Codemasters hacked, customer details compromised

10 June 2011

Bitterwallet - Codemasters hackedAnother day, another company hacked - this time it's Codemasters and it's fairly serious. Aside from payment information (which Codemasters states is stored securely with a third party), all customer information has been compromised. The website for the computer games publisher is redirecting to its Facebook page for the moment.

Thanks to avid Bitterwallet readers Robin and Steve for forwarding the email sent by Codemasters to customers earlier this afternoon. Here are the gruesome details in full:

Dear valued Codemasters customer,On Friday 3rd June, unauthorised entry was gained to our website. As soon as the intrusion was detected, we immediately took and associated web services offline in order to prevent any further intrusion.

During the days since the attack we have conducted a thorough investigation in order to ascertain the extent and scope of the breach and have regrettably discovered that the intruder was able to gain access to the following: website

Access to the Codemasters corporate website and sub-domains.

DiRT 3 VIP code redemption page

Access to the DiRT 3 VIP code redemption page.

The Codemasters EStore

We believe the following have been compromised: Customer names and addresses, email addresses, telephone numbers, encrypted passwords and order history. Please note that no personal payment information was stored with Codemasters as we use external payment providers, meaning your payment details were not at risk from this intrusion.

Codemasters CodeM database

Members' names, usernames, screen names, email addresses, date of birth, encrypted passwords, newsletter preferences, any biographies entered by users, details of last site activity, IP addresses and Xbox Live Gamertags are all believed to have been compromised.

Whilst we do not have confirmation that any of this data was actually downloaded onto an external device, we have to assume that, as access was gained, all of these details were compromised and/or stolen.

The website will remain offline for the foreseeable future with all traffic re-directed to the Codemasters Facebook page instead. A new website will launch later in the year.


For your security, in the first instance we advise you to change any passwords you have associated with other Codemasters accounts. If you use the same login information for other sites, you should change that information too. Furthermore, be extra cautious of potential scams, via email, phone, or post that ask you for personal or sensitive information. Please note that Codemasters will never ask you for any payment data such as credit card numbers or bank account details, nor will Codemasters ask you for passwords or other personal identifying data. Be aware too of fraudulent emails that may outwardly appear to be from Codemasters with links inviting you to visit websites. The safest way to visit your favourite websites is always by typing in the address manually into the address bar of your browser.

Unfortunately, Codemasters is the latest victim in on-going targeted attacks against numerous game companies. We assure you that we are doing everything within our legal means to track down the perpetrators and take action to the full extent of the law.

We apologise for this incident and regret any inconvenience caused.

We are contacting all customers who may have been affected directly.

Should you have any concerns or wish to speak to a member of our Customer Services team, please email them at [email protected]


  • Stu_
    This doesn't sound like Lulz Security to me - the reason they hacked the PS3 website was apparently because the hacking community had a beef with Sony over them prosecuting the fella that found the PS3 hack. See their recent thingy about the NHS - apparently they had some sysadmin passwords, but told the NHS rather than share them about the interweb. I think Codemasters are blamemongering.
  • Codemasters E.
    [...] Via BitterWallet [...]
  • Joff
    I just heard about this on the Sky News Break service - always first for breaking news.
  • Richard
    This could be one for Len Dastard, surely if a company takes your data and stores it for whatever reason then it has a duty to protect that data and prevent it from being given to anyone you have not authorized for it to be given to inc. hackers. Therefore if they do not fulfill that duty and the data is taken and you suffer losses because of it, i.e. identity fraud, then are the company that lost your data not responsible for reimbursing you for these losses?
  • Codemasters M.
    [...] Via BitterWallet [...]

What do you think?

Your comment