Cryptic Reveals 2010 Database Hack

Andy Chalk

One Flag, One Fleet, One Cat
Nov 12, 2002
45,698
1
0
Cryptic Reveals 2010 Database Hack


Cryptic Studios has announced that one of its user databases was hacked 16 months ago.

Cryptic Studios, the publisher of MMOs including Champions Online [http://www.amazon.com/Star-Trek-Online-Pc/dp/B002673XJA/ref=sr_1_2?ie=UTF8&qid=1335459081&sr=8-2], announced yesterday that it had "recently detected evidence of an unauthorized access to one of our user databases." Not good news, but nothing all that super-terribly unusual in this post-PSN-hack world we live in either. But this attack wasn't actually post-PSN at all: it happened in December 2010.

We're only hearing about it now because Cryptic just stumbled upon evidence of the intrusion due to recent "increased security analysis." The good news is that the passwords in the breached database were encrypted; the bad news is that whoever broke into the system was also apparently able to crack the encryption on at least some of the passwords. And while the company says that it currently has no evidence that other information in the database was compromised, it acknowledged that the intruder may have also gained access to data including first and last name, email address, date of birth, billing address and the first six digits and last four digits of credit cards registered to the site.

The investigation into the hack is ongoing and Cryptic issued the usual warning to its users to be extra-wary of scams seeking personal or credit card information. It also strongly urged people who use the same password across multiple services to change them up, and took it upon itself to reset Star Trek Online and Champions Online passwords as a precaution. Cryptic passwords can be recovered using the standard "forgot password" option.

Details about the breach and how to contact customer service with questions can be found at crypticstudios.com [http://www.crypticstudios.com/securitynotice].


Permalink
 

Jack and Calumon

Digimon are cool.
Dec 29, 2008
4,190
0
41
[HEADING=2]ಠ_ಠ[/HEADING]

For almost a year and a half, you were unaware someone was snooping around your servers? This does not inspire confidence. You know, I was thinking that maybe companies like these do have great hacker protection, and it's just the hackers who are getting better, but I think this has shown me that, in all likelihood, there are a few companies out there that just don't have good enough protection.

Honestly, that is just shameful.

Calumon: They could've stole their money and bought like a bazillion cakes in that time! D:
 

Daymo

And how much is this Pub Club?
May 18, 2008
694
0
0
Oh Sony if only you had let the hack go undetected, no one is going to make a fuss out of this and these hackers got far more then anything the PSN hackers got, with at least partial credit card numbers.
 

Formica Archonis

Anonymous Source
Nov 13, 2009
2,312
0
0
Andy Chalk said:
The good news is that the passwords in the breached database were encrypted; the bad news is that whoever broke into the system was also apparently able to crack the encryption on at least some of the passwords.
What? How? What sort of encryption were they using? AND ALWAYS! SALT! YOUR HASHES! I'm not even affected by this and if I find out that Cryptic left their database vulnerable to basic rainbow tables or something I'm going to hurt them.
 

McMullen

New member
Mar 9, 2010
1,334
0
0
More support for simply assuming that any database we're on may have been hacked.
 

devotedsniper

New member
Dec 28, 2010
752
0
0
I got an email about this the other day, i sat there thinking i don't think i was even registered back then, i only got into STO a few months back...
 

Lunar Templar

New member
Sep 20, 2009
8,225
0
0
lol

they got nothing from me if they got any of my info at all, i cleared EVERYTHING from that account when i abandoned it, so no credit card data for them :p

still this is really pathetic, it took them this long? really? they make Sony look on the ball don't they .....
 

Quiotu

New member
Mar 7, 2008
426
0
0
Andy Chalk said:
We're only hearing about it now because Cryptic just stumbled upon evidence of the intrusion due to recent "increased security analysis."
O'RLY? You think?! *facepalm*
 

Chairman Miaow

CBA to change avatar
Nov 18, 2009
2,093
0
0
I got an e-mail about it and I only made an account a few months ago. Inspire confidence, this does not.
 

Doclector

New member
Aug 22, 2009
5,010
0
0
Jack and Calumon said:
[HEADING=2]ಠ_ಠ[/HEADING]

For almost a year and a half, you were unaware someone was snooping around your servers? This does not inspire confidence. You know, I was thinking that maybe companies like these do have great hacker protection, and it's just the hackers who are getting better, but I think this has shown me that, in all likelihood, there are a few companies out there that just don't have good enough protection.

Honestly, that is just shameful.

Calumon: They could've stole their money and bought like a bazillion cakes in that time! D:
Well, pretty much what I was going to say. Well, the jack part.

It's disgraceful, unbelievable, and overall just...bad that they only found out now. I mean...how does that kind of breach go un noticed? Had they not noticed a surge in compromised accounts? Anything?
 

General Vengeance

New member
Aug 26, 2009
187
0
0
I don't know why anyone would be surprised by this? We are talking about Cryptic Studios after all. They shouldn't be making computer games in the first place, at best macaroni art and ensure you take away their glue at the end of the day.
 

Dreadjaws

New member
Nov 29, 2011
48
0
0
The thing is, if the hackers got ahold of all those passwords, why hasn't people noticed the effects? No one in all this time has had their account hacked? Unlikely, but there should have been massive numbers. Had the hackers been good sports enough to just hack two or three of those accounts in two years?