I just received the following email:
We recently became aware of suspicious activity relating to some of Crytek’s websites, and acted quickly to take those websites offline for security reasons.
The sites listed below are currently offline:
The following Crytek sites remain online and are not affected by these issues:
If you have an account at crydev.net or mycrysis.com, you will be asked to change your password next time you log in. If you use your current password anywhere else online, we would also suggest that you reset it at those sites.
We are working on getting all websites fully operational again as soon as possible. Please accept our sincere apologies for any inconvenience.
The Crytek Team
If you visit any of those sites, you see:
Considering that you had to register to evaluate CryEngine, if you’ve looked at it, you are compromised. You need to authenticate to use CryEngine, so I wonder if all the devs are now dead in the water? What really annoys me about this announcement is they don’t tell you if the passwords were encrypted. At this point in time, any website that compromises user information without encrypting it, should be liable for any damages that occur! This is getting far too common.