Yet another security breach!

[.Griff.]

Just received this email..

If you try and access any Codemasters site it redirects you to their Facebook page so it must be pretty serious for them to take everything offline.

Important information regarding your account



Dear valued Codemasters customer,

On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:

Codemasters.com website

Access to the Codemasters corporate website and sub-domains.

DiRT 3 VIP code redemption page

Access to the DiRT 3 VIP code redemption page.

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.

Advice

For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.

We apologise for this incident and regret any inconvenience caused.

We are contacting all customers who may have been affected directly.

Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at custservice@codemasters.com.

[Inkblot]

That's odd - I saw mention of it on the Lord of the Rings forums but have always been able to access them without any problem. I haven't received this email yet either but that could just be down to the sheer number they need to send out.

[.Griff.]

News now filtering out to the media -

http://www.develop-online.net/news/37993/Thousands-affected-in-Codemasters-data-hack

http://www.next-gen.biz/news/codemasters-confirms-data-breach

[Inkblot]

Indeed, just seen it mentioned again on the LOTRo site, somebody has had the same email and asking if it's real - and the official answer is yes, it's real 

Ah well, another round of password changes coming up

[Niall]

Yeah I had this email this morning. I can't remember what games I have with them, or when I last used them, or even what my login is

[Simon]

Ask the hacker. 

[zappaDPJ]

 

[wecpcs]

Just received this email..

If you try and access any Codemasters site it redirects you to their Facebook page so it must be pretty serious for them to take everything offline.

I had one of those as well.

Colin

[Technical Ben]

I wonder how many non gaming sites are getting hit, but not noticing it yet?
Rik, Rik? RIIIIIK!?
Where's Rik when you need confirmation you are safe?! 

[.Griff.]

And another one -

http://kotaku.com/5810939/the-latest-victim-of-the-account-hacking-horde-is-epic-games

[Gary]

I wonder how many non gaming sites are getting hit, but not noticing it yet?
Rik, Rik? RIIIIIK!?
Where's Rik when you need confirmation you are safe?! 

Well The IMF was http://www.bbc.co.uk/news/world-us-canada-13740591 the crackers are having lots of fun it seems.

[Technical Ben]

Reminds me of a certain film that "deleted" all the debt in the world off of the worlds banks servers. 

Crashed my pc earlier, and broke my login to steam. Took me ages to remember the pass, all the while panicking in case it had been hijacked.

[Gary]

Reminds me of a certain film that "deleted" all the debt in the world off of the worlds banks servers. 

Crashed my pc earlier, and broke my login to steam. Took me ages to remember the pass, all the while panicking in case it had been hijacked.

Bit robin hood like in  cyber way, oh now I have the geek stereotype in my head but with green tights on Arghhhh!!

[Technical Ben]

Oh no, in the film they played it totally straight, you did not even know that was going to happen till the end. The rest of the film was the usual Hollywood action.

[Niall]

I'm actually wondering if Steam has been hacked. Steam itself can't connect to their servers and the forums are unreachable too. My mate in Sheffield on Zen ISP can't see them either.

[.Griff.]

I'm actually wondering if Steam has been hacked. Steam itself can't connect to their servers and the forums are unreachable too. My mate in Sheffield on Zen ISP can't see them either.

I can't login to the Steam client but I can access the Steam website if I keep refreshing the page.

Edit - http://forums.steampowered.com/forums/showthread.php?t=1928816

[Niall]

It all just came back this very minute!

[.Griff.]

Same here.

Look at their stats though - http://store.steampowered.com/stats/

3 million users online one second, next to nothing the next second.

[Niall]

I bet they'll say they were upgrading security or something.

[Niall]

http://forums.steampowered.com/forums/showthread.php?t=1928816&page=2

Looks like it was world wide. They've either taken it down without warning or got attacked. I'd say the former is more likely as it'd still be down if it was being attacked.

[pctech]

And another, BioWare this time

http://www.theregister.co.uk/2011/06/16/bioware_hack_horror/

[Simon]

[pctech]

Glad I didn't store my card details on steam when I bought Portal 2.

[.Griff.]

Minecraft, EVE Online, and League of Legends hacked

http://www.videogamer.com/news/minecraft_eve_online_and_league_of_legends_hacked.html

[Gary]

LulzSec seem to being very handy at the mo, they tweeted about talking down a CIA front page, which has now filtered into the news, not sure how true but they id have a phone number up so you could suggest your fave place for a DDos attack 

[pctech]

Hmmm, our favourite telecoms monopoly?   

[Niall]

I had an email this morning from Sega saying they've been hacked too, and had their passwords, etc accessed.

[Gary]

I had an email this morning from Sega saying they've been hacked too, and had their passwords, etc accessed.

Saw that on El Reg...LulzSec I believe

[Technical Ben]

Thankfully with Minecraft it was only a Denial Of Service attack. No data compromised. More a failed attempt, or an attempt to break things.

[Gary]

Thankfully with Minecraft it was only a Denial Of Service attack. No data compromised. More a failed attempt, or an attempt to break things.

Think it was just to break things they seem to like doing that, they do just do it for the Lulz it will either die out as the crackers get bored or we will end up with draconian laws for internet usage because of these idiots.

[pctech]

Security consultencies and DDOS mitigation firms such as Gigenet and Prolexic must be raking it in at the moment.

[Niall]

The funny thing is that Steam was hacked and went down as we've mention here, but they are still yet to admit it.

[pctech]

You said in your earlier post you reckoned it had either been taken down or got attacked but it would still be down if attacked.

I reckon it was a connectivity outage although of course Valve maybe afraid to admit it.

[Niall]

There have been a lot of posts deleted on the steam forums by moderators too. I was looking around last night and I found more posts about them deleting threads than I did threads. One was saying that the lulz bunch knocked them off the net with a ddos attack, then wandered off to do something else, basically. Hard to know the truth as ever with Valve, they refuse to admit to anything. For all we know, all our accounts have been compromised and they haven't let us know. Incidentally there were a few posts last night saying peoples steam accounts had been hijacked and they hadn't replied to any of those dodgy emails, or replied to the PMs from random strangers asking for info. That being said you can't really take the word of anyone on the steam forums as it's generally populated by morons

[Technical Ben]

The funny thing is that Steam was hacked and went down as we've mention here, but they are still yet to admit it.

Hack? They get service outages at times. I thought it was a engineer to blame, not a hack. 

[Niall]

Strange that their entire network went down unannounced then, plus they didn't confirm or deny anything, or update anyone, or offer an explanation of what happened. Normally they do things like that with advance notice and clearly advertise it on their forums. There was no warning at all, and with all the backups they have, how can the entire network go down across the globe at once?

[pctech]

Just run a netstat with Steam loaded to see what connections it makes.

Looks like Level 3 (which I seem to recall they use for Content Delivery Network edge caching so that the games download quicker) but there is also a connection to Qwest communications which their site also resolves to which probably means its their main ISP)

So it could have been a problem with Qwest rather than the Steam network itself.

[Niall]

Dunno. As long as I can get the cr*p kicked out of me in Supreme commander I'm happy

[Technical Ben]

Great game that (and the original 3 or 4 versions ).
I got 6 little indie games for £6.50, so I'm well chuffed with Steam right now.

[Niall]

I've had two email from bioware today stating (and this is odd, I think) that their 10 year old neverwinter nights server has been hacked and details accessed are name, address, phone number, cd keys username, account details, encrypted passwords but not social security numbers.

They also provide a link to reset your password. Now I'm wondering if the email server has been hacked and this is what we are seeing here. Why would you email people telling the their equipment is 10 years out of date? What on earth is there a mention of social security numbers for when they aren't used to create any fo of gaming account.

I'm skeptical that this is an attack at all, and just a scam.

[pctech]

Looks like they scammers are making use of the e-mail addresses they've nicked.

[esh]

"Sony is preparing to ban gamers from the PlayStation Network unless they waive the right to collectively sue it over future security breaches. The firm has amended PSN's terms and conditions and users have to agree to them next time they log in. The move comes months after a string of hacking attacks compromised over 100 million accounts of the PlayStation Network subscribers. It is, however, possible to opt out of the agreement within the next 30 days. Gamers will now have to try to resolve any legal issues with an arbitrator picked by Sony, before being able to file a lawsuit."

Source: www.osnews.com

[Technical Ben]

And they say legalised slavery is dead.

[edit]
Totally relevant. The same applies, just replace MS with Sony. 
http://www.theinquirer.net/inquirer/news/2103551/xbox-live-user-claims-microsoft-owes-usd500bn

[pctech]

Wouldn't such a clause be illegal under UK law owing to the DPA.