Cyber Incident Victim: Multiplay

In March 2015, Multiplay, a UK-based gaming event hosting company known for organizing the Insomnia LAN gaming festival, experienced unauthorized access to multiple servers. The breach potentially exposed user account details, prompting the company to notify affected users via email and advise them to change their passwords. Multiplay, which had been acquired by UK retailer GAME earlier that month for £20 million, confirmed the cyberattack after some recipients questioned the legitimacy of the email due to its inclusion of a password reset link. The company used Twitter to validate the communication and instructed users to follow the provided guidance. No evidence indicated that profile information had been accessed, and the compromised systems did not store financial or payment details, eliminating direct risks of monetary loss.

Multiplay’s investigation revealed that passwords were stored in hashed form with salting, a security measure that appended random characters before hashing to prevent plaintext recovery. Despite this protection, the company recommended password changes as an additional precaution and urged users to update credentials for other accounts sharing similar passwords. The incident impacted users registered with Multiplay’s online services, which supported its 17-year operations spanning event hosting and systems development. While the breach’s origin and motive remained undisclosed, it occurred shortly after the GAME acquisition, a timing noted by external observers. The company’s public response focused on transparency through direct user communication and social media verification, though no technical specifics about the intrusion method or attacker identity were released. User account security measures and the absence of financial data exposure limited the incident’s operational and reputational consequences.