Cyber Incident Victim: Raptr
Date:
Feb 2015
Location:
United States of America
Summary
A gaming service experienced a security breach compromising user data including names, email addresses, and hashed passwords, with potential exposure of first and last names. The service's CEO acknowledged the incident, warning that weak passwords remained vulnerable despite hashing and advising users to change reused credentials elsewhere. The platform, which integrated gaming chat services and optimization tools while powering a similar AMD application, maintained user reward points unaffected due to two-factor authentication protecting that system. The incident highlighted risks of password reuse across accounts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2015, Raptr, a gaming service platform, disclosed a security breach that exposed user credentials and personal information. Dennis Fong, Raptr's founder and CEO, announced the incident via a blog post, confirming unauthorized access to user names, email addresses, password hashes, and some first and last names. Fong emphasized that while the passwords were stored in hashed form, users with weak passwords faced heightened vulnerability. The company urged affected users to immediately change passwords on any external accounts where they had reused their Raptr credentials. Raptr apologized for the breach and committed to enhancing future account security measures. The breach impacted users of both the Raptr service and AMD Gaming Evolved, as Raptr's technology powered AMD's gaming client. No evidence suggested compromised Raptr Reward Points, which were protected by two-factor authentication. The incident did not disrupt Raptr's core functionalities, including its chat integrations with platforms like Facebook, Steam, and Yahoo! Instant Messenger, or its game optimization and clip-sharing features.
The breach highlighted risks associated with password reuse across multiple services, a concern amplified by contemporaneous incidents like the leak of nearly 2,000 plaintext Minecraft account credentials. Raptr, operational since 2007, functioned as a social hub for gamers, consolidating chat services while offering performance-tuning tools. The company’s transparent disclosure included specific guidance for users but did not reveal the attack vector, intrusion timeline, or number of affected accounts. No ransomware, financial theft, or secondary attacks leveraging the stolen data were reported in connection with the breach. Fong’s statement framed the risk as “pretty minimal” but maintained a cautionary stance regarding credential hygiene. The incident underscored the gaming industry’s attractiveness as a target for credential harvesting due to interconnected accounts and virtual economies.