Dear valued Codemasters customer,
On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.
During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:
Codemasters.com website
Access to the Codemasters corporate website and sub-domains.
DiRT 3 VIP code redemption page
Access to the DiRT 3 VIP code redemption page.
The Codemasters EStore
We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.
Codemasters CodeM database
Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.
Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.
The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.
Advice
For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.
Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.
We apologise for this incident and regret any inconvenience caused.
We are contacting all customers who may have been affected directly.
Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at
custservice@codemasters.com
Posts
At least they didn't get CC info this time but yeah ....
http://www.fallout3nexus.com/downloads/file.php?id=16534
Epic Games
PBS
Nintendo
Sony and Sony... and Sony and Sony yet again
Eidos
Citibank
Codemasters
NHS in the UK
FBI affiliated sites
Whitehat Companies
Lockheed Martin
NASA
Northrup Grummon
but I got an email from them about the hack, and I cant for the life if me figure out why. Should I be freaking out?
edit
Codemasters is hte one doing Jumpgate evolution? I think I signed up to a newsletter or something with them long long ago for Jumpgate,maybe thats why I am getting the letter
http://www.bbc.co.uk/news/technology-13712377
They're not idiots. Perhaps morally lacking, even malicious. But not idiots. They are fully aware of the ramifications of what they are doing, and have the capability to do so.
Calling them idiots may bring you a little bit of comfort, but it does nothing to curb their actions. If anything, it makes light of a serious situation, it oversimplifies their actions and stereotypes the perpetrators, and spurs them onward to continue what they're doing.
Saying these people are idiots only makes the situation worse.
Nope. There's not any security there in the first place.
As with most major corporations, any good security policies that get suggested by competent IT guys get shot down when the pointy-haired boss goes "that sounds too expensive. We have a subscription to Norton Antivirus, we're good."
White FC: 0819 3350 1787
Pretty much. IT guys say this shit all the time, but it gets handwaved away until there's an actual intrusion, and then the IT guys are doing their best to avoid saying "I told you so" to avoid getting fired when the boss demands an answer to why this could happen.
Why we secretly love LulzSec
This might actually be the worst case scenario, because now the general public is aware of it. And if they're aware of it, then the politicians are aware of it. And those two groups don't look to the IT guys for solutions, they go into histrionics and lean towards the 'BAN EVERYTHING' option.
I'm really not looking forward to the next election cycle, and if these hacks get any more public and visible then I'm REALLY not looking forward to them.
Steam ID XBL: JohnnyChopsocky PSN:Stud_Beefpile WiiU:JohnnyChopsocky
Timothy Olyphant is clearly the mastermind behind LulzSec.
Short of banning internet usage entirely, which is ridiculous considering the UN proclaimed it a basic human right like three days ago.
You needn't worry about this kind of stuff. Everytime that technology has been misunderstood, people have feared a reactionary, primitive response. And it simply never happens. Politicians and governments propose their ideas, then when they get to the eleventh hour and speak to the tech guys who actually have to implement their crazy schemes, they get nothing but 'yeah no you can't do this ever'.
CorriganX on Steam and just about everywhere else.
But more of the public knows about the evil evil hackers right now than about Net Neutrality. I'd rather it be the opposite, but I guess Net Neutrality is harder to write news segments about.
Steam ID XBL: JohnnyChopsocky PSN:Stud_Beefpile WiiU:JohnnyChopsocky
Already on track to happen in Europe for ISPs and cell phone providers. Woo, Data Retention Act.
I'd be less worried about NASA than about Lockheed or Northrup Grumman.
Maybe it's because I was under the impression that the major players and world governments had the really secret stuff so far under lock and key that nobody could ever get to it. Damn movies, making me think things that aren't true.
Of all the possible reasons for becoming a hacker and hacking, doing it for the lulz is the most benign of them all and the one we absolutely want most.
Cause there are groups out there of hackers who do it for more usual reasons, like money and power or espionage.
Better that Anonymous uncovers security flaws for shits and giggles if we're being honest.
sorry
fixed that for you
the original was so ridiculously uninformed and vapid that I felt I needed to do something about it
What does that mean, that they took "200,000+ Brink users"? So far as I can tell, you don't need to log into the game, or even give it your email address. It's all streamlined through Steamworks to use your Steam data for your player name and such. What could they have stolen from Brink users?
Playing with fire ... ?
People who registered for the stats site and emails of those who asked for newsletters to be sent to them. It's certainly not on par with the PSN/SOE hacks for severity.
Steam
Or, you know, we'll do what we always do, patch everything to the latest rev and claim it's fixed.
So far from the hacks that were detailed, they're all using really REALLY idiotic attacks, like people who are still vulnerable to SQL injection: the world's easiest thing to not be fucking vulnerable to you lazy coders.
Usually I never get "it's too expensive" when suggesting security. Usually it's "that interferes with business" when you suggest that an open ssh connection to every system in the datacenter should be replaced by a vpn client.
To many business managers these are the same thing. Doing things correctly costs more money, but the quick way? Shit, no one will ever know, right?