Cloud Imperium Video games (CIG), the sport firm behind Star Citizen and Squadron 42, says attackers breached methods containing some customers’ private info in January.
The California-based writer and online game developer was based in 2012 by sport developer Chris Roberts (of Wing Commander fame), and it operates 5 sport studios with a crew of over 700 staff.
In 2012, it introduced the multiplayer space-simulation sport Star Citizen. Nonetheless, regardless of a Kickstarter marketing campaign that raised over $2 million from backers, the sport has nonetheless not exited its “early entry” part 14 years later.
This week, in a considerably hidden discover revealed on its web site, CIG revealed that it found a breach on January 21 wherein attackers gained entry to the fundamental account info of an undisclosed variety of customers.
“On 21 January 2026, CIG was focused by a scientific and complicated assault, leading to unauthorised entry to some backup methods, together with restricted entry to customers’ private information,” the sport firm stated.
“Whereas CIG remains to be monitoring the state of affairs, we don’t contemplate that the incident poses a danger to the protection of our customers. The info impacted relates solely to fundamental account particulars (i.e. metadata, contact particulars, username, date of start, and identify).”
CIG added that it has but to search out proof that any of the accessed information was leaked on-line, and that the compromised methods did not comprise credentials or monetary info.
“No monetary or fee info was saved within the affected methods and was not accessible. No passwords have been impacted, and the entry was read-only. No data-injection or modification occurred,” it famous.
“We’re intently monitoring the state of affairs and our methods to make sure that no additional incidents happen. We’re additionally taking steps to evaluate and detect whether or not any information that was accessed is launched publicly. At this stage, there are not any indications of any such exercise.”
Whereas the sport studio downplayed the incident, including that it would not consider the “incident could have any impression” on its customers, menace actors might use the uncovered private info in phishing assaults.
BleepingComputer reached out to Cloud Imperium Video games to ask whether or not affected customers had been notified and whether or not the attackers had made a ransom demand, however a response was not instantly out there.
Malware is getting smarter. The Purple Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your security stack is blinded.
