Cryptic Studios, the developer of Champions Online and Star Trek Online, has released a statement today informing their customers who play both of the aforementioned titles that they’ve encountered a security breach that occurred back in December of 2010. Evidence of unauthorized access to their customer database was found with information such as usernames, handles, and encrypted passwords being compromised. The company has stressed that there has been no evidence that credit card data was taken, although it is possible that this data was also accessed.
As for what information that the culprit may have had access to, the statement explains:
“While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.”
Cryptic’s statement went on to say that:
“Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. If you use the same password for other accounts, especially financial accounts or accounts with personal information, we strongly recommend that you change them.”
Cryptic Studios will continue their investigation into the incident.
Analysis: I’m incredibly troubled by the fact that the security breach that has been brought to light today occurred all the way back in 2010. How an incident like that remains unnoticed for such a long period of time is beyond me, even if the data that was accessed by the intruder was limited. On top of that is the fact that as of right now, the possibility that personal information such as credit card details may have been taken, even if there’s no evidence that such information was compromised, isn’t exactly reassuring.
As per usual for incidents such as these, I would advise customers to keep an eye on their accounts if they believe they may have been targeted. Thankfully, Cryptic Studios are promising to take further action in improving their security systems to ensure an incident like this is a one-time event.