Star Trek Online dev discovers 2010 server hack

Account names and encrypted passwords stolen by intruder during "unauthorized access" 16 months ago; no indication credit card info taken.


Star Trek Online and City of Heroes developer Cryptic Studios has discovered a server compromise, the company reported last night. In a statement on the company's website, the firm said the "unauthorized access" occurred in December 2010 and was only just discovered recently due to the studio's "increased security analysis."

Cryptic Studios' servers were not cryptic enough to keep out an intruder.
Cryptic Studios' servers were not cryptic enough to keep out an intruder.

Cryptic said the hack compromised user account names, handles, and encrypted passwords. Though the passwords were encrypted, Cryptic said the hacker was able to discover "some portion" of the passwords in the database. All accounts believed to be present in the database have had their passwords reset, with affected players alerted via email.

It appears the intruder was not able to access credit card information, as Cryptic said it has "no evidence" that any additional information was stolen during the hack. Cryptic said it is continuing to investigate the matter and is also taking additional steps to bolster the security of the studio's systems.

Got a news tip or want to contact us directly? Email

Join the conversation
There are 35 comments about this story
35 Comments  RefreshSorted By 
GameSpot has a zero tolerance policy when it comes to toxic conduct in comments. Any abusive, racist, sexist, threatening, bullying, vulgar, and otherwise objectionable behavior will result in moderation and/or account termination. Please keep your discussion civil.

Avatar image for CeltMage

This is why I will never use my credit card online anywhere ever. It took them 2 years to find the hack and they're STILL investigating, I wonder how long it will take ti find the real damage, 8 months?.They are paid a LOT of money and this is the best they can do security-wise? Again I will not use my credit card online anywhere ever.

Avatar image for Jaga_Telesin

Which is worse: being vulnerable enough to have your client's information stolen, or not knowing about it for two years? These guys really only care about their cash shop sales - everything else is secondary.

Avatar image for Phil-teh-Pirate


Avatar image for Venatorcruiser

the line should be drawn here no further

Avatar image for TruthTellers

Prepare to have your account names and passwords compromised. Resistence is futile.

Avatar image for natepalm

So bush league.

Avatar image for SDBusDriver1979

Internet security is going to be no shortage of jobs in the future.

Avatar image for Master_Vexov

Super fail, .. that is all.

Avatar image for Vodoo

Investigate the matter? What's there to investigate 16 months later?! the damage is already done. They probably had people calling up for months saying my account was hacked, my items were stolen ect... and they just blew them off like they were lying. Way to really be on top of the service you provide there Cryptic.I guess the PS3 massacre wasn't enough to get you moving?

Avatar image for Vlad_an_impaler

Got my email from them about this. Good thing I never subbed to STO.

Avatar image for Philly1UPer

@Evenios Doesn't take an Amateur to hack anything dude.....doesn't matter how good ones internet security is. If anything, it just drives Hackers to actually hack into it because of the challenge.

Avatar image for ---Cipher---

Wow...2 years. That is just babytown frolic. I kinda figure the damage has already been done by now, unless the hacker waited to use that info. Why not hack a good know, with people?

Avatar image for atopp399

I got an email from them and I never played the games they are listing. I must have signed up for a beta or news announcement at one point or something.

Avatar image for xMoonDevilx

Wow. Two years to discover this is just..... Wow. Now I am glad they didn't make a Mac version.

Avatar image for Icehearted

They discovered this? I guess they weren't as cryptic as they thought.

Avatar image for Evenios

these stupid companies need to get their act together with their security, million dollar companies are trumped by amature hackers and it only ends up really hurting their customers. now thanks to some jerk. i have to reset my passwords and all that. just hassle. companies need to get their act together and hire people who can keep things secure.

Avatar image for Ayrciao

I bet once the hacker got the usernames and passwords, it was in his recycling bin the next day. This crap ain't even worth hacking.

Avatar image for Marky360

LOL and ppl complained how it took Sony a couple days to come out about the PSN hack these idiots got hacked 2yrs ago and now there just finding it out what morons hell everybody in that server has probably already had there Identity stolen. they should all Sue Cryptic so they can be the first company to go out of business because of complete incompetence

Avatar image for dav2693

Even the hacker is like "hmm it's been so long, i don't remember doing that"

Avatar image for vicsrealms

There was a Star Trek MMO?!! ~grin~ That is kind of sad that it took this long to find the hack.

Avatar image for Chavis02

Lucky I didn't buy that game or any other MMO games expect..Matrix Online. :D

Avatar image for MJ12-Conspiracy

Wow that was quick.... it only happened in 2010 so I guess we're okay right?? ......:(

Avatar image for gix47

that took a long time to find the hack...

Avatar image for Savoritias

This means they haven't cared for the game in a while.

Avatar image for PcGamingRig

Unbelievable! People were paying money to use Star Trek Online....

Avatar image for Luminious0

He also found out the Hacker found out nobody plays the game therefore just quietly left

Avatar image for sideshowboots

16 months to find you've been hacked, that's pretty sad folks so you'll have to forgive me for not believing your "no credit card info was accessed" line, maybe we just need to wait another 16 months to find out for sure

Avatar image for jyml8582

"No evidence"? Maybe they need another 16 months to know for sure if the credit card info was stolen.

Avatar image for QOSMSTR

@t_tocs My thoughts exactly ;)

Avatar image for t_tocs

Wow, it took them 16 months to figure it out. That's a new record. I bet Sony is smiling about this one.

Avatar image for endorbr

Nice security guys.

Avatar image for oskuuu

sixteen months ago x( im seriously not putting any credit card information anywhere...

Avatar image for billlabowski

Wait so they detected an intrusion two years Baha bahahahahahaha!!! That makes Sony's issues look so small now!