Warframe hacked — 775K player email addresses now in cyberattackers’ hands

One of the most popular console and PC free-to-play games suffered a cyberattack almost two years ago, and the developer only just found out about it.

In November 2014, developer Digital Extreme’s sci-fi shooter Warframe (available for PlayStation 4, Xbox One, and PC) was the target of an exploit that led to hackers getting their hands on more than 775,000 email addresses. The studio claims they only just learned of the event and that they came forward with all the information once they had a grasp of what happened. This was not a direct breach of the game’s servers. Instead, the cyberattackers broke into the Drupal content-management system that the old Warframe site was built on. Since the hackers did not get into the servers, the only sensitive data they got their hands on were email addresses. Digital Extremes claims that info like passwords, home addresses, and credit card numbers were not compromised.

“Last week we were made aware of a potential web server breach that occurred in November 2014,” reads a post from the Warframe community team. “After a thorough review of the data we received, we can confirm that a list of 775,749 email addresses were acquired through a Drupal SQL exploit that was patched by Drupal two weeks after the breach occurred. The stolen data did not include any account passwords, variations of passwords, hashed passwords, game account data or personal player information such as full names, addresses, or other billing and payment information.”

This is just the latest hack in gaming and the wider internet, and — as always — this is a reminder to take some basic precautions to ensure you aren’t putting yourself at extra risk. Primarily, use unique passwords for every site, change them regularly, and turn on extra features like two-factor authentication.

If you are worried that your data is compromised, you should check the site HaveIBeenPwned.com, which discovered the Warframe hack. This is a resource that scours the web for leaked data. You can put in your email or usernames, and HaveIBeenPwned will tell you if your data appears in any nefarious databases. I see mine does, and that explains why Russians took over my EA Origin account that one time.