Leak at Cloud Imperium Games
Cloud Imperium Games, developer of Star Citizen and Squadron 42, disclosed in March 2026 that a January attack on its backup systems gave intruders read-only access to player account data including names, usernames, dates of birth and contact details.
- Victim
- Cloud Imperium Games
On 2 March 2026, Cloud Imperium Games β the studio behind the crowdfunded space game Star Citizen and the single-player Squadron 42 β publicly disclosed a data breach that it had detected on 21 January 2026. The roughly six-week gap between detection and a low-key notice posted to the company's website drew criticism from players and commentators, who pointed to GDPR notification obligations.
The company described the incident as a "systematic and sophisticated attack" that gained unauthorized access to some of its backup systems. The access to user data was read-only: no data was injected or modified, and the intruders obtained a limited subset of basic account information.
Exposed data categories included:
- First and last name
- Username
- Date of birth
- Contact details and associated account metadata
Cloud Imperium stated that passwords and financial or payment information were not stored in the affected systems and were therefore not compromised. The studio did not specify how many accounts were affected, though its player base numbers in the millions. At the time of disclosure the company said it had found no indication that the accessed data had been published online and had received no ransom demand, indicating the incident was contained.
Sources
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/star-citizen-game-dev-discloses-breach-affecting-user-data/
- theregister.comhttps://www.theregister.com/2026/03/03/brit_games_studio_cloud_imperium/
- zataz.comhttps://www.zataz.com/piratage-de-cloud-imperium-games-les-joueurs-et-joueuses-de-star-citizen-et-squadron-42-en-danger/
- cybernews.comhttps://cybernews.com/security/cloud-imperium-data-breach/