DRM Maker Denuvo Doesn’t Bother Securing Its Web Form, Plain Text Log Leaks To The Web

If you loathe DRM in your gaming, then you’re probably going to enjoy this story. Denuvo, makers of some of the most notorious DRM protection around, doesn’t appear to do a good job in securing its Web servers, and has suffered a bit of embarrassment as a result.

On Sunday, logs that were publicly accessible on Denuvo’s servers hit the Web, and while this isn’t a typical “hacking” where usernames and passwords have made it out into the wild, this is still ridiculous: any message sent through the company’s Web form was unsecured, piled together in the same log that escaped Denuvo’s loose grasp.

Capcom’s Dead Rising 4

According to Ars Technica, numerous companies were found to have used this form to inquire about using Denuvo’s DRM in upcoming titles. Examples cited include Microsoft, alluding to its use in an upcoming Halo Wars, and Capcom, which did actually ship its recent title, Dead Rising 4, with Denuvo DRM on tap. There’s no telling if all of the inquiries are legit, however, as fake email addresses could be used (but let’s be real, most if not all were likely real).

Regardless of what you think about Denuvo’s product, one thing that can’t be denied is that it’s hugely unprofessional to store customer correspondence in what’s in effect a plain text file. A design like that might have been suitable back in 1995 when the Web was first beginning to take hold, but in 2017? That’s absurd in general, but for a company that bases its products around security? Sheesh.