Menu
Browse

Cyber Threat Actor: Codey

Actor Type Location Known Incidents
 Icon
Insider - Disgruntled
1 incident
Profile

Codey is a threat actor identified in connection with a 2019 intrusion against a children's online gaming platform. The operation leveraged insider access to compromise user accounts and infrastructure. Targeting centered on the gaming sector, specifically platforms hosting virtual items with potential real-world monetary value. Strategic objectives included credential theft, data exfiltration, and attempted asset hijacking for financial gain. Attackers sought to monetize rare digital inventory by compromising accounts through corrupted backend systems.

The actor exploited a backdoor implanted by a disgruntled former administrator who concealed a legacy access point after a contentious departure. This initial access vector enabled theft of login credentials—including email addresses, usernames, and bcrypt-hashed passwords—alongside 2.9 million IP address logs from more than 4 million accounts. Intruders attempted record corruption and account takeovers to seize valuable virtual assets. The breach followed an earlier unreported incident affecting 1.7 million accounts, which operators failed to adequately disclose for over a year due to ineffective notification mechanisms. Codey’s activities highlight risks associated with retained privileged access and insider threats in environments where digital assets hold tangible economic value. Operational security shortcomings allowed prolonged undetected access, exacerbating impacts on user privacy and platform integrity.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources