Star Trek Online dev discovers 2010 server hack

Account names and encrypted passwords stolen by intruder during "unauthorized access" 16 months ago; no indication credit card info taken.

Star Trek Online and City of Heroes developer Cryptic Studios has discovered a server compromise, the company reported last night. In a statement on the company's website, the firm said the "unauthorized access" occurred in December 2010 and was only just discovered recently due to the studio's "increased security analysis."

Cryptic Studios' servers were not cryptic enough to keep out an intruder.

Cryptic said the hack compromised user account names, handles, and encrypted passwords. Though the passwords were encrypted, Cryptic said the hacker was able to discover "some portion" of the passwords in the database. All accounts believed to be present in the database have had their passwords reset, with affected players alerted via email.

It appears the intruder was not able to access credit card information, as Cryptic said it has "no evidence" that any additional information was stolen during the hack. Cryptic said it is continuing to investigate the matter and is also taking additional steps to bolster the security of the studio's systems.

Written By

Want the latest news about City of Heroes?

City of Heroes

City of Heroes

Discussion

34 comments
CeltMage
CeltMage

This is why I will never use my credit card online anywhere ever. It took them 2 years to find the hack and they're STILL investigating, I wonder how long it will take ti find the real damage, 8 months?.They are paid a LOT of money and this is the best they can do security-wise? Again I will not use my credit card online anywhere ever.

Jaga_Telesin
Jaga_Telesin

Which is worse: being vulnerable enough to have your client's information stolen, or not knowing about it for two years? These guys really only care about their cash shop sales - everything else is secondary.

TruthTellers
TruthTellers

Prepare to have your account names and passwords compromised. Resistence is futile.

SDBusDriver1979
SDBusDriver1979

Internet security is going to be no shortage of jobs in the future.

Vodoo
Vodoo

Investigate the matter? What's there to investigate 16 months later?! the damage is already done. They probably had people calling up for months saying my account was hacked, my items were stolen ect... and they just blew them off like they were lying. Way to really be on top of the service you provide there Cryptic.I guess the PS3 massacre wasn't enough to get you moving?

Vlad_an_impaler
Vlad_an_impaler

Got my email from them about this. Good thing I never subbed to STO.

Philly1UPer
Philly1UPer

@Evenios Doesn't take an Amateur to hack anything dude.....doesn't matter how good ones internet security is. If anything, it just drives Hackers to actually hack into it because of the challenge.

---Cipher---
---Cipher---

Wow...2 years. That is just babytown frolic. I kinda figure the damage has already been done by now, unless the hacker waited to use that info. Why not hack a good game....you know, with people?

atopp399
atopp399

I got an email from them and I never played the games they are listing. I must have signed up for a beta or news announcement at one point or something.

xMoonDevilx
xMoonDevilx

Wow. Two years to discover this is just..... Wow. Now I am glad they didn't make a Mac version.

Icehearted
Icehearted

They discovered this? I guess they weren't as cryptic as they thought.

Evenios
Evenios

these stupid companies need to get their act together with their security, million dollar companies are trumped by amature hackers and it only ends up really hurting their customers. now thanks to some jerk. i have to reset my passwords and all that. just hassle. companies need to get their act together and hire people who can keep things secure.

Ayrciao
Ayrciao

I bet once the hacker got the usernames and passwords, it was in his recycling bin the next day. This crap ain't even worth hacking.

Marky360
Marky360

LOL and ppl complained how it took Sony a couple days to come out about the PSN hack these idiots got hacked 2yrs ago and now there just finding it out what morons hell everybody in that server has probably already had there Identity stolen. they should all Sue Cryptic so they can be the first company to go out of business because of complete incompetence

leimonides
leimonides

Yikes. Must be cringing to know that such information has to be released. That sucks for the company. And the the players, yikes. A lot can happen in that amount of time to such information - but hopefully if something did happen they would know about it by now - and now they have a definite answer as to why. Still, to have to ftp back and double check everything ... Time consuming, and makes you a little nervous.

dav2693
dav2693

Even the hacker is like "hmm it's been so long, i don't remember doing that"

tframp420
tframp420

Seems your security is as good as your games... : P

vicsrealms
vicsrealms

There was a Star Trek MMO?!! ~grin~ That is kind of sad that it took this long to find the hack.

Chavis02
Chavis02

Lucky I didn't buy that game or any other MMO games expect..Matrix Online. :D

MJ12-Conspiracy
MJ12-Conspiracy

Wow that was quick.... it only happened in 2010 so I guess we're okay right?? ......:(

gix47
gix47

that took a long time to find the hack...

Savoritias
Savoritias

This means they haven't cared for the game in a while.

PcGamingRig
PcGamingRig

Unbelievable! People were paying money to use Star Trek Online....

Luminious0
Luminious0

He also found out the Hacker found out nobody plays the game therefore just quietly left

sideshowboots
sideshowboots

16 months to find you've been hacked, that's pretty sad folks so you'll have to forgive me for not believing your "no credit card info was accessed" line, maybe we just need to wait another 16 months to find out for sure

jyml8582
jyml8582

"No evidence"? Maybe they need another 16 months to know for sure if the credit card info was stolen.

QOSMSTR
QOSMSTR

@t_tocs My thoughts exactly ;)

t_tocs
t_tocs

Wow, it took them 16 months to figure it out. That's a new record. I bet Sony is smiling about this one.

oskuuu
oskuuu

sixteen months ago x( im seriously not putting any credit card information anywhere...

billlabowski
billlabowski

Wait so they detected an intrusion two years ago...now? Baha bahahahahahaha!!! That makes Sony's issues look so small now!