Slashdot Mirror

← Back to Stories (view on slashdot.org)

Codemasters' Website Hacked

Posted by Soulskill on from the when-in-rome dept.

skybon writes "After similar attacks on Sony and Square Enix, Codemasters' website has now been hacked as well. The intrusion took place on 3 June, and is believed to have compromised members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags. In a letter sent out to CodeM subscribers, the company recommended changing passwords as soon as possible."

7 of 76 comments (clear)

  1. Re:YOU MEAN CRACKED !! by stonedcat · · Score: 2

    But what if I crack your hack when I hack your crack?

    --Jack

    --
    You can't take the sky from me.
  2. Codemasters' Rootkit? by TheVelvetFlamebait · · Score: 5, Insightful

    Hey, you're not allowed to hack companies who aren't flagrantly, explicitly evil! It's almost like you're hacking companies whose security is weak, rather than acting as moral crusaders. How could that be?

    --
    You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
  3. #ifndef MASTERS by waddgodd · · Score: 2, Funny

    I'm going to go right ahead and say they ain't codeMASTERS if they got hacked....

    --
    Just because you're paranoid doesn't mean they aren't out to get you
  4. Re:Too Much Information by Anonymous Coward · · Score: 3, Insightful

    Interesting thought, but this is the same public that now accepts getting groped at TSA checkpoints by 300lb, $14/hr rentacops because somebody could be a terrorist. If Anonymous or somebody else were to break into the credit bureaus or some other high-value target - I fully expect there may be a couple of nominal changes, but the anger will be focused squarely on the "terrorists" who are trying to undermine our country's economy.

  5. Re:Epic Forums by DrXym · · Score: 2
    Hashing is not obfuscation. It produces a one way digest of your password, which if properly salted and hashed is very difficult to recover. So a site which uses hashes can't send you a password reminder since it doesn't know what your password is. The danger is if the site doesn't salt properly an attacker can use a reverse hash lookup to figure out what the password is. In addition without salting if 2 or more users use the same password you can tell it instantly by looking for duplicate hashes.

    Sites that encrypt passwords can recover them and can send you reminders. The danger with sites that use encryption is the key has to be sitting around somewhere on the login server and / or the database in order to make comparisons. If an attacker can hack the site they can probably recover the key. With the key they have plaintext passwords for everyone, even those who bothered to choose a strong password.

    The strongest sites are probably those which hash AND encrypt and take care to put the service that does this on another locked down machine.

  6. Valve/Steam by atomicbutterfly · · Score: 3, Informative

    If Valve's servers get hacked with disastrous consequences (Steam accounts get deleted/hacked/etc, credit card details, other personal info), all hell will break loose. There will also be much smugness from those who don't use Steam for this very reason.

    1. Re:Valve/Steam by Richard_at_work · · Score: 2

      The fact that they haven't, while smaller targets have fallen already, might be telling...