It feels like it’s been ages since a major game company reported a break in from a gang of keyboard-wielding malcontents – and for Star Trek Online and Neverwinter developer Cryptic, it actually has been ages. Well, not actual ages. There were no lances, moats, or trebuchets involved (to my knowledge), but today – in the Neo Future Space Year 2012 – Cryptic cautioned users about an “unauthorized access” from December 2010. And while that certainly spooks an entire flock of northward-migrating eyebrows from their cozy forehead nests, there are more immediate concerns at hand. The short version: while Cryptic has “no evidence” that anything beyond usernames and encrypted passwords were taken, you should still change your password and keep a close eye on credit card info.
Here’s the main thrust of Cryptic’s statement on the matter:
“At Cryptic Studios, your privacy and security is important. As part of our ongoing efforts to monitor and enhance security, we recently detected evidence of an unauthorized access to one of our user databases. The unauthorized access occurred in December 2010, and evidence of this has just been uncovered due to increased security analysis.”
“The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.”
“While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user.“
So that’s a fun mix of good news, bad news, and extremely questionable news to kick off your day. Better late than never on that “increased security analysis,” but it sure would’ve been nice to know about this back in – oh, you know – 2010. I can’t even begin to fathom why Cryptic’s taken this long to get up to speed, but – especially after hackers pushed the industry’s innermost buttons mid-last year – there’s no excuse to avoid clamping down on this stuff. Obviously, malicious hacking will never go away completely, but here’s hoping that’s the end of that for a good, long time.