More than 100,000 players hit by PlaySpan security breach

PlaySpan, which provides game sales and micro-transaction payment support for virtual goods in a myriad of games including World of Tanks, Guild Wars and previously Eve Online, has been breached by hackers who apparently swiped the personal information of millions of users and disseminated it online, according to Develop.

The information stolen includes user IDs, email addresses and encrypted passwords.

The PlaySpan Marketplace site, used for micro-transactions for more than 1,000 games, currently displays a message which reads: "The PlaySpan corporate site is undergoing system maintenance. We appreciate your patience and will be back online shortly."

There doesn't appear to be any mention of the breach or security risks on the site or in the site's press center, press releases or blog.

PlaySpan told Develop that it doesn't appear that hackers made off with any credit card, debit or pre-paid card information, they are still running an investigation and forensic analysis into the breach.

The spokesperson added that the service has been shut down while they conduct a full investigation into the break in.

Reached for comment this afternoon, Eve Online developers CCP told Polygon that they don't have a current relationship with PlaySpan and that their gamers shouldn't be impacted by the breach.

"There have been some misleading articles published this afternoon regarding a breach at a company called Playspan," according to the statement sent to Polygon. "CCP has no current relationship with Playspan. The only relationship we have ever had with Playspan is that in the past is they have resold ETCs.

"We do not share login information with any other company. The only way your credentials for EVE could be at risk is if you had set up an account at Playspan in which you re-used your email/EVE login credentials such as your username or password. If you have done such a thing we suggest you change your EVE password as a precautionary measure."

Guild Wars developers ArenaNet told Polygon that they've never used the service for micro-transactions or billing, but that they did sell Guild Wars products through the company's online store.

"ArenaNet does not use and has never used PlaySpan for billing or micro-transaction services inGuild Wars or Guild Wars 2," they wrote in a prepared statement. "We do not share account credentials with PlaySpan or any other company. As with any security issue, if players use the same credentials across multiple services and accounts, then that presents a risk to their account and we encourage them to change their password.

"This incident does highlight the importance of using strong, unique passwords for every account you wish to keep secure. For more information about account security, we encourage you to read this post by Mike O'Brien."

We've reached out to for comment and will update this story when they respond.

Update: PlaySpan sent us an official comment, noting that while they have more than two million customers with registered accounts, only about 117,000 of those accounts are active.

PlaySpan has detected and terminated illegal access to PlaySpan Marketplace user information. Importantly, there is no evidence any payment account - credit, debit, or prepaid card - data was accessed or exported from the PlaySpan network. However, user IDs, email addresses and encrypted passwords of Marketplace users were compromised.

When PlaySpan detected the breach, we immediately shut down the hacker's access to our systems and took steps to protect our customers' PlaySpan accounts. We then commenced a comprehensive forensic analysis and are working with law enforcement to investigate the crime.

As a precaution, we have already locked all user accounts and closed the PlaySpan Marketplace site.

Best on-line practices suggest it is always safest to use different passwords for different online activities, so that any single intrusion does not affect multiple accounts. Therefore, if customers happen to use their PlaySpan Marketplace log-in information at other websites, including their e-mail provider, we are encouraging them to reset those passwords.

In that regard, for those customers with PlaySpan Ultimate Pay accounts, we have implemented an automatic reset of all user passwords.

We sincerely apologize for any frustration or inconvenience this incident has caused our customers. We know PlaySpan's business depends on consumer trust. Security is a top priority for us, and we are redoubling our efforts to strengthen PlaySpan's overall system security.

Top Stories

More from Polygon

The horror of Five Nights at Freddy's

  • Dark Souls 2: Crown of the Old Iron King Overview

  • Spacecom: a fast 4X built for multiplayer

  • Pillars of Eternity builds on role-playing classics

  • Tour the 1 KB hard drive built inside Minecraft

Latest Discussions

Log In Sign Up

Log In Sign Up

Please choose a new Polygon username and password

As part of the new Polygon launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Polygon going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Polygon username and password

As part of the new Polygon launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Polygon going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.