Vice’s Motherboard blog reports this week that it has scooped up evidence that hundreds of thousands of email addresses, usernames, and account creation dates from Warframe are circulating through the digital black market — “nearly 800,000 records,” the site said. Digital Extremes “confirm[ed] that a list of 775,749 email addresses were acquired through a Drupal SQL exploit that was patched by Drupal two weeks after the breach occurred.”
When did the breach occur? That’d be way back in November 2014, but Warframe told players it only just found out last week. Motherboard quotes DE’s Meridith Braun saying that the company has since ditched Drupal and buffed its security, including adding two-factor authentication, which the studio has encouraged players to use.
“The stolen data DID NOT include any account passwords, variations of passwords, hashed passwords, game account data or personal player information such as full names, addresses or other billing and payment information,” Braun said.