Cryptic Studios Security Breach

#1 Posted by on3moresoul (36 posts) -

Although things seem rather dead here as far as activity is concerned, just received this which may be of importance to some:

NEWS -- http://www.crypticstudios.com/securitynotice

04.25.2012

At Cryptic Studios, your privacy and security is important. As part of our ongoing efforts to monitor and enhance security, we recently detected evidence of an unauthorized access to one of our user databases. The unauthorized access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.

The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.

While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.

We are continuing to investigate this incident, and are taking even further action to strengthen our systems and redouble our security vigilance and protections. For your own security, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. If you use the same password for other accounts, especially financial accounts or accounts with personal information, we strongly recommend that you change them.

While we have no evidence of unauthorized use of personal information as a result of this incident, to protect against any possible identity theft, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. Further information regarding the prevention of identity theft can be found at the Federal Trade Commission’s website here.

We apologize for any inconvenience this unauthorized access may have caused our customers. Customers with questions about this incident and how it may affect them can contact customer service by submitting a support ticket at https://support.perfectworld.com/app/cs_cryptic/iss/log.

#2 Posted by WilltheMagicAsian (1545 posts) -

Well at least the passwords are salted.

#3 Posted by MikkaQ (10288 posts) -

@WilltheMagicAsian said:

Well at least the passwords are salted.

But are they HASHED!?!?

#4 Posted by Ravenlight (8040 posts) -

Crapsticks! December 2010?? Way to accidently the security.

#5 Posted by louiedog (2335 posts) -

This is why I use a password manager. The one I use is LastPass. I generate a different password for every site. It remembers them and fills them in automatically. The only passwords that I set manually are for important things like my bank or email. If for some reason LastPass stops working I can recover any of those passwords with my email. In the event that a site gets hacked all I need to do is change my password for that site. Even if the passwords were stolen in plain text, the thieves can't then go plug my email address and that pass into another site to use it.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.