The Register® — Biting the hand that feeds IT

Feeds

Codemasters pulls website after hackers pwn customer database

Game over

By John Leyden, 10th June 2011
  • print
  • alert

Games developer Codemasters has taken its website offline and advised users to change their passwords in the aftermath of a hack attack last week.

Unknown attackers made off with a treasure trove of personal information following an attack on Codemaster' website last Friday (3 June). Hackers got access to the Codemasters CodeM database, EStore, and code redemption pages.

Details lost included members' names, usernames, screen names, email addresses, dates of birth, encrypted passwords, newsletter preferences, biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags. In addition, telephone numbers, encrypted passwords and order histories were accessed and compromised from the Codemasters electronic store.

Payment card details are handled and stored by an external payment provider, and are not affected by the breach.

Although payment details ought to be safe users are exposed to severe risk if cases where they also use their Codemasters password/login name with other (perhaps more sensitive) accounts, such as webmail or e-banking. These passwords need to be changed quickly.

In addition, users should be wary of the possibility of receiving phishing emails that use data from the Codemasters heist to give them extra plausibility.

Codemasters said its website "will remain offline for the foreseeable future" as a result of the hack with traffic re-directed to the Codemasters Facebook page instead.

"A new website will launch later in the year," it adds.

The gaming outfit sent out warning emails to its customers on Friday, which is the first many had heard of the problem. Several readers (too numerous to mention individually) forwarded these emails.

We've asked Codemasters for comment on the hack but are yet to hear back at the time of going to press. It seems remarkable that a firm that depended at least in no small part on web sales would take its site offline indefinitely. This is a question we'd hope to explore as and when we hear back from Codemasters.

Codemasters has employed controversial law firm Davenport Lyons to chase file sharers for damages over the alleged uploading of copies of its games onto file sharing networks. It's unclear whether or not this motivated this months assault but the loose confederation between file sharers and hackers does make it a possibility. ®

COMMENTS

House Rules Send Corrections
All Reader Comments (29)
Highly Rated
AudiGuy

Can't say I'm sorry to see them having problems.

Bought my only game of theirs from one of their partners (Boonty.com) four years ago...had the motherboard in the computer it was installed on crash & burn...when I rebuilt the computer with a new motherboard & CPU, the game asked to be re-activated...and they BOTH refused to help me.

Found a "work around" on the Net to get it running again. So I'm sorry for the customers...not sorry for Codemasters.

6
2
Adam T
Reply Icon

duh

Your hate is misplaced. It's not them is it, it's us. Be different if they were hacking the CEO's air conditioning and private elevator.

3
0
Oliver Mayes

Starting to get pissed off now

This is the third email I've had in the last month from a big company saying "Sorry, we got hacked and all of your card details have been stolen." Then they shrug it off and go back to operating in exactly the same way. How hard is it to have a secure system?

Why are these details being stored in clear text?

What happens when I see money leaving my bank account? Are my bank going to reverse the withdrawals or are they just going to shrug and blame me for not keeping my details secure?

3
0
Martin Lyne

I did try to warn you

I fucking predicted this would happen in this post: http://forums.theregister.co.uk/post/1053532

When a website manages to royally fuck up your registration process you can assume a few things. Things like unencrypted passwords and SQL injection invitations.

I'd laugh if all my fucking, shitting data wasn't on their fucking shitty websites. Did I mention Fuck and Shit? Those too.

1
0
Law

grrrr

Wouldn't bother me so much, but now that both PC and Xbox games are beginning to require me to sign up to these things to even play the damn game I bought it's getting to be a bit of a pain in the arse...

1
0

More from The Register

US boffin builds 32-way Raspberry Pi cluster
Beowulf cluster built for the price of a single PC
108
Nintendo throws flaming legal barrel at YouTubing fans
All your walk-through vid revenue are belong to us
53
Review: HP Pavilion 14 Chromebook
All roads lead to Chrome?
44
Petshop iPad fanboi charged with filming up young model's skirt
LAPD throws book at fondleslabber
43
Borked your iDevice? Pay EVEN MORE to have it fixed by Applecare
Or scream at their hapless techies on their forums
29
Euro PC shipments plummet into bottomless pit of DOOOOM
11th quarter of decline, 20pc drop on last year - Gartner
41
breaking news
Rogue Nokia splinter cell drops its Jolla phone A-BOMB
Ota tuo, vihreä robotti Google!
69
Report: AT&T dropping Facebook phone after dismal sales
Turns out folks won't buy that for a dollar
20
Which petite model likes a fondle and GETTING WET? Sony's Xperia ZR
Take this new mobe swimming. Just not deep, or for long, OK?
23
Google adds Atari Easter Egg for Breakout's birthday
Cute game born in Jobsian heart of darkness
27