U.K. videogame retailer Game denies reports that email addresses and unprotected passwords were lost to hackers.
UPDATE: With magnificent timing, Game says the reports of the hack are a big fat lie.
“We have thoroughly investigated the hacking claims made today by the website Pastebin, and can confirm that they are entirely false. The published email addresses are not registered users of GAME.co.uk, and there has been no breach of our database security,” Game rep Anna-Marie Mason said in a statement. “We would like to assure all our customers that their details are well protected, and advise anyone who has any questions to contact our customer services team via the website, our Facebook page or Twitter account.”
The original story:
The hack, it would appear, is back, and while specifics are a bit thin at this point, the relevant bit is pretty simple: if you have an account at Game.co.uk, you need to get on it and change your password, like, immediately. Hackers recently hit the site thanks to a “shell injection vulnerability” that allowed them to access the Game user database and get their hands on email addresses and passwords in plain, unprotected text. Whether or not any credit card information was lost is unknown.
Why was Game storing user information in an unencrypted format? That is where the mystery lies, although I suspect that laziness, apathy, negligence and/or outright incompetence probably figures into it somehow.
Another gaming site, the less-well-known Catalyst Gaming from Northern Tasmania, was also hacked, leading to the loss of user information and passwords, but fortunately those passwords were protected.
Game has yet to comment on the situation but we’ll let you know what it has to say if and when a statement is forthcoming. In the meantime, if you’re a Game customer, get over there and make the switch, before someone else does it for you.
Source: Softpedia