Codemasters' web site hacked again; site shuts down

A couple of weeks ago, UK-based game developer Codemasters admitted that its web site was the subject of a cyber attack on May 20. The company said that the info obtained from the attack at the time was limited to some admin names from Codemasters' staff. Now Neowin.net has received an email from Codemasters admitting that the web site has been hacked yet again on June 3. As a result Codemasters has taken the main site down and redirecting that site's visitors to the company's Facebook web site and it will stay that way "for the foreseeable future."

In addition to the main web site, the unknown hackers also attacked the Codemasters corporate website and sub-domains, the DiRT 3 VIP code redemption page and the Codemasters EStore. The company said that "customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history" was all exposed in this attack from the EStore. However it claims that payment info was not taken due to Codemasters using an external company for those efforts. The company has also admitted that "Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags" were exposed  from the main web site.

Codemasters states, "Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen." It suggests that users affected by this attack change their passwords that may have been used by their Codemasters accounts. It added, "We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law. We apologise for this incident and regret any inconvenience caused." Codemasters will relaunch its company web site later this year.

Report a problem with article
Previous Story

Patch Tuesday: Fixing critical vulnerabilities

Next Story

E3 2011: NECA to make collectibles based on Valve products

19 Comments

Commenting is disabled on this article.

son of a bitch I'm going to have to change my passwords AGAIN!
I'm running out of ideas for passwords

Maybe it would just be safer to use Password?

Teebor said,
son of a bitch I'm going to have to change my passwords AGAIN!
I'm running out of ideas for passwords

Maybe it would just be safer to use Password?

Mine is 1234...

NeoRaZor said,

Mine is 1234...

That one is too obvious, I always use my username as password. It's also easier too remember..

Teebor said,
son of a bitch I'm going to have to change my passwords AGAIN!
I'm running out of ideas for passwords

Maybe it would just be safer to use Password?

Or you could just make sure all your passwords are different..

Also from what they said above they got the Encrypted password, which as long as they were not using md5 to hash it, you should be safe.. ( though if you DO use the password elsewhere, change them just to be safe.. )

Teebor said,
son of a bitch I'm going to have to change my passwords AGAIN!
I'm running out of ideas for passwords

Maybe it would just be safer to use Password?

You can come up with a way to ID each site with the same password. For example, the threads example of 1234 as the password, you could append it with first 3 letters of the domain name of the site, and maybe convert it into hackerish such as a password for neowin's site would be then "1234n30" . That'll give you a password that is unique to each site.

Teebor said,
son of a bitch I'm going to have to change my passwords AGAIN!
I'm running out of ideas for passwords

Maybe it would just be safer to use Password?

I use this:
http://supergenpass.com/

Set it to 24 characters and also use a salt.

Hmm I got this in an email an hour ago

"Dear valued Codemasters customer,

On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following: "

Safety is a fiction of your imagination....

if crackers can reverse engineer all types of software piracy protection that sellers come up with....
then breaking into a website is not impossible....

that's the scary truth.

Hackers just think it's fun and games until some wise guy thinks its a nice idea to hack a bank. Then **** will hit the fan.

MillionVoltss said,
Is anyone safe ?

Doesn't appear so. Quite a few bigname sites have been hacked in the last few months, makes me wonder who else has been or is going to be hacked in the future. Also makes me question if anyone else was hacked but hasn't said anything for fear of bad publicity.

Elessar said,

Doesn't appear so. Quite a few bigname sites have been hacked in the last few months, makes me wonder who else has been or is going to be hacked in the future. Also makes me question if anyone else was hacked but hasn't said anything for fear of bad publicity.

i especially wonder the 'who eslse has been'.
big chance many are to cowardous to come forward, or that it will take a while before they'll come forward...