British game studio Cloud Imperium Games quietly disclosed a January data breach affecting user personal data, sparking outrage among gamers over the month-long delay and dismissive reassurances.
British game studio Cloud Imperium Games (CIG) is facing a storm of criticism from its gaming community after quietly admitting to a data breach that occurred on January 21st, with the company only disclosing the incident on March 3rd through a small popup notification on its website.
The breach, described by CIG as a "systematic and sophisticated attack," resulted in unauthorized access to backup systems containing users' personal data including metadata, contact details, usernames, dates of birth, and names. The company emphasized that no financial information, payment details, or passwords were compromised, and that the access was read-only with no data modification occurring.
However, the delayed disclosure and the company's dismissive tone in its statement have enraged the gaming community. One reader described CIG's approach as "Notice duly published in a locked filing cabinet stuck in a disused lavatory," highlighting the lack of prominent communication about the incident.
Gaming forums have erupted with angry comments, with users demanding more transparent communication. One forum post asked in all caps, "WHERE IS THE EMAIL and FRONT PAGE NOTICE?" while another player expressed frustration at the "lack of communication" and the "basically hidden message" about the breach after a month of silence.
The company's reassurance that the exposed data is merely "basic account details" and therefore not a significant risk has been particularly controversial. Security experts point out that even basic personal information can be used to craft convincing phishing campaigns, especially when combined with other stolen data available online.
CIG stated it "acted quickly to contain the activity and block further access to this data and CIG systems" and has refreshed security settings to prevent further threats. The company is monitoring the situation and assessing whether any accessed data has been released publicly, though it claims there are currently no indications of such activity.
The delayed disclosure has raised legal concerns among users, with many suggesting CIG may have violated data protection regulations. The company's flagship product, Star Citizen, has been in development for years with crowdfunding support from millions of community members, though CIG has not disclosed how many users were affected by this breach.
This incident highlights the growing tension between companies' data breach response strategies and users' expectations for timely, transparent communication about security incidents that affect their personal information. The gaming community's reaction suggests that even when financial data isn't compromised, the exposure of personal details combined with poor communication can severely damage trust between developers and their player base.
The Register has reached out to Cloud Imperium Games for clarification on the number of affected users and the company's reasoning for the delayed disclosure, and will update this story if a substantive response is received.
Comments
Please log in or register to join the discussion