Cryptic Studios – developer of City of Heroes, City of Villains, and Champions Online, as well as Star Trek Online – posted a security notice on April 25 admitted that in December 2010 an intruder had gained unauthorized access to one of its user databases and stole user account names, handles, and encrypted passwords.
Cryptic said that the hacker was able to crack some of the passwords in the database, even though they were encrypted. The company has reset the passwords of all the accounts believed to be in the database and notified account holders of the data breach.
“While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user”, the company said in the statement.
The reason Cryptic took so long to report the breach was that it was only discovered recently due to “increased security analysis” by the company.
“We are continuing to investigate this incident, and are taking even further action to strengthen our systems and redouble our security vigilance and protections….We apologize for any inconvenience this unauthorized access may have caused our customers”, the company said.