I received an email from Codemasters today saying the following:
Dear valued Codemasters customer,
On Friday 3rd June, unauthorised entry was gained to our Codemasters.com
website. As soon as the intrusion was detected, we immediately took
codemasters.com and associated web services offline in order to prevent
any further intrusion.
During the days since the attack we have conducted a thorough
investigation in order to ascertain the extent and scope of the breach
and have regrettably discovered that the intruder was able to gain
access to the following:
Access to the Codemasters corporate website and sub-domains.
DiRT 3 VIP code redemption page
Access to the DiRT 3 VIP code redemption page.
The Codemasters EStore
We believe the following have been compromised: Customer names and
addresses, email addresses, telephone numbers, encrypted passwords and
order history. Please note that no personal payment information was
stored with Codemasters as we use external payment providers, meaning
your payment details were not at risk from this intrusion.
Codemasters CodeM database
Members' names, usernames, screen names, email addresses, date of birth,
encrypted passwords, newsletter preferences, any biographies entered by
users, details of last site activity, IP addresses and Xbox Live
Gamertags are all believed to have been compromised.
Whilst we do not have confirmation that any of this data was actually
downloaded onto an external device, we have to assume that, as access
was gained, all of these details were compromised and/or stolen.
The Codemasters.com website will remain offline for the foreseeable
future with all Codemasters.com traffic re-directed to the Codemasters
Facebook page instead. A new website will launch later in the year.
For your security, in the first instance we advise you to change any
passwords you have associated with other Codemasters accounts. If you
use the same login information for other sites, you should change that
information too. Furthermore, be extra cautious of potential scams, via
email, phone, or post that ask you for personal or sensitive
information. Please note that Codemasters will never ask you for any
payment data such as credit card numbers or bank account details, nor
will Codemasters ask you for passwords or other personal identifying
data. Be aware too of fraudulent emails that may outwardly appear to be
from Codemasters with links inviting you to visit websites. The safest
way to visit your favourite websites is always by typing in the address
manually into the address bar of your browser.
Unfortunately, Codemasters is the latest victim in on-going targeted
attacks against numerous game companies. We assure you that we are doing
everything within our legal means to track down the perpetrators and
take action to the full extent of the law.
We apologise for this incident and regret any inconvenience caused.
We are contacting all customers who may have been affected directly.
So it's not just Sony in the firing line.