Jump to content
LOTROCommunity
Laurinaohtar

Codemasters Hacked

Recommended Posts

Just got this

Important information regarding your account

Dear valued Codemasters customer,

On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:

Codemasters.com website

Access to the Codemasters corporate website and sub-domains.

DiRT 3 VIP code redemption page

Access to the DiRT 3 VIP code redemption page.

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.

Advice

For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.

We apologise for this incident and regret any inconvenience caused.

We are contacting all customers who may have been affected directly.

Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at custservice@codemasters.com.

Thats not good, thankfully I changed my username and password when we switched over to Turbine. If you did keep the same username and password though it may be worth changing your Turbine account password.

Share this post


Link to post
Share on other sites

Just got this

Thats not good, thankfully I changed my username and password when we switched over to Turbine. If you did keep the same username and password though it may be worth changing your Turbine account password.

I saw this too. There's a post from Satine on the CM forums which says that PAS (system used for the LOTRO accounts) is a different system from CodeM (the one that got hacked). Probably still best to change the password though just in case.

Share this post


Link to post
Share on other sites

I saw this too. There's a post from Satine on the CM forums which says that PAS (system used for the LOTRO accounts) is a different system from CodeM (the one that got hacked). Probably still best to change the password though just in case.

Yep i just did. You never know. Besides there is never too much of internet security and precautions :P

Share this post


Link to post
Share on other sites

Perhaps one of the Codies folk can detail how the passwords are stored on CodeM? Are they MD5 or SHA1/SHA256 hashes? Are they salted hashes, with either hardcoded salt or one different per user?

Share this post


Link to post
Share on other sites

Considering how old their system likely is, my money would be on unsalted md5 hashes. At least they were hashed - it still boggles the mind how Sony had their user passwords in plaintext. As if their system was run by amateurs.

I changed all my passwords just to be safe, though I did not have many logins with CM, and none which were listed as affected.

Share this post


Link to post
Share on other sites

it still boggles the mind how Sony had their user passwords in plaintext. As if their system was run by amateurs.

You would be amazed at how many places I have done work for where this is the case!

Share this post


Link to post
Share on other sites

Why did I not received that e-mail? o_0

(checked spam folder as well)

Guess i'll change my PW right now on Turbine, as I used the same PW but a different accountname, still doesn't feel quite as safe now.

Share this post


Link to post
Share on other sites

I use Keepass to store my passwords and have it generate them for me so (hopefully) they are different for each account.

Bit of a nuisance having names/addresses/contact details, etc. 'stolen' though most of those things are already out in the public domain for anyone who has ever had dealings with any corporate or government body anyway :(

Share this post


Link to post
Share on other sites

personally I'd like to know why it took so long to get the e-mail... a lot of damage could have been done in one week

just glad I never use the same stuff

Share this post


Link to post
Share on other sites

Humm!

SOE & Codemasters!

At this rate they might soon have enough info to see how I create my passwords & account names.

More seriously though the Codemaster lose is enough for some identity cloning if the hackers wanted to. >:(

Time to take up SOE's offer of one years free identity theft protection.

Oh! and here is the BBC's view on what has happened:

BBC News Science & Technology - Hackers target UK games developer

Share this post


Link to post
Share on other sites

Ah yes, a typical news article from the traditional media. They have no idea what they are talking about and thus think responses by customers like "why did it take them a week, that's outrageous!" are in any way reasonable. I for one am pleased with the way CM handles this. They have investigated the incident and sent us an email in clear, understandable text (even for you non-techies) on what was taken, what they recommend you do etcetera. They didn't pull a sony, where a new wild claim on what wasn't stolen was debunked the day after.

Share this post


Link to post
Share on other sites

They didn't pull a sony, ...

Or worse, a Turbine. At least Codemasters and Sony eventually admit they've had a security leak.

Share this post


Link to post
Share on other sites

Dnote @ Codemasters had this to say about it :

Just to reiterate a point, the breached occured on the Codemasters.com website, who's account system is called CodeM. LOTRO however ran off of a seperate site entirely that used an account system called PAS, which in this attack was not breached.

So any personal information in your former LOTRO EU account remains, protected.

Those wishing to discuss this at Codemasters forums may do so HERE :

http://community.codemasters.com/forum/codemasters-general-discussion-17/467507-response-hacking-announcement.html

Satine points out that any passwords stolen were encrypted, and that the thieves would need to break that encryption to retrieve them.

It does seem unlikely they will be able to do this.

CodeM info comprises:

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags.

More from Dnote, and more reassuring :

COG (PAS)' date=' isn't anything to do with CodeM. [b']When we built the account system for our MMOs we purposely built something completely seperate from everything else we had.

We also modified the forums so that they would accept authentication from either CodeM (what we already had) or PAS (the new system). No account or personal information is actually held in the forums, beyond the minimum required to display/track posts as we're fully aware that off-the-shelf forums are frequently the target of malicious individuals.

Also PAS itself is actually hosted in a completely different data centre (not even the same hosting company) and does not interact with the Codemasters.com website in any way. So anyone who only used PAS should be safe.

Share this post


Link to post
Share on other sites

I don't know why but I'm always more delighted than concerned when a game company gets hacked. Maybe it's something to do with their 'you're not a customer, you're a wallet to drain' attitude or their 'I'm going to demand loads of personal information that I don't have any right to demand' policy but seeing them fail makes losing my (fake) details to hackers feel worth it.

Share this post


Link to post
Share on other sites

Looks as if the IMF has also been hacked. I would guess there will be a lot more companies announcing attacks over the coming weeks

http://www.bbc.co.uk/news/world-us-canada-13740591

Share this post


Link to post
Share on other sites

I am glad I chose I new username and password for my Turbine account. Is it just me being suspicious or did the hackers choose now whilst Codies were busy with the transfer?

PJ

Share this post


Link to post
Share on other sites

If it travels across data lines, it is vulnerable. Do everything you can to protect yourself, because Turbine will not do it for you.

Share this post


Link to post
Share on other sites

Add Escapist Magazine and Eve to the list of recents hacks

http://www.neowin.net/news/lulzsec-hacks-escapist-magazine-and-eve-online

This is all getting beyond a joke now

edit: it appears Minecraft is also down

Share this post


Link to post
Share on other sites

For the hackers, from their own admission, it's all for "the lulz". In many (but not all) of the occurrences, the attacks are made simply to see if they can be done. It's unfortunate.

It's only a matter of time until Turbine/WB get seriously hacked (and, if some suspicions are correct, hacked again), in my opinion and if the current trend stays consistent. Prepare yourselves and your systems to be able to present an iron-clad defense against the eventual claims by Turbine that you were the cause of the hacking of the account you hold with them.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...