Cyber Incident Victim: Insomnia

In March 2015, Multiplay, a UK-based gaming events and online services company known for hosting the Insomnia LAN gaming festival, experienced unauthorized access to multiple servers. The breach potentially exposed user account details, prompting the company to notify affected users via email and advise them to change their passwords. Multiplay confirmed the incident occurred despite its systems storing passwords in a salted and hashed format, a security measure designed to obscure plaintext credentials by appending random characters before cryptographic hashing. The company stated no evidence suggested attackers accessed profile information, and no financial data was compromised since payment details were not stored on the affected accounts. Multiplay characterized the password reset request as precautionary due to the encrypted nature of the stored credentials.

The company faced initial skepticism from users who suspected phishing attempts due to the inclusion of a password reset link in the notification email. Multiplay validated the legitimacy of its communication through a public tweet on March 27, 2015, urging recipients to follow the instructions. The breach impacted an unspecified number of users with Multiplay accounts, though the exact scope of accessed data remained undetermined. Multiplay advised users to update credentials for other online accounts if they reused or employed similar passwords across platforms. No technical details regarding intrusion methods, attacker origins, or motives were disclosed by the company. The incident occurred shortly after Multiplay’s acquisition by UK retailer GAME for £20 million earlier that month, though no confirmed connection between the events was established by Multiplay in available communications.