciding to send down nightmares and such upon us mortals.
 

icyneesan

New member
Feb 28, 2010
1,881
0
0
All this hacking does nothing to show other people that hacking is a legit technical skill that can help people. I wish humans would stop being dicks.
 

Alucard788

New member
May 1, 2011
307
0
0
CommanderKirov said:
Oh come on? What is it Hack-Year?

Or did all the hackers awoke from their thousand years slumber deciding to send down nightmares and such upon us mortals.
Either way it's we gamers and customers that suffer for it in the end. No matter the reasons for this attack...putting peoples identikits and financial lives at risk is never the right thing to do.
 

Kopikatsu

New member
May 27, 2010
4,924
0
0
intheweeds said:
So many sites seem to be getting hacked recently I can't help but wonder if there is some kind of funded black market. Certainly many hackers will hack 'for the lulz', but surely they realize the crippling real world financial implications of something like this.

'Lulz' hacks usually have some point to them. The target company/site has wronged them in some way or (as in the case of Lulzsec v. Nintendo) they wish to show off vulnerabilities or their own skills. Press releases and the showing off of the stolen goods usually follows.

Is it just me, or does it seem like these reports are increasing? This attack for instance seems completely unprovoked and no one has taken responsibility for it. The fact that this poor company will now be out until later this year is just terrible for business. I can't help but wonder if some of these attacks are being committed by people who were 'put up to it' in some way by somebody for some amount of money.
Same deal with the Dues Ex site. That was hacked into the ground, and basially noone could figure out a motive since they hadn't DONE anything.

I think people just can't see long-term is all.
 

Saltyk

Sane among the insane.
Sep 12, 2010
16,755
0
0
As much as I hated the original Sony hack by Anon, I understood that there was a reason for it. Maybe it was a bad reason, but it existed. I could understand the motivations. The follow up ones, stealing personnel data, I just didn't get beyond the desire for money. But now it's just getting out of hand.
 

DaHero

New member
Jan 10, 2011
789
0
0
Alucard788 said:
CommanderKirov said:
Oh come on? What is it Hack-Year?

Or did all the hackers awoke from their thousand years slumber deciding to send down nightmares and such upon us mortals.
Either way it's we gamers and customers that suffer for it in the end. No matter the reasons for this attack...putting peoples identikits and financial lives at risk is never the right thing to do.
No, they just got tired of hacking counter strike and call of duty. That's all.

Until hacking is considered a national security threat (hey, codemasters today, pentagon tomorrow) there won't be much to do about it.
 

RatRace123

Elite Member
Dec 1, 2009
6,651
0
41
Ugh, I'm sick of all this hacker crap.
God, it's like after Sony got hacked the floodgates opened and the assholes came pouring out. At this point I can't see this stopping until it reaches the breaking point and by then who knows what the hell will happen.

At any rate, good on you hackers, you're really sticking it to the man and proving yourselves to be the good guys in all this.
 

Bostur

New member
Mar 14, 2011
1,070
0
0
A lot of companies and government organizations have had horrible security for ages. I'm sure there is nothing new about sites like these getting hacked, thats how spam is made. The new thing is that either the hackers or the companies themselves make it public.

I think we will see several more incidents in the near future, and that may prove to be a good thing in the long run. The publicity may force these organizations and their users to rethink their privacy and security policies.

Any bets on how long it will take for facebook to get on the front pages of news media?
 

SexMeat

New member
Mar 10, 2010
19
0
0
Yay one of my tips got used :D, I expect they already knew about it, but I can at least pretend I helped.
 

Scrustle

New member
Apr 30, 2011
2,031
0
0
God damned hackers!! Before the PSN hacking started this huge tidal wave of copycat hacking I didn't really have an opinion on them. But now I see they are all a bunch of slime balls! It's not fair to hack Codemasters! They're not some big "evil" corporation like Sony! They're just a little game studio trying to create art! These hackers really have no respect! I hope they catch all these people quickly and give them swift merciless punishment!
 

Pilkingtube

Edible
Mar 24, 2010
481
0
0
I don't understand why they did this. Are they just trying to make people lose faith in humanity or what?

'Yeah, we're sticking it to those dirty companies by stealing innocent people's personal and financial data from them, in order to show those exact people how bad the company is that they store there data with.. until we stole it and sold it to the highest bidder that is.'
 
Nov 12, 2010
1,167
0
0
Well,there is no doubt in my eyes that someone is being payed for this if in fact this be the same group.I believe the term sleeper cells would fit the bill here,and this worries me more because there could be more,just waiting to pop up and we'll never know it.

edit:If we know some of these hacker's sites,why not show them how it feels?
 

tsb247

New member
Mar 6, 2009
1,783
0
0
Well, it's Codemasters, so we know that no good games were harmed in the perpetration of this hack. XD
 

Andronicus

Terror Australis
Mar 25, 2009
1,846
0
0
Something tells me that investing in stocks in internet security companies is about to become a very profitable idea.
 

JET1971

New member
Apr 7, 2011
836
0
0
They should have informed the customers right away and then investigate. a week was too long.