Cyber Incident Victim: Cloud Imperium Games
Date:
Jan 2026
Location:
United States of America
Summary
Cloud Imperium Games disclosed that attackers gained unauthorized access to some backup systems containing basic user account information such as metadata, contact details, username, date of birth and name, while confirming that no financial data, passwords or payment information were exposed and that the access was read‑only with no data modification. The company stated it found no evidence that the accessed data had been leaked and does not view the incident as a safety risk, but the disclosure was made only through a website notice without email or social‑media alerts, prompting criticism from users who noted the delay and expressed concern about the exposed personal information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Cloud Imperium Games, the developer behind Star Citizen and Squadron 42, was founded in 2012 by Chris Roberts and now operates five game studios with over 700 employees. Despite a Kickstarter campaign that raised more than $2 million for Star Citizen, the game has remained in early access for fourteen years. On 21 January 2026 the company detected a systematic and sophisticated attack that resulted in unauthorized access to some of its backup systems, which contained limited user personal data. The breach was discovered on that date and the company began investigating immediately.
The accessed data consisted of basic account details such as metadata, contact information, usernames, dates of birth and names; no financial or payment information was stored in the affected systems and no passwords were compromised. CIG stated that the intrusion was read‑only, with no data injection or modification occurring, and that it had contained the activity and blocked further access while refreshing security settings. The company said it had found no evidence that any of the accessed data had been leaked online and was continuing to monitor for any public release of the information.
CIG disclosed the breach in a notice posted on its website that was not prominently linked on the Roberts Space Industries front page, was not emailed to users, and did not appear on its social media channels; the notice surfaced as a pop‑up when players logged into their Star Citizen accounts. The disclosure came to wider attention after users reported it to tech site The Register, prompting criticism about the six‑week delay and the quiet nature of the announcement, although some supporters noted that similar timeframes have occurred in other incidents. While CIG maintained that the breach did not pose a safety risk to users, it acknowledged that threat actors could potentially use the exposed personal information in phishing attacks, and it said it was taking steps to assess and detect any future public release of the data.