News Epic Games hacked

[Chronictank]

Looks like another one :/

Dear ***

Our Epic Games web sites and forums were recently hacked. After some downtime, they're back up and running now.

The hackers may have obtained the email addresses and encrypted passwords of forum users. Plaintext passwords weren't revealed, but it's possible that those passwords could be obtained by a brute-force attack on the encrypted passwords. Therefore, we have reset all passwords. Your new password at the bottom of this message.

The Unreal Developer Network (UDN) hasn't been compromised. Thankfully, none of our web sites ask for, or store, credit card information or other financial data.

We're sorry for the inconvenience, and appreciate everyone's patience as we wrestle our servers back under control.

Tim Sweeney
Founder, Epic Games Inc

 

[Rulke]

Well at least they were forthright about what was hit and they've already taken action to counter it

Sony take note...

 

[old.Osy]

I'll raise you... Codemasters!

Important information regarding your account 



Dear valued Codemasters customer, 

On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion. 

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following: 

Codemasters.com website 

Access to the Codemasters corporate website and sub-domains. 

DiRT 3 VIP code redemption page 

Access to the DiRT 3 VIP code redemption page. 

The Codemasters EStore 

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion. 

Codemasters CodeM database 

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised. 

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen. 

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year. 

Advice 

For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may ******dly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser. 

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law. 

We apologise for this incident and regret any inconvenience caused. 

We are contacting all customers who may have been affected directly. 

Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at custservice@codemasters.com.

 

[Wazzerphuk]

Can we stop blaming devs now? It's pretty clear there's a group of ***** who think it's clever to systematically attack everyone in the games industry, it's a fucking chore now.

 

[cHodAX]

Can we stop blaming devs now? It's pretty clear there's a group of ***** who think it's clever to systematically attack everyone in the games industry, it's a fucking chore now.

No. They are keeping fuckloads of information unencrypted and behind security that is incredibly leaky. Most of these hacks seem to be via SQL injection methods which can be be countered by having someone with security in mind coding the pages. No chance are the gaming industry getting off on this one, they are to blame for the hack not directly but non the less, the implement shoddy security and don't treat our data with respect.

 

[ECA]

They are going after mass username+password lists of poorly secured target companies in a relevant business, ie stealing mmo accounts that can be turned around fast.

 

[Raven]

Any MMO worth its salt has an authenticator, any player with any sense uses it. As per companies with an internet presence and only basic web security and shoddy data care (plain text again...lol?) I have no sympathy for them when they get hacked.

My company is small time by these standard and even we don't hold information in plain text. I am struggling to understand how any company would be incompetent enough to do so.

Its like leaving a great big pile of money in your greenhouse with only a crappy old padlock on it, then whining when someone nicks it.

They need to wake the fuck up tbh.

 

[Helme]

It's not incompetence, it's greed. It costs money implementing security, and as long as you aren't cracked nobody else will know the difference. There's been numerous people responsible for some of these systems who have known that it could happen but every time they've approached management to fix it they've been rebuffed, because it would cost money.

Basically it's the Apple syndrome to security, pray and hope for the best.

 

[Chronictank]

Citibank just got hit too

Hacking at Citi Is Latest Data Scare - WSJ.com

I am beginning to wonder if they have found a new MySQL exploit, Epic's UDK Partner CMS is not MySQL and managed to keep data safe

 

[MYstIC G]

There's clearly something going on. It's just bullshit that they're attacking all the games companies.

 

[ford prefect]

There's clearly something going on. It's just bullshit that they're attacking all the games companies.

NHS got a warning last week too - although I have to admit data security in the NHS is slim to non existant - in fact different hospitals often use different systems and different software packages for things - depends entirely on budget per hospital really. Recently for example, I had to send a research collegue some MRI images - they were in the wrong format for her and there was no way to convert them either. It can be quite frustrating at times.

 

[Wazzerphuk]

Yeah, seems to be much larger than just games, only as we're all games nerds we notice that first.

IMF also been attacked, getting silly.

 

[ECA]

There's clearly something going on. It's just bullshit that they're attacking all the games companies.

As I already posted, people use the same username/password a LOT, gamers = mmo accounts = fast sales in <2 mins to companies.

There was a huge spate late year that affected both wow and aion ( when it was still popular ) that was tracked back to a hacked DB - the source being shared pws.

Obviously usernames/passwords that gamers use are the most likely to get you mmo accounts.

 

[Gwadien]

*foil hats*

What if the companies are hacking theirselves, so they take money from their customers for their own use - recession going on, desperate for money...

 

[Wazzerphuk]

Anonymous hacked the Spanish police as well now.

They really are a bunch of pricks:

First and foremost, DDoSing is an act of peaceful protest on the internet. The activity is no different than sitting peacefully in front of a shop denying entry. Just as is the case with traditional forms of protest.

It's not peaceful, it's destructive and costs companies shitloads. Fucking morons.

 

[Chronictank]

O dear, Bethesda Hacked and they are trying to blackmail them

Bethesda Hacked, Details About To Be Leaked | Rock, Paper, Shotgun

 

[Wazzerphuk]

It's all Sony's fault!12032974lkfds!!21

 

[Helme]

It's not peaceful, it's destructive and costs companies shitloads. Fucking morons.

I fucking hope it costs the companies shitloads because they're obviously taking fuck all precautions to keep our information safe.

 

[Ormorof]

but errr you can only really safeguard against threats you know exist, if you dont know about them and havent thought about them before the hackers use them, then how the hell are you supposed to safeguard against it?

otherwise they would need some sort of super-dynamic skynet type thing to spot attacks that the security software has not originally been designed to spot...

sure if its simple negligence in testing or they havent patched up a known security issue then they are to blame, but if they dont know about a threat until after the breach occurs...

or am i completely wrong here?

 

[ST^]

If the US Army and the Department of Defense can get hacked, pretty much anyone can. You can cover most bases, but some people are very determined and very smart. These hackers aren't script kiddies (even though their behaviour makes it seem otherwise).

 

[Wazzerphuk]

or am i completely wrong here?

No, you're not. People getting up in arms about stuff they don't fully understand.

 

[GimmlyThe3rd]

Looks like some kind of zero day MYSQL exploit tbh, fat chance of getting it fixed quickly.

 

[Deebs]

Looks like some kind of zero day MYSQL exploit tbh, fat chance of getting it fixed quickly.

Care to elaborate on the 0day exploit you speak of?

 

[Ctuchik]

Anonymous hacked the Spanish police as well now.

They really are a bunch of pricks:



It's not peaceful, it's destructive and costs companies shitloads. Fucking morons.

As much as i hate to say it tho but they kind of have a point.

Doesn't it cost the stores money if ~1000 people block the doors so the customers can't get in and shop?


I don't agree with either way but there you go...

 

[Chronictank]

Care to elaborate on the 0day exploit you speak of?

apparently it's a new code injection attack, unfortunately there is little to no definitive info out there at the mo

I would guess it builds on the old buffer overflow one? (similar thing where you trick MySQL into freeing the same memory twice and cause the Daemon to crash) letting them get at the hashed passwords
I was under the impression this sort of thing was patched out ages ago tho :/

Theregister posted some info
http://www.theregister.co.uk/2011/02/17/hbgary_hack_redux/

I would take it all with a pinch of salt though

 

[Chronictank]

bloody cretins dropped the minecraft login servers the other day :/, Eve online login portal before that and i believe the Escapist too

It's not really hacking for the most part they are just dropping servers using DDOS attacks