Sign up to our newsletter
The latest security news direct to your inbox
The German developer of the hit shoot ‘em up series Crysis has taken its websites offline after a security breach in which user login details “may have been compromised.”
Crytek warned affected users in an email, and users will be asked to change their passwords when they log in to Crytek’s sites again. The breach was first reported by Blues News, but Crytek later clarified the extent of the breach in a statement to Eurogamer.
“Our Crytek.com, Mycryengine.com, Crydev.net and MyCrysis.com sites were all subject to a security breach that may have resulted in some users’ login data being compromised,” Crytek said.
“Although it is uncertain whether the incident led to the copying and decryption of email addresses and passwords, it is possible that users with accounts at these websites have had personal data copied. On Friday afternoon we started to contact all affected users via email and informed them of the potential security breach.
“We would like to reiterate our suggestion to account holders that they change their password for other locations online if it is the same as their login data for the affected Crytek sites.”
It’s the latest in a series of breaches affecting games company websites – with both Ubisoft and Nintendo targeted this year.
Ubisoft’s Uplay service suffered a data breach in July, with the company warning users that personal data including email addresses, user names and encrypted passwords had been compromised. Uplay works across platforms such as PC, Xbox 360, iOS and Facebook. The Uplay system requires users to log in with an email or password, and offers digital extras such as screensavers for PC games, but also works as a Digital Rights Management system (DRM) to prevent copying.
Earlier this summer, a sustained brute force cyber attack hit Nintendo’s Club Nintendo site in Japan, and allowed cybercriminals access to private data such as names, addresses and phone numbers for up to 24,000 accounts. The “brute force” attack carried on from 9 June to 2 July this year – involving 15.5 million attempted logins, according to the Japan Times.
Author Rob Waugh /Rob Waugh, WeLiveSecurity/
Author Rob Waugh, We Live Security