Cryptic Accounts Compromised

cryptic logoCryptic tell me via email today that my password and some user credentials might have been compromised.

Eff’ing what?

“The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database.

All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.”

I want details, more detail than they supplied. It is a huge concern when the gaming market is going for micro-transactions, and those accounts can store credit cards, especially for inactive games. This event apparently only directly relates to Star Trek Online and Champions Online, but any breach is serious.

Cryptic are doing the right thing by owning up to it, and making channels available to the community affected. They’re doing the minimum right thing. But sheesh Cryptic – how many times has this happened to game companies in the past, and why is it so ungodly difficult to establish a secure database system? Continue reading