Passwords 'were partially decrypted' in December 2010; Account names and online handles extracted; 'No evidence' of further hack
California MMO studio Cryptic has discovered a massive security breach to one of its databases some 16 months after the hack had occurred.
Account names, online handles, and encrypted passwords were extracted illegally by an unauthorised user. While passwords were encrypted, the studio revealed that “the intruder has been able to crack some portion of the passwords in this database”.
Customers have been notified via email and passwords have been reset. There is no evidence of further hacking, Cryptic added.
The studio explained the 16-month security lapse by claiming “evidence has just been uncovered due to increased security analysis”.
While there is no indications of further hacking, Cryptic said if such actions occurred it would put at risk very sensitive user information, including first and last name, e-mail address, date of birth, billing address, and the first six digits and the last four digits of credit cards registered on the site.
“We are continuing to investigate this incident, and are taking even further action to strengthen our systems and redouble our security vigilance and protections,” the company said.
The studio has warned customers to “be especially aware of e-mail and postal mail scams that ask for personal or sensitive information”.
“Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information,” it added.
The company has apologised for the breach.
Last year a hacking craze swept through the games industry following the extraordinary PlayStation Network security breach. Companies such as Valve, Square Enix, Codemasters and Sega were just some of the companies affected.
Cryptic operates MMOs such as Champions Online and Star Trek Online.