Feeds

Atari and Square Enix cough to exposing users' privates

Gaming security still sux

Protecting users from Firesheep and other Sidejacking attacks with SSL

Atari has apologised to gamers following a security breach that exposed their names and email addresses, leaving users at heightened risk of spam as a result.

The gaming outfit blamed the fairly minor breach (no credit cards or mobile phone numbers were exposed) on problems introduced during a migration to a new cloud-based server platform. The breach came to our attention via an Atari email (extract below) forwarded by Reg reader Troy, who commented: "Well, this sounds like fun, might explain all the recent spam I have been getting".

Atari has discovered that some information that you provided to Atari when you registered on our site was recently able to be viewed publicly. The information that was viewable was your name and e-mail address.

This occurred when an outside contractor working on our website created some spreadsheets related to registered users. The spreadsheets were maintained on a database hosted on a cloud server that crashed.

When the server was brought back up online, the firewall around the database was inadvertently not re-established. As a result, there was an approximate three week period of time when names and e-mail address were able to be found and viewed online.

A registered user brought this to our attention and within 24 hours the database was removed from the internet and could not be seen by anyone. Atari takes very seriously the privacy of its registered users.

Atari is implementing new protocols to further assure the privacy of user data. If you have any questions, please contact Atari at userinquiries@atari.com. Atari is grateful for its registered users’ interest in our products and looks forward to continuing to provide interesting and useful information about our games and products to you in the future.

Separately games developer Square Enix admitted over the weekend that it had lost up to 1.8 million user data records to attackers including names, addresses and phone numbers following a hack attack on its website. Personal details of gamers in the US and Japan spilled as a result of the breach at Square Enix, which thankfully also didn't involve credit card details.

The incidents are just the latest in a seemingly never-ending line of security flaps involving gaming firms this year. The most notorious of these breaches led to the weeks-long suspension of Sony's PlayStation Network back in April.

Chris Boyd (AKA Paperghost), an avid gamer and security consultant at GFI Software, told El Reg that "games companies are still providing a juicy target" for hackers and other ne'er do wells.

"Gamers should be continue to be wary with regards what information they give to games companies as the massive amount of information these companies collect is proving too valuable a target to resist," he warned. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.