Feeds

Atari and Square Enix cough to exposing users' privates

Gaming security still sux

Securing Web Applications Made Simple and Scalable

Atari has apologised to gamers following a security breach that exposed their names and email addresses, leaving users at heightened risk of spam as a result.

The gaming outfit blamed the fairly minor breach (no credit cards or mobile phone numbers were exposed) on problems introduced during a migration to a new cloud-based server platform. The breach came to our attention via an Atari email (extract below) forwarded by Reg reader Troy, who commented: "Well, this sounds like fun, might explain all the recent spam I have been getting".

Atari has discovered that some information that you provided to Atari when you registered on our site was recently able to be viewed publicly. The information that was viewable was your name and e-mail address.

This occurred when an outside contractor working on our website created some spreadsheets related to registered users. The spreadsheets were maintained on a database hosted on a cloud server that crashed.

When the server was brought back up online, the firewall around the database was inadvertently not re-established. As a result, there was an approximate three week period of time when names and e-mail address were able to be found and viewed online.

A registered user brought this to our attention and within 24 hours the database was removed from the internet and could not be seen by anyone. Atari takes very seriously the privacy of its registered users.

Atari is implementing new protocols to further assure the privacy of user data. If you have any questions, please contact Atari at userinquiries@atari.com. Atari is grateful for its registered users’ interest in our products and looks forward to continuing to provide interesting and useful information about our games and products to you in the future.

Separately games developer Square Enix admitted over the weekend that it had lost up to 1.8 million user data records to attackers including names, addresses and phone numbers following a hack attack on its website. Personal details of gamers in the US and Japan spilled as a result of the breach at Square Enix, which thankfully also didn't involve credit card details.

The incidents are just the latest in a seemingly never-ending line of security flaps involving gaming firms this year. The most notorious of these breaches led to the weeks-long suspension of Sony's PlayStation Network back in April.

Chris Boyd (AKA Paperghost), an avid gamer and security consultant at GFI Software, told El Reg that "games companies are still providing a juicy target" for hackers and other ne'er do wells.

"Gamers should be continue to be wary with regards what information they give to games companies as the massive amount of information these companies collect is proving too valuable a target to resist," he warned. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.