Star Trek role-players' privates sniffed by alien invader
Cryptic Studios coughs to database hack
Agentless Backup is Not a Myth
Gaming studio Cryptic, the company behind Star Trek Online, Champions Online and City of Heroes, has admitted that its players' details were lifted in an unauthorised database access two years ago.
Cryptic said in a canned statement yesterday that it had only just discovered evidence of a data breach in December 2010, during which account names, handles and encrypted passwords were gathered.
The studio said it had reset passwords and sent emails out to all affected online role-players, but it doesn't yet know whether more sensitive information - such as real names, dates of birth, billing addresses and some digits of credit cards - were slurped.
"While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information," Cryptic admitted.
The studio said it was still investigating the digital break-in and was strengthening its security systems.
"For your own security, we encourage you to be especially aware of email and postal mail scams that ask for personal or sensitive information," it advised. "If you use the same password for other accounts, especially financial accounts or accounts with personal information, we strongly recommend that you change them."
Cryptic specialises in free-to-play online games and was acquired by Perfect World last year. The studio had not returned a request for additional comment at the time of publication. ®
COMMENTS
>>The studio said it had reset passwords and sent emails out to all affected online role-players.<<
For a data breach that happened 2 years ago! I think they might as well not have bothered, any compromises will have taken place ages ago.
Talk about closing the stable door... the horse has bolted, found a new owner, and sired three foals by now...
What the hell? You mean that email I received I few hours ago, which asked me to reset a password by clicking on links that pointed to a different domain than the one shown in the link text - was actually genuine?
It's been a long time since I played Champions, I didn't know that Cryptic was bought by Perfect World, and I had never heard of Perfect World before reading this article: the email itself only talks about Cryptic. I looked at the URLs declaring themselves to be champions-online.com, saw they were actually "perfectworld.com" followed by a whole lot of crap, and deleted the email.
Is it so hard to understand that if a link reads "www.whatever.com" it needs to point to www.whatever.com or at least something on that domain, or me and millions of other people are just going to assume it's a phishing attempt?
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
