PSLS.net Home

Epic Games, Codemasters Sites Hacked

June 10, 2011 Written by Sebastian Moss

Hacking has become a growing threat in the games industry, most notably with Sony having been severely attacked, Nintendo’s and Square Enix’s sites hacked and more. The latest victims of attack are two great publishers, Codemasters and Epic Games.

Epic Games emailed forum and site users explaining their attack:

Dear ___,

Our Epic Games web sites and forums were recently hacked.  After some downtime, they’re back up and running now.

The hackers may have obtained the email addresses and encrypted passwords of forum users. Plaintext passwords weren’t revealed, but it’s possible that those passwords could be obtained by a brute-force attack on the encrypted passwords. Therefore, we have reset all passwords.  Your new password at the bottom of this message.

The Unreal Developer Network (UDN) hasn’t been compromised. Thankfully, none of our web sites ask for, or store, credit card information or other financial data.

We’re sorry for the inconvenience, and appreciate everyone’s patience as we wrestle our servers back under control.

Tim Sweeney

Founder, Epic Games Inc

Codemasters also emailed their site users a similar message:

Dear valued Codemasters customer,

On Friday 3rd June, unauthorised entry was gained to our Codemasters.com website. As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following:

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members’ names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The Codemasters.com website will remain offline for the foreseeable future with all Codemasters.com traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.

No connection has been made between the two hacks, but it is worrying to see the amount of hacks that have occurred in recent months to gaming publishers and console manufacturers.

We recommend ensuring that your password is different for every site you use, so that if you are compromised on one site you are not at a greater risk.