The sensitive personal information from ‘thousands’ of Codemasters customers has been compromised in a new network attack, Develop has learned.
Earlier, Codemasters published an open letter which warned that its websites have been accessed by unauthorised users.
Develop has been told by a studio source that the number affected could “comfortably be [counted] in the thousands”.
Those who buy Codemasters games, either from retail or digitally, will not be affected, Develop has been told. This includes customers who play Codemasters games online across platforms such as Xbox Live and the PlayStation Network.
The data breach specifically affects customers who register to Codemasters’ online promotions – such as email news alerts – or people who have bought games on Codemasters’ online store.
Codemasters has taken down its websites following the attack. The firm has begun a mass-email operation where all customers on its database will be informed of the breach.
[An Example of that email can be found below]
Data thought to have been compromised includes customer names and addresses, email addresses, telephone numbers and encrypted passwords.
Codemasters says it can only assume that data had been taken, but cannot prove such an incident occurred.
No credit card data has been taken.
Customer payment information was not stored on the Codemasters servers that were hacked, the publisher said.
Those affected to change their passwords.
“If you use the same login information for other sites, you should change that information too,” Codemasters said.
Be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information, the publisher added.
“Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data,” read the firm’s email warning.
“Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites.”
Codemasters said it is “the latest victim in on-going targeted attacks against numerous game companies”.
The publisher warned that it is “doing everything within our legal means” to track down those who hacked into the accounts.
Codemasters will “take action to the full extent of the law” if the hackers are found, the publisher said.
The attack on Codemasters’ servers comes just weeks after the massive PSN breach – which affected over 77 million accounts and is recorded as one of the biggest acts of data theft in the online age.
Below: Email to Codemasters account customers
Dear valued Codemasters customer,
On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.
During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:
Access to the Codemasters corporate website and sub-domains.
DiRT 3 VIP code redemption page
Access to the DiRT 3 VIP code redemption page.
The Codemasters EStore
We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.
Codemasters CodeM database
Members’ names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.
Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.
The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.
For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.
Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.
We apologise for this incident and regret any inconvenience caused.
We are contacting all customers who may have been affected directly.
Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at email@example.com.