In the better late than never category, Cryptic has notified registered users of Star Trek Online that back in late 2010 they were the vicitims of a hacker and that user information was comprimised. They are now suggesting users change their passwords to avoid future problems, details below.
Cryptic responds to 2010 hacking
This week every registered user of Cryptic’s Star Trek Online and Champions Online recieved an email saying that after "routine security checks and upgrades" the discovered that account information including passwords were hacked and they requested everyone reset their password.
They also issued the following statement:
IMPORTANT CUSTOMER SERVICE NOTIFICATION REGARDING UNAUTHORIZED ACCESS
At Cryptic Studios, your privacy and security is important. As part of our ongoing efforts to monitor and enhance security, we recently detected evidence of an unauthorized access to one of our user databases. The unauthorized access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.
The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.
While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.
We are continuing to investigate this incident, and are taking even further action to strengthen our systems and redouble our security vigilance and protections. For your own security, we encourage you to be especially aware of e-mail and postal mail scams that ask for personal or sensitive information. Cryptic will not contact you in any way, including by e-mail, asking for your credit card number, social security number, or any other personally identifiable information. If you use the same password for other accounts, especially financial accounts or accounts with personal information, we strongly recommend that you change them.
While we have no evidence of unauthorized use of personal information as a result of this incident, to protect against any possible identity theft, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. Further information regarding the prevention of identity theft can be found at the Federal Trade Commission’s website here.
We apologize for any inconvenience this unauthorized access may have caused our customers. Customers with questions about this incident and how it may affect them can contact customer service by submitting a support ticket at https://support.perfectworld.com/app/cs_cryptic/iss/log .
First.
Really, I don’t usually do that, but this article was just sitting here all lonely-looking.
i think it’s hilarious that a 2 year old hack NOW makes everyone reset their passwords….
but when STOwikig.org had that rootkit on their page (through advertisements from a third page) just a month or two ago cryptic did not feel the need to reset everyone’s passwords.
you would think after 2 years the damage is done
but rly sooo annoying,
in particular because you have to log out and back in on every character swap
…wow…they are JUST NOW running checks that test these types of security breeches on their site? And are finding compromises from 2010. Wow. Glad I never joined up!
I sent Cryptic a support ticket asking them for more details about this and just got the standard “please reset your password” response. What a joke. Not only are they okay with ripping off their customers with those ridiculous lottery boxes that you have to pay to open, but now we find out their security is as effective as wet tissue paper.
ABOUT TIME that one of these Trek “fan sites” actually runs a story about Star Trek Online.
There’s a lot of Trek goodness happening within that game community that gets largely ignored by TrekMovie.com and other sites.
It’s too bad…
yah i also feel kinda glad i didnt sign up as well…