Cryptic Studio notifying users of account breach

by: Dan -
It looks like the latest gaming company to get popped by hackers was Cryptic Studio, the company behind Champions Online, Star Trek Online, City of Heroes, City of Villains and Neverwinter.  Earlier this evening, Cryptic began notifying the affected customers of a breach in security that took place in December of 2010.   Yes, 2010.  In an e-mail (see below) and a post on their home page, cryptic details the events of the breach, what was accessed, what may, or may not have been accessed and what you should do.  The money paragraphs from the Cryptic post are as follows:
 
“The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.

While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.

So basically, they know for sure that the intruders were able to grab your account name, handle and encrypted passwords.  What they don’t know, and have no evidence of, is that your credit card info, name, e-mail, date of birth and billing address were also breached. 
 
For those of you affected, take extreme precautions even though this took place more than 16 months ago.


comments powered by Disqus