Star Citizen players react to delayed disclosure of data breach
It was recently revealed by the developers of Star Citizen that some of the game’s data banks experienced a data breach on January 21. Hackers were able to gain “limited access to users’ personal data,” according to Cloud Imperium Games (CIG), and the company says it “acted quickly to contain the activity and prevent further access to this data and CIG systems.”
What information was stolen?
• Metadata
• Contact details
• Usernames
• Birthdays
• Names
CIG says it has updated its security settings as a result of the breach to prevent any future hacks, and says the breach did not put anyone’s safety at risk. But the next line lays out what was stolen: metadata, usernames, birthdays, names, and other contact information.
Despite CIG saying no financial information or passwords were stolen, there’s a lot bad actors can do with a small amount of information. Gamers are rightfully upset.
Why are the Star Citizen faithful so angry about CIG’s response to the data breach?
Star Citizen is one of the most interesting PC games out there, and maybe not for the reasons you think. It has been in development since 2012 and has raised around a billion in sponsorship money from its players. Yes, BIllion dollars went into its development, and it still isn’t finished.
The game has been purchased by millions of intergalactic explorers, and thousands of PC gamers play every day. Many of those players are already on edge because of the 14-year development cycle, and the anger I see online is clearly the result of years of frustration.
The focus of much outrage, of course, is CIG’s handling of the data breach. On the Star Citizen forums, a popular thread has the OP asking why it took over five weeks to make an announcement about the hack, and why CIG didn’t bother to send an email or stick a front page notice on their website. That service alert I linked to earlier is kind of buried on the site.
Many users in the same forum thread are discussing how many security disclosure laws CIG has broken due to being a UK company and subject to GDPR. LinkedIn was significantly fined $334 million when it breached GDPR data processing rules in 2024. I can’t say the same for CIG, but it’s a hot topic among angry users.
A photo 1 of 2
On Reddit, the conversation is much the same, with anger and frustration pouring out of keyboards around the world.
So, CIG, you were going to tell me about the data breach as the GDPR requires you to do? from r/starcitizen
I don’t know how this latest controversy will affect Star Citizen players, and how the GDPR rules might apply. What I do know is that many PC gamers are bored with this game, many are stuck just because of the illusion of high costs after years of buying ships, weapons, armor, and cosmetics made with real money.
What do you think of CIG’s handling of the Star Citizen data breach?
I want to know how long you have been playing Star Citizen or another CIG game, Squadron 42. Are you worried about being affected by a data breach? Are you ready to quit the game for good? Please let me know in the comments section!
Join us Reddit at r/WindowsCentral to share your information and discuss our latest news, reviews, and more.
