StarCitizen:January 2026 data breach

The January 202 leak was due to StarCitizen:Cloud Imperium Games being targeted by a systematic and sophisticated attack, resulting in unauthorized access to some backup systems, including limited access to metadata, contact details, username, date of birth, and name.<ref name=":0">Template:Cite RSI</ref>

No financial or payment information was stored in the affected systems and was not accessible. No passwords were impacted, and the access was read-only. No data-injection or modification occurred.<ref name=":0" />

CIG contained the activity and blocked further access to this data and CIG systems, and refreshed security settings to ensure that there is no threat to the games or users, while also taking steps to assess and detect whether any data that was accessed is released publicly. At the time, with no indications of any such activity.<ref name=":0" />

CIG has been criticized by players for downplaying the risks associated the leak of data such as contact details, name and date of birth that can be used for targeted phishing and scams, and it has been criticized for only sharing information about the leak at the beginning of March.<ref>CIG suffered small data breach it seems 2 months ago, r/starcitizen, reddit, 2026-03-02</ref><ref>Template:Cite RSI</ref>

• haveibeenpwned