NeoGAF

GJS · (04-26-2012, 12:31 AM)

Just got the following email from Cryptic Studios.

Quote:

As a result of routine security checks and upgrades, we have discovered that certain of your account information, including your password, may have been accessed by an unauthorized party.

For your security, we've reset the password on your account. You can recover your password via the "forgot password" link on the official Star Trek Online or Champions Online web sites:

https://www.startrekonline.com/user/password
https://www.champions-online.com/user/password

If you have used your account name and password for other accounts, especially financial accounts or accounts with personal information, you should consider changing your password on other services as well.

For full details on the unauthorized access, please read the notification here.

Apologies for the inconvenience.

Customer Service
Cryptic Studios

And further research lead me to this announcement:

http://www.crypticstudios.com/securitynotice

Quote:

04.25.2012

At Cryptic Studios, your privacy and security is important. As part of our ongoing efforts to monitor and enhance security, we recently detected evidence of an unauthorized access to one of our user databases. The unauthorized access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.

The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.

While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.

We are continuing to investigate this incident, and are taking even further action to strengthen our systems and redouble our security vigilance and protections. For your own security, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. If you use the same password for other accounts, especially financial accounts or accounts with personal information, we strongly recommend that you change them.

While we have no evidence of unauthorized use of personal information as a result of this incident, to protect against any possible identity theft, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. Further information regarding the prevention of identity theft can be found at the Federal Trade Commission’s website here.

We apologize for any inconvenience this unauthorized access may have caused our customers. Customers with questions about this incident and how it may affect them can contact customer service by submitting a support ticket at https://support.perfectworld.com/app/cs_cryptic/iss/log.

Interesting stuff as per usual, just a heads up in case people who might be involved didn't get the email, or for everyone to tut at people using the same password in multiple places.

Winterblink · (04-26-2012, 12:33 AM)

Dammit, not again...

Red Arremer · (04-26-2012, 12:34 AM)

Didn't they get hacked already just like 2 months ago?

Kritz · (04-26-2012, 12:38 AM)

Yup, got the email. What's shocking is the following:

Quote:

At Cryptic Studios, your privacy and security is important. As part of our ongoing efforts to monitor and enhance security, we recently detected evidence of an unauthorized access to one of our user databases. The unauthorized access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.

Like, what.

AlphaTwo00 · (04-26-2012, 12:38 AM)

Ditto.

Didn't even know I had an account with them.

Metalmurphy · (04-26-2012, 12:39 AM)

I just got an email, but I don't remember ever signing up for Star Trek Online oO

I certainly never played it.

Medalion · (04-26-2012, 12:40 AM)

Sonnofa bitch I just got this email too cuz I game on STO a lot

djplaeskool · (04-26-2012, 12:41 AM)

Man, I tried out CO and STO so long ago...
Was wondering if this was legit. Seems so.

Edit: December 2010?! WUT

famousmortimer · (04-26-2012, 12:42 AM)

Just got it as well. Easily gotten 10 or so of these in the last year. I'm just gonna snail mail hackers my CC info and whatnot to get it over with.

Kritz · (04-26-2012, 12:42 AM)

Yeah I am certain I have never signed up for Star Trek Online. What other games to these guys put out?

http://www.crypticstudios.com/products
Champions Online
Star Trek Online
Neverwinter (not NWN)
City of Heroes
City of Villians

Surely I have better taste than all of those games. Hopefully a password list goes up somewhere so people can start seeing what information was lost, like with the Battlefield Heroes thing.

Haunted · (04-26-2012, 12:42 AM)

So if I made an account in January, I'm good?

Only played the game for a day or so. >_>

edit: oh December 2010. That's crazy that they wouldn't tell anyone about this until now.

Lactose_Intolerant · (04-26-2012, 12:43 AM)

I'm guessing it got too big for them to cover up. Why announce this now after over a year.

Medalion · (04-26-2012, 12:45 AM)

Cryptic in general is really developing some shady doings

I am starting to think I should bail on F2P STO

Kritz · (04-26-2012, 12:47 AM)

Guess I totally have a Champions Online account for some reason. Well, that's good - it's a password I've since stopped using on everything.

Red Arremer · (04-26-2012, 12:48 AM)

Originally Posted by Medalion:

Cryptic in general is really developing some shady doings

I am starting to think I should bail on F2P STO

Sounds like a good plan.

Effect · (04-26-2012, 12:50 AM)

Originally Posted by Haunted:

So if I made an account in January, I'm good?

Only played the game for a day or so. >_>

edit: oh December 2010. That's crazy that they wouldn't tell anyone about this until now.

It's not that they didn't but that they didn't even realize it happen until now after doing detailed checks on their system. Says it right in the opening post.

Banana Kid · (04-26-2012, 01:00 AM)

I really need to just bite the bullet and buy 1Password.

Nothing is safe anywhere anymore.

GDGF · 01:02 AM

Yeah I just got this email :(

Oh wait I wasn't even playing Star Trek Online in 2010.

It's all good.

HarryDemeanor · (04-26-2012, 01:03 AM)

Originally Posted by Banana Kid:

I really need to just bite the bullet and buy 1Password.

Nothing is safe anywhere anymore.

Yep I ended up downloading LastPass for stuff like this.

MatthewB92 · (04-26-2012, 01:05 AM)

I got the email but I never played their games......

B_Rik_Schitthaus · (04-26-2012, 01:07 AM)

Originally Posted by Banana Kid:

I really need to just bite the bullet and buy 1Password.

Nothing is safe anywhere anymore.

"Was the hack successful?"

"Yes it was Mr. President... of 1Password!"

Tamanon · (04-26-2012, 01:14 AM)

I knew I shouldn't have even tried Star Trek Online.

But really, 2010? I don't even understand why you're notifying folks now. If you let it go for two years, might as well not tell anyone.

Pyronite · (04-26-2012, 01:16 AM)

Quote:

As a result of routine security checks and upgrades, we have discovered that certain of your account information...

You'd really think they'd take the time to get the first sentence right. Otherwise, my first thought drifts to phishing.

GJS · (04-26-2012, 01:22 AM)

Originally Posted by Pyronite:

You'd really think they'd take the time to get the first sentence right. Otherwise, my first thought drifts to phishing.

I think they just sent everything out as fast as they could, they also took their account servers down for emergency maintenance.

EdibleExplosives · (04-26-2012, 01:25 AM)

Urgh, now I need to try to remember what password I had for that account and change any other accounts with the same one.

PsychoRaven · (04-26-2012, 01:54 AM)

Originally Posted by Kritz:

Yup, got the email. What's shocking is the following:

Like, what.

Yea. That's screwed up. Almost a year and a half. That's beyond fucked up. Needless to say it pisses me off.

powersurge · (04-26-2012, 10:17 PM)

*sigh* I haven't played in a while (since the perfect world purchase) but I've got a lifetime sub so I thought I'd log in change my password etc.. and sure enough my password isn't working and the recover my password email hasn't shown up and I've been waiting about 15-20mins. WTF? :(