News Now Codemasters are hacked

[cHodAX]

Just got this email from them...

Dear valued Codemasters customer,

On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:

Codemasters.com website

Access to the Codemasters corporate website and sub-domains.

DiRT 3 VIP code redemption page

Access to the DiRT 3 VIP code redemption page.

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.

Advice

For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may ******dly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.

We apologise for this incident and regret any inconvenience caused.

We are contacting all customers who may have been affected directly.

Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at custservice@codemasters.com.

Does no fucker take security seriously anymore?

 

[Sockstuff]

Not my newsletter preferences. Anything but that!

 

[cHodAX]

Not my newsletter preferences. Anything but that!

You don't have nowt worth nicking anyway! Infact they might even send you some sympathy cash!

 

[megadave]

Getting pretty old this hacking everyone bollocks now.

I wonder if they realise there will certainly be some massive repercussions for the land of internets

 

[Keitanz]

Getting pretty old this hacking everyone bollocks now.

Hopefully it will make more companies think more about security :/

 

[Raven]

Too many companies taking a far too relaxed stance with our personal information.

I think I am going to create a whole new identity for online stuff now.

Lady Humphrey McSmythe it is.

 

[Zenith.UK]

I wonder if they realise there will certainly be some massive repercussions for the land of internets

Unfortunately, these guys are contributing to the future lockdown of the internet. Short term lulz, long term restrictions.

 

[cHodAX]

SET THE BITS FREE!

<drops pants!>

 

[Laddey]

How do hackers actually learn how to.... Well... Hack?

I know its coding n all that but how?!

They study say...C++...then after they've mastered that they're leet hackers?

 

[Chronictank]

you learn how the system of your choice works (really works, not how to use it) then you can see where the potential exploits could be
The coding part helps because it means you can understand issues with a given language and can exploit holes left by lazy developers.
One example of this is the Sony website hack, where an SQL (Database) exploit was left open by the web developers being lazy when they made the site, good practice is to test for exactly that exploit before a page is made live

The rest is just experience and learning whats happening in the market

 

[ford prefect]

They should take a look at the way credit cards work. I recently activated a well known credit card online and frankly my A'Levels were easier. There were pictures, numerous passwords I will never remember, special dates I won't remember, special numbers I won't remember and an activation code sent with the card, which I have since lost. If I can ever access that online account again I will be amazed, let alone anyone else.

 

[Sockstuff]

They should take a look at the way credit cards work. I recently activated a well known credit card online and frankly my A'Levels were easier. There were pictures, numerous passwords I will never remember, special dates I won't remember, special numbers I won't remember and an activation code sent with the card, which I have since lost. If I can ever access that online account again I will be amazed, let alone anyone else.

And yet a certain uk company that processes millions of these transactions still have access to every card detail that goes through them on the way to the bank through a plain text log file. At least they did a short while ago when I worked there. The staff that had access to these logs (around 50) had no kind of police checks done on them before working there.

You could have print out from these files laying around on peoples desks.

I'm sure its wide open to abuse like this further down the line too. I had many schemes running through my head to steal millions that I never had the guts to pull off.

 

[soze]

I did doubt Sony were the only people to have the minimum legal security. For the next two years these companies will be at the bleeding edge of security before the costs get to high and this starts all over again.

 

[BloodOmen]

sounds to me like all these companies have the same fucking security flaw and someone is just exploiting it to the max.

 

[Jimmy]

just seen this on sky news site one comment made me giggle tho

posted by: edl4theuk on June 10, 2011 10:30 PM

where are all the xbox fans that were bad mouthing sony?like i said it can happen to anyone regardless of how big the company is,let alone the ps3 is the most powerfulest console twice the power of the pap box.so get your facts rite then comment...stoopidd​

​