Related Stories

  • Children’s online games used to distribute malware
    The Avast Virus Lab has discovered more than 60 individual websites with game or arcade in their name using gaming as a lure to deliver malware.
  • Hackers turn to online games to target victims
    Scammers and hackers are increasingly using online games to trick victims into installing malicious software onto computers, warns security firm BitDefender.
  • SecurEnvoy slams Sony's handling of its double data breaches
    Research conducted at the Infosecurity Europe show last month reveals that - with almost a fifth of IT managers surveyed playing computer games - Sony has potentially seriously damaged its reputation with the data breaches on its two gaming names, the PlayStation Network and Online Entertainment Network.
  • Game consoles at work threaten corporate security
    Games console in the workplace pose an increasingly serious threat to enterprise security, according to new research from Sunbelt Software. The anti-malware vendor said that almost 4 in 10 respondents to the survey had no idea about any of the documented threats relating to online console gaming.

Top 5 Stories


Intruder alert: Star Trek Online account database compromised

30 April 2012

The studio behind the Star Trek Online game had its user account database breached over a year ago, but is only reporting it now.

Cryptic Studios – developer of City of Heroes, City of Villains, and Champions Online, as well as Star Trek Online – posted a security notice on April 25 admitted that in December 2010 an intruder had gained unauthorized access to one of its user databases and stole user account names, handles, and encrypted passwords.

Cryptic said that the hacker was able to crack some of the passwords in the database, even though they were encrypted. The company has reset the passwords of all the accounts believed to be in the database and notified account holders of the data breach.

“While we have no evidence that any other information was taken by the intruder, it is possible that the intruder was able to access additional account information. If they did so, the first and last name, e-mail address, date of birth (if provided to Cryptic Studios), billing address, and the first six digits and the last four digits of credit cards registered on the site may have been accessed. We have no evidence at this time that any data other than the account name, handle, and encrypted password were accessed for any user”, the company said in the statement.

The reason Cryptic took so long to report the breach was that it was only discovered recently due to “increased security analysis” by the company.

“We are continuing to investigate this incident, and are taking even further action to strengthen our systems and redouble our security vigilance and protections….We apologize for any inconvenience this unauthorized access may have caused our customers”, the company said.

This article is featured in:
Data Loss  •  Encryption  •  Internet and Network Security  •  IT Forensics


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×