Codies Online Features Hacked

Just when you thought it was possible to all move on from the depressing deluge of stories about hacking, Codies fall victim to an attack. The UK-based publisher has suffered breaches to many of its online services and systems, detecting the attacks on Friday 3rd of June.

Codemasters say they immediately removed all services that they thought were compromised and have today sent an email to customers warning them of the situation and letting everyone know just what they think was accessed. It’s not pretty, here’s the relevant excerpt from the email doing the rounds:

– ARTICLE CONTINUES BELOW –

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members’ names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.

So it seems that although payment details were not kept in the same location, and passwords were encrypted, names, addresses and other personal information was exposed and it is all assumed to have been downloaded and stored – even if there’s no way to verify that assumption.

As ever, we urge everyone to use unique passwords for online services, never disclose your personal information to anyone you don’t totally trust to treat it correctly and take every measure to ensure that your financial information is secured.

Im sure you all join us in wishing that this new trend for trying to violate the personal information of gamers would blow over. It really is getting tedious now.

Source: Email (also tipped by iamtdogg)

– PAGE CONTINUES BELOW –

26 Comments

  1. Oh for god sake what is the problem with these stupid and selfish people.

    • i think you just answered your own question there.

      • Good point, what we really need is some people to hack the hackers, like a robin hood group or something, although in todays terms on the web they’d be called R081N H00D or similar.

    • Yeah, I wish they’d stop scrimping on security costs…

      :P

      • this ones for you & cc_star. Look at RSA Security. They are one of the top anti-hacking companies in the world and they were hacked a month before Sony and they have no idea who did it either.

        A couple of days ago it was announced that the breach now means that over 40 million RSA key generators issued to individuals/companies all over the world have to be replaced as they cannot guarantee that the encryption will not be broken.

        I would be very surprised if they didn’t have some of the best internet security available in place on their systems, seeing as some of their customers are banks, governments and military contractors.

        For those who don’t know who RSA Security are and why I imagine they would have the best security money can buy, they created Verisign and the SSL protocol.

      • Yes, the RSA hack was impressive, in fact people are saying that it was the same people who hacked Lockheed Martin (security contractor and weirdly UK census organizers), using the RSA dongle algorithms. But look at Lockheed Martin, their passwords were compromised, yet as far as we know, not much was able to be taken.

        The reason I’m annoyed at game companies is that most of the time these hacks are caused by easily preventable hacks, stuff like SQL injection. And really, once you get SQL filtering right, alot of hackers will move on, because there are easier targets.

        I’m not saying this is another case of SQL injection, but I wouldn’t be surprised if it is, and in that case, I’ll be adding them to my list of developers from which I only buy second hand.

        Also, everyone handling personal data should be employing whitehats in order to stress test their security, which, I assure you, most are not.

  2. just got my email – good god – now software companies hacked with my details gone – I cant even remember what I got from codemasters that I still play. Best do some digging and get that password changed – but this is now getting to be a real pain in the A***.

    • Received mine earlier, and yes it’s a very big pain in the backside.

  3. Sony may actually benefit PR ways in the fact they were the first to get hit badly. After all the thought would be other companies should learn from Sony’s mistakes.

  4. I got an email about it too, it also say they broek into the Dirt3 VIP code redemption page, hmmm

    • Hmm, I haven’t renewed my Dirt 3 VIP pass yet. Sigh.

  5. people can blame hackers until the end of time but maybe companies should get better at securing information, if you ask me it’s criminal negligence on the part of Codemasters. I give them information with the agreement they keep my information secure and it does not get in the hands of a third party

    • Hmm, I don’t know about that. We trust our governments and military to protect us from terrorists too, but occasionally the slip through and cause great damage. Does that mean we should direct our anger at the men and women of the military and not the scum bags who actually perpetrated the crime?

      I see your point, but I think it’s misplaced here.

      • You can blame the politicians. They willingly let them in.

    • @td_rules read my above post.

  6. This is proving a valuable point here that most systems can get hacked if someone wants to. After the Sony hacks a lot of people were under the presumption that only Sony’s systems were vulnerable. Obviously not. Still, as much as I love seeing someone prove a point, it’s not worth the information which is getting leaked out onto the web. Hopefully this will end soon and companies will get the message and start upgrading their security.

  7. hope they get found asap.

  8. Indeed it is getting tedious. Is there any apparent reason for these hacks, apart from maybe the case regarding George Hotz and the PS3 OtherOS feature removal (because that’s definitely a poor reason to aimlessly hack sites)?

  9. I think I’m only in their VIP Pass For Dirt3 database, so I assume that involves my PSN account name (surely not its password as there is no reason for Codemasters to have access to my account details? – if so then I’ve got a session of password changing and email creating again!), my PSN registered email address, and what else?

    This is extremely tedious, and as an expression of personal annoyance I hope they catch whoever did this and cut off their goolies with a rusty and blunt penknife…!

  10. This is extremely sad news, Probably hellish for the people at Codemasters as it has been for Sony’s companies. I wonder what the hackers motivation is? Can’t get my head round it, it’s just malicious.

Comments are now closed for this post.