"We are aware of an IT incident that impacts some of our users... targeted by a systematic and sophisticated attack, resulting in unauthorised access to some backup systems, including limited access to users' personal data. We acted quickly to contain the activity and block further access to this data and CIG systems, and we have refreshed security settings to ensure that there is no threat to our games or our users."
"The data accessed relates only to basic account details (i.e. metadata, contact details, username, date of birth, and name). No financial or payment information was stored in the affected systems and was not accessible. No passwords were impacted, and the access was read-only. No data-injection or modification occurred."
"Contact details, names and dates of birth are all that's needed to craft a convincing phishing campaign. Further, the vast quantity of stolen data available online means crooks can take info they swiped from CIG, add it to other troves, and build up more detailed pictures of individuals they might wish."
Cloud Imperium Games experienced a sophisticated cyberattack on January 21st that compromised backup systems and exposed limited user personal data including names, contact details, usernames, and dates of birth. The company delayed announcing the breach, eventually disclosing it through a minimal popup notification rather than direct user communication. While CIG claims no financial data, passwords, or payment information were accessed, security experts note that stolen personal details enable phishing attacks and identity fraud when combined with other compromised datasets. The company's delayed and understated disclosure frustrated users who criticized the lack of transparency and proactive notification.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]