The Cryptic Studios page has been updated with the announcement that its servers have been the victim of what the press release calls 'unauthorized access'. More troubling is the further announcement that the attacks began in December of 2010 and resulted in user account names, handles, and encrypted passwords for those accounts being made accessible to the intruders.

The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.

Read the full report on the Cryptic Studios page.

ouch

/facepalm

"At Cryptic Studios, your privacy and security is important."

Its so important that they wait 2 years later and then they tell us?  thats just sad and wrong

Yeah I got "the" e-mail from them last night and thought it was a spoof... I had to research it to see if it was true :-(

Honestly, the hackers can have my account.  No need to reset my password.  At least I'll know that the STO lifetime sub I bought would be getting some use.  I still kick myself for buying that one without playing it first.

I got the email and reset my cryptic password. This is the type of thing that makes me never want to keep payment info on file with anyone which is why I usually cancel my sub as soon as I pay for some time.

Completely unaceptable that they waited one and half year to come out with it!

Even more retarded (and this pretty much shows the kind of incompetent company Cryptic really is) if it really took them one and half year to discover they had been hacked. Which would mean that hackers have been able to use this backdoor for a whole one and half year!!

/FACEPALM

The breach was the same timeframe that Atari were cutting all the staff and trying to offload them. I can imagine it was completely missed and only found when they were upgrading/intergrating with Perfect World's systems.

cryptic fails again what else is new, not this

I thought it was a phishing attempt, I mean read this:

"As a result of routine security checks and upgrades, we have discovered that certain of your account information"

certain of my account?  really?

Hah I thought was phishing scam too, but when I get those emails I usually head to the official website to do my changes as oppose to email links.

Originally posted by bobfish

The breach was the same timeframe that Atari were cutting all the staff and trying to offload them. I can imagine it was completely missed and only found when they were upgrading/intergrating with Perfect World's systems.

 

You're probably right, to be honest I would be surprised if Atari's engineers even knew what they were looking at, Atari made a money grab buying Cryptic, they weren't ready for the long haul of running MMOs.

I'm not going to say Cryptic doesn't have it's problems. However, bad funding and money grabs from Atari were ruining them and I wouldn't be surprised if Atari (which isn't even original Atari anyway) didn't notice this hole in the network. Star Trek originally I thought was awful, ever since Dan Stahl took over, and later on, Perfect World started giving them a reasonable amount of funding, STO's quality has greatly improved and Neverwinter also is looking good. But yeah I would have never played STO in the state it launched in. Of course this break in doesn't annoy me any less :|

Originally posted by Alphamojo

Hah I thought was phishing scam too, but when I get those emails I usually head to the official website to do my changes as oppose to email links.

gmail even marked it with a phishing warning.

What is unacceptable is that they retain the data for hackers to get at after you have left all of their games.

I am sorry but all account information should be deleted or at least backed up to tape whenever people have left for over a month.  If you want to get back you would have to either reset your password to your email address or have them unarchive it.

I am getting sick and tired of "company you played a game with 5 years ago has still retained all your data and hackers now have your old password real name age whatever credit card you used at the time home address phone number -- blah blah blah.

If you drop the game they should have to drop the data.

Even if you never intend to, you do reuse passwords from 10 years ago -- you forget you ever used it and then one gets unknowingly recycled and bam -- you get hacked.  The more often you change your passwords and the more passwords you have the more likely it is that you will one day recycle a password.

I'm shocked!  No really guise I means it! 



Considering this company can't even put out patches without breaking the game, never listen to feedback, and rarely fix bugs(some still around from launch), I'm not even the slightest bit surprised.

Cryptic Studios is only telling part of the truth.  The breach was wider and affected other games, notably  STO.  It didn't only occur on one occasion but over a period of time.

Moral.  Don't trust any service, change your PW often (or as often as you can stand it).