The Denuvo anti-tamper software company has taken another hit to its reputation over the weekend, where it was discovered that there was a leak in its private messaging system. That leak was discovered by hackers and lead to a number of messages from developers and the general public appearing online.
The gap in Denuvo’s security appears to have been on its official domain, where a log file recorded a number of messages sent through the company’s web form since 2014. There is a lot of spam in there, as you might expect from any web form, but there are a number of legitimate messages in there too.
There are requests by developers for information on applying the Denuvo anti-tamper system to upcoming games, complaints from end-users that it has negatively impacted their games, including some death threats (thanks Ars). Worryingly for those that sent them, the log file also contains their email addresses. The fact that this was stored in a readable manner represents a strange security lapse for a firm who’s main job is protecting digital content.
Of course the security of a web form that was possibly put together by an outside contract firm, or a random IT manager years ago, doesn’t reflect on the security of the company’s main DRM software. It could impact its public image though, which could affect the usage of Denuvo in the future.
More interesting perhaps, is that the news of this leak does come around the time of the fastest crack in Denuvo’s history. Could it be that those who discovered this leak found something which helped them break open the anti-tamper system?
Discuss on our Facebook page, HERE.
KitGuru Says: Denuvo has been a very successful protective system for developers, but perhaps it’s starting to slip. What do you think?