Codemasters Hacked, User Info Compromised

Chris Burns - Jun 10, 2011, 11:03pm CDT
Codemasters Hacked, User Info Compromised

If you’re a fan of British video game developing, you know exactly what Codemasters is. This is The Codemasters Software Company Limited, aka one of the oldest video game developer companies in the world, having in the last 10 years established themselves in the USA as well with games such as DiRT3. In an email to customers today, Codemasters have noted that they’ve had an unauthorized entry into their webpage that has subsequently made the company have to take the entire site offline. Though they did so in order to stop the intruders from accessing information from user accounts specifically, these hackers have done so anyway.

According to our tipsters, this is not the first time this has happened, though this attack is certainly the more important of two in this past month. The attack earlier this month on Codemasters website may or may not have been the same person or group, but accessed only usernames of people signed up for the site, whereas this newest attack has proven to have been much more serious. While Codemasters says they have no confirmation that user data has actually been stolen or compromised, they’re assuming the worst, and are telling users via email to take all precaution including changing passwords on their accounts on all fronts as well as being prepared for ams through email, phone, and snailmail.

Members’ names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Earlier today we heard about another software developer website being attacked, that being Gears of War developers Epic Games. These incidents are not isolated, though it is possible, again, that they’re unrelated. Have a look at our [hack] portal for info on every attempt in the recent past on a video game related site, paying special attention to the epic story of the taking down of the Sony Playstation Network. Is it the same folks here? Very possible. Hackers beware, though, as Spain is on your tail! You’ve been warned.

— Thanks for the tip, Tom!

Now have a look at the full text of the email sent our to those attached to Codemasters by the webmeisters, warning them of the breach:

Important information regarding your account

Dear valued Codemasters customer,

On Friday 3rd June, unauthorised entry was gained to our website. As soon as the intrusion was detected, we immediately took and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following: website

Access to the Codemasters corporate website and sub-domains.

DiRT 3 VIP code redemption page

Access to the DiRT 3 VIP code redemption page.

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members’ names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The website will remain offline for the foreseeable future with all traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.


For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.

We apologise for this incident and regret any inconvenience caused.

We are contacting all customers who may have been affected directly.

Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at

Must Read Bits & Bytes