Crytek Company CyberSecurity Posture

crytek.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Crytek is an independent videogame developer, publisher, and technology provider dedicated to pushing the boundaries of gaming with its cutting-edge 3D game development solution CRYENGINE. With headquarters in Frankfurt am Main (Germany) and studios in Kiev (Ukraine), and Istanbul (Turkey), Crytek has created multiple award-winning titles, including the original Far Cry, the Crysis series, Ryse: Son of Rome, Warface, The Climb, Robinson: The Journey and Hunt: Showdown. Crytek delivers fun and innovative gaming experiences for PC, consoles, and VR and continues to grow its reach in the games-as-a-service market. Every Crytek game is created with CRYENGINE, which can be used by anyone to create games. For more information visit www.crytek.com - www.cryengine.com and www.huntshowdown.com

Crytek A.I CyberSecurity Scoring

Crytek

Company Details

Linkedin ID:

crytek

Website:

http://www.crytek.com/

Employees number:

497

Number of followers:

77,031

NAICS:

51126

Industry Type:

Computer Games

Homepage:

crytek.com

IP Addresses:

Scan still pending

Company ID:

CRY_1287180

Scan Status:

In-progress

AI scoreCrytek Risk Score (AI oriented)

Between 600 and 649

https://images.rankiteo.com/companyimages/crytek.jpeg
Crytek Computer Games
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreCrytek Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/crytek.jpeg
Crytek Computer Games
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Crytek

Poor
Current Score
603
Caa (Poor)
01000
2 incidents
-123.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
726
Ransomware
29 Dec 2025 • Ubisoft and Crytek: Upcoming Ubisoft Games Like Splinter Cell Remake, Assassin's Creed Jade, Codename Hexe, Could Leak Due To This Data Breach, All You Need To Know
Ubisoft MongoBleed Data Breach

**Ubisoft Hit by Massive Data Breach via MongoBleed Exploit** Hackers have targeted Ubisoft in a significant security breach, exploiting the **MongoBleed** vulnerability—a method involving unsecured MongoDB databases with no authentication. According to a post on X (formerly Twitter), attackers exfiltrated over **900GB of data**, including the **source code for all Ubisoft products from 1990 to present**. The stolen material reportedly covers unreleased games, Uplay services, and other proprietary assets, with potential leaks of upcoming titles like *Splinter Cell Remake*, *Assassin’s Creed Jade*, and *Codename Hexe*. The breach occurred when hackers scanned the internet for exposed MongoDB ports, a common attack vector in the **MongoBleed** technique. While Ubisoft has not confirmed the incident, the hackers claimed to have held the data for **48 hours** before demanding a ransom. If the theft is verified, the leak could expose unreleased projects, development pipelines, and sensitive internal systems—posing a major risk to the company’s intellectual property. Game studios like Ubisoft are frequent targets due to their vast repositories of **source code, player databases, and live-service game data**, which are highly valuable to cybercriminals. Crytek was also reportedly affected in the same campaign. The incident underscores the ongoing threat posed by unsecured databases, particularly in industries handling large volumes of proprietary digital assets.

603
critical -123
UBICRY1766971965
Incident Details -
Type
Data Breach / Ransomware
Attack Vector
Exploiting open MongoDB ports with no authentication
Vulnerability Exploited
MongoBleed
Motivation
Financial gain (ransom) / Data exfiltration
Impact
Data Compromised: Over 900GB of data, including source code, unreleased builds, DLCs, and player databases Systems Affected: Ubisoft's internal databases, development environments, and live service game infrastructure Operational Impact: Potential disruption to game development and live services Brand Reputation Impact: Severe if unreleased projects are leaked
Response
Communication Strategy: No official confirmation from Ubisoft yet
Data Breach
Source code Unreleased builds DLCs Player databases Sensitivity Of Data: High (proprietary game code, unreleased projects) Data Exfiltration: Yes (900GB of data accessed for 48 hours) Source code files Game builds Databases
Recommendations
Implement authentication for MongoDB, restrict open ports, enhance monitoring for unauthorized access, and secure development environments.
Investigation Status
['Ongoing']
Initial Access Broker
Entry Point: Open MongoDB ports with no authentication High Value Targets: Source code, unreleased projects, player databases
Post Incident Analysis
Root Causes: Lack of authentication on MongoDB, unsecured open ports, inadequate monitoring
References
Blog URL Source URL
NOVEMBER 2025
726
OCTOBER 2025
725
SEPTEMBER 2025
724
AUGUST 2025
723
JULY 2025
723
JUNE 2025
722
MAY 2025
721
APRIL 2025
720
MARCH 2025
720
FEBRUARY 2025
719
JANUARY 2025
718
OCTOBER 2020
757
Ransomware
01 Oct 2020 • Crytek
Crytek Ransomware Attack

Crytek, a game developer, and publisher company was attacked by the Egregor ransomware gang in October 2020. The attackers encrypted the systems and stole files containing customers' personal info. A part of the stolen data was leaked on a data leak site.

647
critical -110
CRY181311222
Incident Details -
Type
Ransomware
Attack Vector
Ransomware
Motivation
Financial Gain
Impact
Data Compromised: Customers' personal info Systems Affected: Encrypted systems
Data Breach
Type Of Data Compromised: Customers' personal info Data Exfiltration: Yes Data Encryption: Yes Personally Identifiable Information: Yes
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Crytek is 603, which corresponds to a Poor rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 726.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 725.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 724.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 723.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 723.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 722.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 721.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 720.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 720.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 719.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 718.

Over the past 12 months, the average per-incident point impact on Crytek’s A.I Rankiteo Cyber Score has been -123.0 points.

You can access Crytek’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/crytek.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Crytek’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/crytek.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.