Codemasters latest to suffer from hacked data
Site shut down and security hole closed after admin details stolen
UK publisher Codemasters has become the latest games company to suffer at the hands of hackers, following high-profile attacks on Sony and Square Enix.
The Dirt and Operation Flashpoint publisher told GamesIndustry.biz it moved quickly when it discovered password and login data for Codemasters.com had been compromised and posted online.
"On Friday 20th, there was an attempt to gain administrative access to the Codemasters.com website. This admin access may have allowed alterations to our company website.
"We responded swiftly with a full investigation to isolate the issue, bringing down Codemasters.com for a few hours to ensure no access would be possible, and returned the website after a security hole was closed. While some staff admin names were obtained, passwords were all encrypted."
"Our online team take security of user data very seriously and we are reviewing all of our websites and systems to ensure we are as safe as possible, especially as many games companies have been popular targets for this sort of activity recently."
As well as the high-profile PSN breach at Sony, which is expected to cost the company in the region of $170 million, Square Enix also fell victim to a hacking attack last month, with email addresses and CVs compromised.
(This has the double advantage of if someone is too precise they might have their identities forwarded to some authority for further consideration ;) )
This is a little different from what I've read about the Sony hack. The reason, I believe, that Sony are getting hit so hard at the moment is that Anonymous, who were annoyed about the whole George Hotz and OtherOS issues, have stated that they want small Sony sites taken down as part of a "recruitment drive"... so it's a little like viral hacking - having enough newbie hackers chipping away at Sony sites will eventually show up the cracks... then, on top of this, the media furore surrounding this gives hackers easy ways to become famous. Taking down a Sony Music site isn't a bigger thing than hacking into CodeMasters' - but the former will be much more likely to be featured on the big news sites at the moment.
If anyone wants to know exactly how badly protected many websites are I strongly suggest looking up "The Hacker News" ... just Google "THN the hacker news". Just yesterday there was some alarming news, for example, for those using vBulletin 4.x versions - an easily exploitable security hole... vBulletin released a security patch - but I doubt many will update fast enough. Older versions of vBulletin had, of course, even more security issues... Atari, as an example, are still on 3.6.8: http://forums.atari.com/ ... and all that it takes to find this information out is a Google search - "Powered by vBulletin 3" ... scary.
The fact is, though, these hacks were happening all the time - people are only noticing now because the PSN hack was an absolutely massive "win" for the hackers... followed up by another with the SOE site. Hopefully people, globally, will learn something from all of this...
Edited 1 times. Last edit by robert troughton on 27th May 2011 7:09am
I'm still saddened but unsurprised at the sheer amount of happy net-vandalism some individuals enjoy.
Is it time to realize that the era of the SNes is over and that putting some effort into security - and I don't mean DRM, I said SECURITY - is due? Didn't the excellent Wipeout on PSP, or Lumines or what else, allow a major hack to the whole system because of lack of security? Let me guess - they used the old string.h functions?
That was bullshit, as it was only the protection system that needed upgrading, which Starforce had done. It needed to be patched into the game by CM which they didn't want to do. I ended up using a No-DVD crack and Starforce remover to bypass the protection system. It runs fine now, and I no longer buy CodeMasters software. They don't give a shit about me when I pay for their software, I don't care when they're hacked. No wonder piracy is so damn rife in PC gaming with developer attitudes like that.
. Building secure online systems is a science but its not rocket science.