Codemasters have reported the personal details of “tens of thousands” of users, including the usual identity theft essentials of names, addresses, phone numbers, dates of birth and passwords, but not payment details, have been made off with by hackers who penetrated one of its servers. It appears it took them a whole week to notice.
Codemasters reports its main site and online store were hacked on the 3rd of June, with unknown hackers making off with names, addresses, email addresses, phone numbers, dates of birth, passwords, gamer tags, IP addresses, order histories, and coupon details.
It eventually responded on the 10th of June by taking down its site and then emailing users, warning them to change all their passwords if they had used the same one elsewhere, and to beware of anyone asking them for personal information, a warning which might well apply to Codemasters as well it seems.
The only thing saving users from having their credit card details included in this data trove was the fact that payments were handled by an external processor.
At present they have taken the rather pathetic expedient of redirecting their domain to their Facebook page – “a new website will launch later in the year,” they say.
As usual, the hackers themselves remain unknown and given their probable sophistication are in all likelihood at close to zero risk of being caught.
Without massive reforms to the woefully inadequate legal sanctions available to users who have their personal details leaked by companies who evidently could not care less about the security of the data they hoard, it seems unlikely any incentive for long-term improvements in security exists.
Short of such reforms, it seems the only realistic recourse available to users is to provide as little genuine information as possible to those who can hardly be trusted with it – which sadly seems to cover most companies with an online presence.