Cryptic Warns of Possible Server Hack 16 Months Later

News
By Kevin Parrish
published

Cryptic is just now warning of a server breach that took place back in December 2010.

If you've played one of Cryptic Studios' MMORPGs over the last two years, chances are you're currently receiving a warning about a user database breach via email.

In the warning, Cryptic states that, as a result of routine security checks and upgrades, the company has discovered that certain account information, including passwords, may have been accessed by an unauthorized party. Given that we live in a post-Sony Apocalypse world, the news really isn't all that surprising. But what is surprising is that the breach happened back in December 2010, and Cryptic is just now figuring it out more than a year later.

Cryptic is the studio behind City of Heroes, Champions Online, Star Trek Online, and the upcoming Neverwinter MMOG.

"The unauthorized access included user account names, handles, and encrypted passwords for those accounts," the studio said on Wednesday. "Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident."

So far there's no evidence that any other information has been swiped by the intruder, but it's possible that additional info was obtained. "If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed," Cryptic said. "We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user."

Let's just hope they don't figure it out in another sixteen months. Currently the investigation into the breach is still ongoing, and the studio says it's taking even further action to strengthen its systems, and to redouble its security vigilance and protections. In the meantime, Cryptic customers should be on the lookout for email and postal mail scams that ask for personal, sensitive information. Naturally Cryptic won't ask for any of this.

"While we have no evidence of unauthorized use of personal information as a result of this incident, to protect against any possible identity theft, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports," the studio said. "Further information regarding the prevention of identity theft can be found at the Federal Trade Commission’s website here."

News like this is making board games look better and better every day.

Kevin Parrish
14 Comments Comment from the forums
  • jryan388
    LOL that's uber embarrassing. Although if the hackers haven't used the data by now does it even matter?
    Reply
  • willard
    How many of these "whoops, my bad" apologies do we need before companies start taking security seriously? It's not 1990 any more, you need to be proactive.

    I bet if we started seeing criminal cases brought against companies who obviously mishandled private information they'd start taking security seriously.
    Reply
  • DroKing
    willardHow many of these "whoops, my bad" apologies do we need before companies start taking security seriously? It's not 1990 any more, you need to be proactive.I bet if we started seeing criminal cases brought against companies who obviously mishandled private information they'd start taking security seriously.
    I totally agree man. We need to set up some kind of policy that incentive the need for better security.
    Reply
  • -Fran-
    willardHow many of these "whoops, my bad" apologies do we need before companies start taking security seriously? It's not 1990 any more, you need to be proactive.I bet if we started seeing criminal cases brought against companies who obviously mishandled private information they'd start taking security seriously.
    The answer is easy... When people stop paying a company for crappy service (or buying it's related products).

    Would you trust your money on a bank that gets robbed every week?

    The answer, I will concede, is not "black and white", but you get the bottom of my argument.

    Cheers!
    Reply
  • Unolocogringo
    I dont get this. Our businneses take credit cards that are processed on our computer.
    4 times a year I have to log into one of their websites and then for 4 hours they try to hack into my computer.
    I always score 98 on the test. 2 points off because my computer is pingable.
    Funny thing is I never changed any of my security measures. I have always had my network set up this way.
    I have been running wireles since the early 90s when it was 1mb. 2mb(mebabits) if you had the upgraded antennae and was $4000 for two direct connect boxes and standard antennae.
    My wife laughed at me when I made antennaes out of coffee cans.But they worked very well and did not cost an additional $450 dollars each.
    Reply
  • A Bad Day
    At least it only took Sony less than a month to figure out something went terribly wrong...
    Reply
  • caqde
    Damn over a year... I feel a lot safer using the PSN than letting them have my information at least with Sony I will know before the end of the month...
    Reply
  • Gundam288
    and this is why I prefer paypal, just another way of keeping my card numbers harder to get at.
    Reply
  • ... should note that while Cryptic's "behind" City of Heroes, they haven't been involved with it for a few years now. CO and STO though... >.< yeah, timely word would have been good.
    Reply
  • to all those saying to be proactive with security, its hard to justify the cost involved with doing so until something of this magnitude occurs. then focus shifts, and money is spent, then passed on as costs to end users.
    Reply